Tuesday, November 23, 2010
But if there's one application that one might be tempted to apply this perspective, it's Safari. A French window all the more sensitive it is open to a world where hostility is not lacking. And then, Apple has fallen behind Google and its sensitive Chrome: it is fully designed to isolate processes from each other and HTML rendering extensions, is the concept of sandboxing, confinement in bins sand, literally.
Safari for Mac could give the impression to use the sandboxing for plug-ins like flash, but isolation is not complete - it is just there to prevent the component to crash the browser.
Mac OS X Lion could change somewhat the situation: a new process is associated with Safari, and it could be exclusively dedicated to rendering HTML, Safari Web Content (read: Safari 5.1: separate processes and WebGL). But it remains far from that Chrome isolates each tab in a dedicated process. And for Miller, Apple has "failed - or did not seek" to make regularly available for Safari updates made to its rendering engine, WebKit. As to better illustrate this assertion, Chrome has already enjoyed a patch for the vulnerability exploited in the last Pwn2Own to make him fall.
Wednesday, November 17, 2010
But it is on one side and holes on the other, the possibility of exploiting them. Mac OX 10.5, Apple introduced two devices to protect its operating system against this: the ASLR and DEP. The first, and Address Space Layout Randomization, is to introduce an element of chance in the distribution of data areas in virtual memory. And thus limit the possibilities of executing malicious code introduced in memory overflow the buffer, for example. DEP completes the first device by prohibiting the execution of injected code still in memory areas reserved for data. The DEP is closely tied to the hardware architecture of the computer.
In Mac OS X 10.5 and 10.6, the ASLR is too partial. Charlie Miller underlines that "there are many things that are not random, as the location of the dynamic linker [which deals with memory and seek to link shared libraries when an application is launched], or stack and heap [two areas in memory where some data are stored temporarily]. "And for the DEP, the situation is no better: it only applies to 64-bit process. Charlie Miller, he must report this to the world in the face: "In Windows, ASLR is complete and they have the DEP." And if, for Apple, the move to 64 bit improves security for Miller " this makes the circumvention of DEP that more difficult. "But not impossible.
Certainly, as pointed out Charlie Miller, Apple has made available to developers - and uses in Safari - tools from further strengthen security: "canary." These are reference values that are placed in a buffer and to verify the data stored in the stack to monitor potential buffer overflows, the first data corruption in this case to just be the canary. But again, the expert pointed out that using this type of security systems based on the specific compiler may require a migration to environment and development is not entirely suited to large projects with a strong history.
Wednesday, November 10, 2010
The reputation is not everything. And, as usual, Mac OS X did not fail to fail at the last edition of Pwn2Own at CanSecWest. This time, it is the French Security VuPen who managed to find and exploit a flaw in WebKit HTML rendering engine of Safari - in particular.
It must be said that VuPen has made a specialty of so-called "intrusion friendly" or, in other words, the penetration test. Among the clients VuPen Security include including Microsoft, Shell, Sagem or IGN. Their job is the testing of security policies applied to information systems. Teams efficient enough that during the 2009 conference on Security Workshop VuPen has sold out and has attracted the interest of representatives from the retail, telecommunications, or the Army.
For IOS, it's even Safari which served as a gateway. And it's a regular who has taken on the task: Charlie Miller. Security analyst at Independent Security Evaluators, Charlie Miller has been awarded four times during Pwn2Own. Twitter, he describes himself as "Mr. Apple 0-day", ie one that runs from previously unknown flaws in the software firm at the apple. A specialty of Miller, the Fuzzing. An approach to vulnerability research developed mainly by Ari Takanen, CTO of Codenomicon Finnish. Jared DeMott, Charlie Miller, he co-authored a book dedicated to the subject, "Fuzzing, for software security testing and quality assurance", published in 2008 by Artech House. At the end of the book, a case study is also devoted to the search for vulnerabilities in QuickTime Player.
The basic concept of Fuzzing is relatively simple: it is looking application interfaces accessible from the outside and saturate the corrupted data - in the sense that they are not consistent with what the application is supposed to address - and then see what happens ... In a way, we can see a parallel here with the compromise of websites SQL injection: in both cases, the software is not adequately protected against attempts injection data does not correspond to that it must wait for a legitimate user ...
Last year, Charlie Miller stressed in particular that OS X "has a broad surface attack involving open source components, third party components closed [with Flash], and Apple closed components [Preview, etc.].." Each of these software elements can be an attack vector. Recently, as part of an interview with German magazine Heise, he explains his stubbornness to attack Apple's software: "I use various Apple products and it is in my interest that they are as safe as possible [. ..] If you listen that Apple (or Mac fan boys) you believe that Macs are impossible to hack, which is not the case. "
Especially for him, it is important to know the faults to measure the level of software security, it does not boil down to this: "you must take into account those who threaten you, the resources available to them. "So, for him too, right now," a Mac with Snow Leopard is the safest choice [to surf the Internet] mainly because of its market share. "But the Mac's OS is it more secure? No, he answers without reservation: "In my experience, it was easier to find and exploit vulnerabilities in Mac OS X systems in modern Windows (Vista and 7)." Indeed for him, Web browser is the safest Chrome, Google. And recommend the passage of any extension disable unnecessary.
Thursday, November 4, 2010
Mac OS X1 is a line of proprietary operating systems developed and marketed by Apple, whose latest version (Mac OS X v10.6, "said Snow Leopard) is installed on all Macintosh computers sold today. Mac OS X is known for its simplicity, reliability and user friendliness. Apple engineers had only one ambition for Snow Leopard: Making a marvel of a prodigy. It is more reactive bottom-up and performance has improved at all levels. It offers new features like Spotlight search customization options and an improved icon view that can browse a document or watch a QuickTime movie.
The sixth version of Mac OS X, even if appearance does not seem to be a real "revolution", just a "big update" of Leopard 10.5. However, major changes under the hood ": deletion of PPC, 64 bit, new Finder, Grand Central Dispatch "," OpenCL " etc.... This is another milestone in the long and sometimes tumultuous development of Mac OS X. OS X is more reliable, smoother, faster! It is always possible to use some good old software like "AppleWorks". SNOW LEOPARD does, however, more on Mac PowerPC processor (G3, G4, G5) and only works INTEL Mac. PPC Mac owners will have breaking the bank to taste the joys of " Snow Leopard."
Saturday, October 30, 2010
In January 1998, Jobs announced the first positive result for over a year. In May, he presented the next release of a new type of Mac: iMac, offering a compromise between power and money to satisfy basic users. He also explained that the project would be based not only MacOS X Rhapsody (NeXT technology) but also on MacOS 8.
The year 1998 was a year of profit for Apple iMacs are selling like hotcakes. In 1999, the output of the PowerMac G3 Blue and the announcement of the release of the iBook kept up the wave motion. Then came the announcement of the generation of G4 PowerMacs.
In January 2000, the release of iTools Internet tools dedicated, demonstrated the new strategy strongly oriented Internet firm to Apple, as Steve Jobs announced that he remained at the head of the company.
Monday, October 25, 2010
In late 1996, while the situation has not changed, Apple announced the acquisition of NeXT and the re-integration of former CEO Steve Jobs. This merger was to integrate the core NeXTStep development of future MacOS (Rhapsody project, scheduled for 1998). In early 1997, Amelio was forced to resign after failing to regain control. Jobs then found himself assigned duties to wider society, and did not need to pray for decisions to restructure the firm at the apple.
In August 1997, at the Boston MacWorld, Jobs turned his speech in a tone of novelty and change, including the announcement of new advertising campaigns, new Macs, the progress of Rhapsody, and especially to an agreement spent with Microsoft. This agreement allows both companies to exchange patent for 5 years, Apple offered $ 150 million in shares to Microsoft, and Microsoft paid an undisclosed sum to Apple's intellectual property problems emerged during the development of Windows.
On the clones, which eventually flew more customers to Apple without increasing sales of Macs, Jobs took the decision to recover the licenses that were granted, thereby halting the production of manufacturers.
In November 1997, Jobs announced that the sale of Macs would also now live: online or by telephone, and the output of Power Mac and PowerBook G3.