| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Hackers steer clear of Google Chrome, say too challenging | |
|
||
| Time: 12:15 EST/17:15 GMT | News Source: ZDNet | Posted By: Robert Stein | ||
|
At the CanSecWest security conference in Vancouver BC, hackers were invited to find and exploit holes in modern browsers. A popular target for hackers at this year’s conference was Safari on a Mac — definitely the lowest hanging fruit. Charlie Miller explains that it’s not whether a product has holes (all of them do), its how easy it is to exploit those holes — and on a Mac, it’s very simple. | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 301 Last | Next |
The time now is
12:30:06 PM
ET.
Any comment problems? E-mail us |
| #1 By 23275 (24.196.4.141) at 3/24/2009 12:43:17 PM |
|
for those that think that google is doing anything unique from IE7/8 on Vista, or Windows 7,
think again, http://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html They're getting a bucket load of credit that should go to Microsoft. See also items 9 and 10 of my favorite things about Vista written when it released in 06. http://blog.libertech.net/blogs/lketchum/archive/2007/05/23/top-ten-things-i-love-about-windows-vista.aspx Specifically, 10 - Windows Vista's Integrity Mechanism Windows Vista includes an addition to the access control security mechanism of Windows that labels processes and other securable objects with an integrity level. Internet-facing programs are at higher risk for exploits than other programs because they download untrustworthy content from unknown sources. Running these programs with fewer permissions, or at a lower integrity level, than other programs reduces the ability of an exploit to modify the system or harm user data files. Internet Explorer 7 in Windows Vista uses the Integrity Mechanism and it is what is behind IE 7's Protected Mode. But That is only the beginning - ANY developer has access to the tools that make this possible and it gets better, any single process may be executed in this space, or any grouping of them - so the parts of an application that face the Internet should use them. Think of these as objects, or securable objects in MS speak - see, http://msdn2.microsoft.com/en-us/library/aa379557.aspx also see, http://msdn.microsoft.com/library/default.asp?url=/library/en-us/IETechCol/dnwebgen/ProtectedMode.asp 9 - User Interface Privilege Isolation (UIPI) prevents processes from sending selected window messages and other USER APIs to processes running with higher integrity. If UAC and Protected Mode are straight rights in Vista's security arsenal, the UIPI is one of Vista's stiff jabs. UIPI continually counters attempts to escalate processes and it keeps bad-guy-code off balance. At the same time, it provides developers with an easy way to check process escalation without burning the user experience. Go here to learn how to use it, http://msdn2.microsoft.com/en-us/library/ms644950.aspx Take special note of Google's own admissions: How does the sandbox work? The sandbox uses the security features of Windows extensively; it does not reinvent any security model. To understand how it works, one needs a basic understanding of the Windows security model. With this model all processes have an access token. This access token is like an ID card, it contains information about the owner of the process, the list of groups that it belongs to and a list of privileges. Each process has its own token, and the system uses it to deny or grant access to resources. These resources are called securable objects. They are securable because they are associated with an access control list, or security descriptor. It contains the security settings of the object. The list of all the users and groups having access to the resource, and what kind of access they have (read, write, execute, etc) can be found there. Files, registry keys, mutexes, pipes, events, semaphores are examples of securable objects. |
| #2 By 92283 (70.67.3.196) at 3/24/2009 12:52:13 PM |
|
"Let me correct something. It was a Firefox on Mac OS X vulnerability and exploit.
The bug does affect Windows but, honestly, it’s way harder to get the code to run reliably on Windows. That’s the reason I did my Firefox attack on the Mac. I’m not allowed to talk about it but, for that bug, to get real exploitation on Windows is difficult because of ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). On the Mac, I could trigger it and exploit it easily." http://blogs.zdnet.com/security/?p=2951 |
| #3 By 15406 (216.191.227.68) at 3/24/2009 3:37:22 PM |
|
Nils says Hi!
|
| #4 By 23275 (24.196.4.141) at 3/24/2009 8:43:53 PM |
|
Latch, the subject deserves a better response from you than that. Clearly and flatly, our industry press has given Google credit it does not directly deserve and a pass on top of it.
That takes nothing from Nils' work, or his decision not to target Google's Chrome. When asked, in an indirect way, the exchange went this way: Did you use the Dowd/Sotirov techniques from Black Hat last year? I really appreciated their work [smiles]. (from Ryan Naraine @ 5:25 am at Zdnet Blogs) So, a Browser Memory Protection Bypasses has been discovered in pre-RTM IE8 on Win7 BETA. The question is then: "does this bypass also apply to Chrome, or is it unique to pre-RTM IE8?" There one tell to suggest that does not - in that the exploit would not work on Vista and IE 7 - this is telling and insteresting. (Hmmm, so it wasn't COM/DCOM....) It seems that Nils found a flaw that provided for process escalation out of Protected Mode and around UAC in the BETA. I wonder if it would work in later builds 48, or 57? |
| #5 By 15406 (99.240.65.32) at 3/24/2009 9:42:27 PM |
|
#4: These guys don't just show up on the day of the event and then dither about what they're going to do. They plan in advance. I suspect that if Nils could have used the same hack to penetrate Chrome, he would have and walked away with more money & hardware. In your usual rush to praise Microsoft, I don't think you give Google enough credit. Despite all the protections, IE was compromised and Chrome was not. Despite that, you portray it as a feather in Windows' cap. Bizarre.
There one tell to suggest that does not - in that the exploit would not work on Vista and IE 7 How do you know this? |
| #6 By 23275 (24.196.4.141) at 3/24/2009 10:39:41 PM |
|
There one tell to suggest that does not - in that the exploit would not work on Vista and IE 7
How do you know this? Because Nils said exactly that. I quote: "Does it affect earlier versions of IE? I don’t know. I wasn’t able to trigger it in IE 7" end quote. I want to know if the process was brokered by the UIPI at all? That's the question and if not, why not? As I wrote two years ago, the methods and tools to take advantage of securable objects, and the UIPI are available for all developers - they are very well documented. I'm glad Google uses them in Chrome and wish FF and Safari would, too. In fact, I'd like to see all applications that face the Internet in any way, use them. |
| #7 By 23275 (24.196.4.141) at 3/24/2009 10:49:17 PM |
|
there's another interesting comment made that also suggests it was not COM/DCOM and does not work in IE 7 on Vista.
Nils noted that with new features come new vulnerabilities - or words to that effect. True. So one of the new features with a bypass flaw in pre-RTM IE8 and perhaps IE 8 RTM, may have been found - accelerators? Slices? In Private Browsing? Suggested Sites? Hard to say and it will be very interesting to learn what it was and I think we will, soon - MS started on validations nearly immediately and is likely working up a patch. This Nils fellow is really something - brilliant and responsible. I'm glad he's on the "good team" and working to see software patched and made more secure. He deserves high praise in all regards. There are those that have been critical of him for sitting on an OS X/Safari bug for a year, but seriously... would anyone in the Apple camp really listen to him...? It does seem that if anyone so much as peeps about an Apple product, that large numbers of fans jump them... So I don't fault him for remaining silent about it and he as said clearly, he expects to be rewarded for his work Good. Good on him and for him. |
| #8 By 37 (192.251.125.85) at 3/25/2009 7:07:54 AM |
| IE8 > Chrome > FF 3.01 > IE7 |
|
Write Comment
Return to News |
Displaying 1 through 25 of 301 Last | Next |
The time now is
12:30:07 PM
ET.
Any comment problems? E-mail us |
