Monday, November 29, 2010

Change of strategy



Overall, the whole approach of the Apple security that Charlie Miller and castigated early March, although he conceded being "somewhat responsive to bugs that has been providing it with:" Apple does not pay security researchers. Apple assumes that it has no security problem and did not need to work with researchers. "Worse, he said," Apple is certainly capable of producing a safe product, but do just not yet made the effort. "And, in fact, Apple may have changed his tune: he moreover subject - among others - pre-release version of Mac OS X Leo.

In addition, Apple has recently recruited several experts in computer security: David Rice, a former NSA, Ivan Krstic, former director of the OLPC, or Windows Snyder, who has contributed to strengthening the security of Firefox.

And he has this apparent convergence between Mac OS X iOS. Apple uses sandboxing widely within IOS, but not in Mac OS X, maybe it will evolve. ALSR arrived in IOS with version 4.3, its use may be extended with Leo. Code signing is also utilized to secure iOS. With the Mac App Store, it used to protect applications distributed through this, against piracy. But perhaps Apple plans to go further ...

Tuesday, November 23, 2010

Safari, a victim of his age?



But if there's one application that one might be tempted to apply this perspective, it's Safari. A French window all the more sensitive it is open to a world where hostility is not lacking. And then, Apple has fallen behind Google and its sensitive Chrome: it is fully designed to isolate processes from each other and HTML rendering extensions, is the concept of sandboxing, confinement in bins sand, literally.
Safari for Mac could give the impression to use the sandboxing for plug-ins like flash, but isolation is not complete - it is just there to prevent the component to crash the browser.

Mac OS X Lion could change somewhat the situation: a new process is associated with Safari, and it could be exclusively dedicated to rendering HTML, Safari Web Content (read: Safari 5.1: separate processes and WebGL). But it remains far from that Chrome isolates each tab in a dedicated process. And for Miller, Apple has "failed - or did not seek" to make regularly available for Safari updates made to its rendering engine, WebKit. As to better illustrate this assertion, Chrome has already enjoyed a patch for the vulnerability exploited in the last Pwn2Own to make him fall.

Wednesday, November 17, 2010

Faults! Yes, but it is still necessary to exploit ...



But it is on one side and holes on the other, the possibility of exploiting them. Mac OX 10.5, Apple introduced two devices to protect its operating system against this: the ASLR and DEP. The first, and Address Space Layout Randomization, is to introduce an element of chance in the distribution of data areas in virtual memory. And thus limit the possibilities of executing malicious code introduced in memory overflow the buffer, for example. DEP completes the first device by prohibiting the execution of injected code still in memory areas reserved for data. The DEP is closely tied to the hardware architecture of the computer.

In Mac OS X 10.5 and 10.6, the ASLR is too partial. Charlie Miller underlines that "there are many things that are not random, as the location of the dynamic linker [which deals with memory and seek to link shared libraries when an application is launched], or stack and heap [two areas in memory where some data are stored temporarily]. "And for the DEP, the situation is no better: it only applies to 64-bit process. Charlie Miller, he must report this to the world in the face: "In Windows, ASLR is complete and they have the DEP." And if, for Apple, the move to 64 bit improves security for Miller " this makes the circumvention of DEP that more difficult. "But not impossible.

Certainly, as pointed out Charlie Miller, Apple has made available to developers - and uses in Safari - tools from further strengthen security: "canary." These are reference values that are placed in a buffer and to verify the data stored in the stack to monitor potential buffer overflows, the first data corruption in this case to just be the canary. But again, the expert pointed out that using this type of security systems based on the specific compiler may require a migration to environment and development is not entirely suited to large projects with a strong history.

Wednesday, November 10, 2010

Apple and security issues



The reputation is not everything. And, as usual, Mac OS X did not fail to fail at the last edition of Pwn2Own at CanSecWest. This time, it is the French Security VuPen who managed to find and exploit a flaw in WebKit HTML rendering engine of Safari - in particular.

It must be said that VuPen has made a specialty of so-called "intrusion friendly" or, in other words, the penetration test. Among the clients VuPen Security include including Microsoft, Shell, Sagem or IGN. Their job is the testing of security policies applied to information systems. Teams efficient enough that during the 2009 conference on Security Workshop VuPen has sold out and has attracted the interest of representatives from the retail, telecommunications, or the Army.

For IOS, it's even Safari which served as a gateway. And it's a regular who has taken on the task: Charlie Miller. Security analyst at Independent Security Evaluators, Charlie Miller has been awarded four times during Pwn2Own. Twitter, he describes himself as "Mr. Apple 0-day", ie one that runs from previously unknown flaws in the software firm at the apple. A specialty of Miller, the Fuzzing. An approach to vulnerability research developed mainly by Ari Takanen, CTO of Codenomicon Finnish. Jared DeMott, Charlie Miller, he co-authored a book dedicated to the subject, "Fuzzing, for software security testing and quality assurance", published in 2008 by Artech House. At the end of the book, a case study is also devoted to the search for vulnerabilities in QuickTime Player.

The basic concept of Fuzzing is relatively simple: it is looking application interfaces accessible from the outside and saturate the corrupted data - in the sense that they are not consistent with what the application is supposed to address - and then see what happens ... In a way, we can see a parallel here with the compromise of websites SQL injection: in both cases, the software is not adequately protected against attempts injection data does not correspond to that it must wait for a legitimate user ...

Last year, Charlie Miller stressed in particular that OS X "has a broad surface attack involving open source components, third party components closed [with Flash], and Apple closed components [Preview, etc.].." Each of these software elements can be an attack vector. Recently, as part of an interview with German magazine Heise, he explains his stubbornness to attack Apple's software: "I use various Apple products and it is in my interest that they are as safe as possible [. ..] If you listen that Apple (or Mac fan boys) you believe that Macs are impossible to hack, which is not the case. "

Especially for him, it is important to know the faults to measure the level of software security, it does not boil down to this: "you must take into account those who threaten you, the resources available to them. "So, for him too, right now," a Mac with Snow Leopard is the safest choice [to surf the Internet] mainly because of its market share. "But the Mac's OS is it more secure? No, he answers without reservation: "In my experience, it was easier to find and exploit vulnerabilities in Mac OS X systems in modern Windows (Vista and 7)." Indeed for him, Web browser is the safest Chrome, Google. And recommend the passage of any extension disable unnecessary.

Thursday, November 4, 2010

Mac OS



Mac OS X1 is a line of proprietary operating systems developed and marketed by Apple, whose latest version (Mac OS X v10.6, "said Snow Leopard) is installed on all Macintosh computers sold today. Mac OS X is known for its simplicity, reliability and user friendliness. Apple engineers had only one ambition for Snow Leopard: Making a marvel of a prodigy. It is more reactive bottom-up and performance has improved at all levels. It offers new features like Spotlight search customization options and an improved icon view that can browse a document or watch a QuickTime movie.

The sixth version of Mac OS X, even if appearance does not seem to be a real "revolution", just a "big update" of Leopard 10.5. However, major changes under the hood ": deletion of PPC, 64 bit, new Finder, Grand Central Dispatch "," OpenCL " etc.... This is another milestone in the long and sometimes tumultuous development of Mac OS X. OS X is more reliable, smoother, faster! It is always possible to use some good old software like "AppleWorks". SNOW LEOPARD does, however, more on Mac PowerPC processor (G3, G4, G5) and only works INTEL Mac. PPC Mac owners will have breaking the bank to taste the joys of " Snow Leopard."