Joel Bennett on 2009-03-20
You'd think this guy was getting paid by the number of times he disses Mac and pimps Firefox on Windows...
This link has been bookmarked by 5 people . It was first bookmarked on 20 Mar 2009, by Ronnie LeDondo.
-
05 Apr 09
FK_name FK_nameOn a scale of 1-10, how impressive was the Nils’ sweep of exploiting all three main browsers?
I was surprised. For IE 8, I’d give him a 9 out of 10. For Safari, maybe a 2. It’s just too easy to pop Safari. For Firefox on Windows, I give him a 10. That was the most impressive of the three. It’s really hard to exploit Firefox on Windows.
Really? What’s the difference between what you can do on IE but can’t do on Firefox?
The technique he used works against IE but not Firefox. It allows you to place code in a specific spot in memory. Mark Dowd and Alex Sotirov talked about this at last year’s Black Hat. You can use a technique to make .net not opt into the mitigations and jump over hurdled easily. With Firefox, you can’t do that.
For all the browsers on operating systems, the hardest target is Firefox on Windows. With Firefox on Mac OS X, you can do whatever you want. There’s nothing in the Mac operating system that will stop you.
You talked earlier about the value of vulnerabilities. Was it a surprise that he (Nils) basically gave up three “high-value” bugs for $5,000 each?
It’s clear he’s incredibly talented. I was shocked when I saw someone sign up to go after IE 8. You can get paid a lot more than $5,000 for one of those bugs. I’ve talked to a lot of smart, knowledgeable people and no one knows exactly how he did it. He could easily get $50,000 for that vulnerability. I’d say $50,000 is a low-end price point.
For the amount of time he spent to do what he did on IE and Firefox, he could have found and exploited five or 10 Safari bugs. With the way they’re paying $5,000 for every verifiable bug, he could have spent that same time and resources and make $25,000 or $30,000 easily just by going after Safari on Mac. -
20 Mar 09
-
-
It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.
-
For all the browsers on operating systems, the hardest target is Firefox on Windows. With Firefox on Mac OS X, you can do whatever you want. There’s nothing in the Mac operating system that will stop you.
-
-
-
-
Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work)
-
Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.
-
Public Stiky Notes
Would you like to comment?
Join Diigo for a free account, or sign in if you are already a member.