1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

News Pwn2Own defeats Firefox, Safari, IE8, and iPhone

Discussion in 'Article Discussion' started by CardJoe, 25 Mar 2010.

  1. nakchak

    nakchak New Member

    Joined:
    20 Mar 2005
    Posts:
    36
    Likes Received:
    1
    Doubtful tbh, just look at the 0day the other day, overflow caused by new WOFF feature, no script wouldnt protect against that, a lot of these overflows are cuased by file handling and exploiting plugins to handle aditional content rather than it being a bug in the rendering and javascript engines

    Even a sandbox wouldnt protect if the fault is located in a plugin, and the plugin dev decides not to follow bestpractice or circumvent security measusre (adobe) then ur boned anyway
     
  2. dyzophoria

    dyzophoria Member

    Joined:
    3 May 2004
    Posts:
    392
    Likes Received:
    1
    sometimes its good to see things like these, developers will just continue to better their programs in terms of security ( dunno bout apple though, honestly they dont seem to care much, a bug is found, they fix it months later and I doubt they are doing anything to improve their security)
     
  3. Sebbo

    Sebbo New Member

    Joined:
    28 May 2006
    Posts:
    200
    Likes Received:
    0
    to wipe the smug smiles off their faces? :- P

    /. has an update on this where apparently Miller is wanting to show the developers how to find the vulnerabilities rather than just what they are
     
  4. chtun

    chtun New Member

    Joined:
    26 Mar 2010
    Posts:
    1
    Likes Received:
    0
    You're definitely wrong, NoScript did protect specifically against the WOFF bug, like it did with 99% of the Firefox vulnerabilities seen so far and with almost 100% of the working exploits, since they usually require also Javascript-based or plugin-based heap spraying.

    Here's why NoScript has been blocking web fonts by default for a long time now.
     
  5. rickysio

    rickysio N900 | HJE900

    Joined:
    6 Jun 2009
    Posts:
    964
    Likes Received:
    5
    But the fact remains that Mac users do not use anti viruses, so why would you target the harder target? Target the fools who are still oblivious, and perhaps your infection rate will shoot through the roof.
     
  6. RichCreedy

    RichCreedy Hey What Who

    Joined:
    24 Apr 2009
    Posts:
    4,699
    Likes Received:
    172
    because it wouldn't be a challenge
     
Tags: Add Tags

Share This Page