Safari Security Claims Ignite Controversy
Posted by Daniel Fleshbourne on 13 June 2007 - 09:23 · 42 comments & 10640 views
About the Author
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Full name: Daniel Fleshbourne
Forum name: Daniel
Contact: via forum PM
Submissions: Normal · Headline
Slashdot It!
Submit to reddit
Submit to blinklist
Bookmark on del.icio.us
Add to furl
Share on Facebook
Add to Windows Live
Add to Google- Advertisement
-
-
(2 replies)
#1 Posted by Fahim S on 13 Jun 2007 - 10:32
- this says to me that the reason that Mac OS doesn't suffer from more security issues, is because of less people trying to hack it. Otherwise surely the four Mac and PC vulnerabilities would have been found earlier?
I disagree with the fact that there are no advanced security features in OS/X, although there could be more... -
#1.1 Posted by BigBoy on 13 Jun 2007 - 10:35
- I totally agree with you, 100%, on both points.
Apple making Windows software that is a hot target will be a very big headacke for them IMO.
-
(2 replies)
#2 Posted by bobbba on 13 Jun 2007 - 10:50
- Wow, software that has vulnerabilties what will they discover next...
. -
#2.1 Posted by Jugalator on 13 Jun 2007 - 14:19
- That was in no way the moral of this story. :p
It's even in the preamble:
Quote -Security researchers have already found eight bugs in the Windows version of Safari Apple released on Monday. They're blaming Apple's "hostile attitude towards security researchers" for the problems.
That's pretty much what the researchers are trying to tell you, not that it's strange that they found bugs. -
#2.2 Posted by whocares78 on 18 Jun 2007 - 04:08
- Quote - (Jugalator said @ #2.1)That was in no way the moral of this story. :p
It's even in the preamble:Quote -Security researchers have already found eight bugs in the Windows version of Safari Apple released on Monday. They're blaming Apple's "hostile attitude towards security researchers" for the problems.
That's pretty much what the researchers are trying to tell you, not that it's strange that they found bugs.
it's tellign me mac is in denial and always has been when it comes to security, but yes "but the bugs found in the beta copy of Safari on Windows work on the production copy on OS X as well" tells me that pople actually try hack winodws stuff.
-
(1 reply)
#3 Posted by Iridium on 13 Jun 2007 - 11:08
- OMG get off you high horses. Apple is deliberately being targeted because the only people with the expertise capable of exposing such floors use windows and now crapple is brining software to their doorstep and challenging them by saying that safe from day 1. Steve's smugness/ arrogance is going to cost with security analysts threatening not to reveal such floors to vendors who put so much marketing and spin on things.
payback is sweet
PS windows vista is the most secure commercial operating system by secunia reports. -
#3.1 Posted by whocares78 on 19 Jun 2007 - 01:54
- too bad it sux in every other possible way
-
#4 Posted by Kushan on 13 Jun 2007 - 11:11
- I hope this will at least enlighten the people who think that everything made by apple is secure.
It also gives Apple less reason to bitch about Microsoft since even THEY can't write secure software.
But no doubt the Apple marketing Machine will spin this around and we'll see a press release from them soon saying something like "We wouldn't have this problem if windows was more secure", you know, like they did when their ipods were found to be harbouring viruses.
-
(6 replies)
#5 Posted by
markjensen on 13 Jun 2007 - 11:14
- Hey, it's beta. I have been told that this is all ok.
Just slap a "beta" label on it, and hide behind that word. -
#5.1 Posted by Powerless on 13 Jun 2007 - 19:40
- Quote - (markjensen said @ #5)Hey, it's beta. I have been told that this is all ok.
Just slap a "beta" label on it, and hide behind that word.
Then we no longer need beta's right? -
#5.2 Posted by black_death on 13 Jun 2007 - 22:04
- Quote - (Powerless said @ #5.1)Then we no longer need beta's right?
There's nothing wrong with betas but there is something wrong with making a press release about your beta fully knowing its gonna be all over the news then crying "Beta!" when bugs are found. -
#5.3 Posted by +rm20010 on 13 Jun 2007 - 22:46
- Apple is taking hints from the king of betas. Google.
-
#5.4 Posted by Poof on 14 Jun 2007 - 05:14
- Quote - (markjensen said @ #5)Hey, it's beta. I have been told that this is all ok.
Just slap a "beta" label on it, and hide behind that word.
Actually, who cares if it's "beta" ... The exploits are reported to work in OSX ... -THAT- version isn't beta, now is it? =P -
#5.5 Posted by black_death on 14 Jun 2007 - 20:27
- Quote - (Poof said @ #5.4)Actually, who cares if it's "beta" ... The exploits are reported to work in OSX ... -THAT- version isn't beta, now is it? =P
bbuuuuuuurrrrrrnnnnnnnnn -
#5.6 Posted by whocares78 on 18 Jun 2007 - 04:13
- just get over it, yes it's beta and yes beta always has known issues, seeing a lot of you just don't get it
http://en.wikipedia.org/wiki/Development_stage
-
(6 replies)
#6 Posted by betasp on 13 Jun 2007 - 12:20
- David Maynor lost all creditability with his last stunt. He obviously has an agenda. It is good to put security vulnerabilities on the table but it best to do it in a responsible way.
His quote ""If a vendor answers a vulnerability disclosure with marketing and spin attempts, we no longer report vulnerabilities to that vendor." wreaks of more arrogance a irresponsibility than anything Apple has done. -
#6.2 Posted by Fanon on 13 Jun 2007 - 13:12
- "wreaks of more arrogance a irresponsibility than anything Apple has done"
Come again? He reported flaws; Apple, instead of saying "we f0cked up", spun it as "it's not our fault". I wouldn't want to report anything to them, either. -
#6.3 Posted by betasp on 13 Jun 2007 - 13:41
- Quote - (betasp said @ #6)David Maynor lost all creditability with his last stunt. He obviously has an agenda. It is good to put security vulnerabilities on the table but it best to do it in a responsible way.
His quote ""If a vendor answers a vulnerability disclosure with marketing and spin attempts, we no longer report vulnerabilities to that vendor." wreaks of more arrogance a irresponsibility than anything Apple has done.
How is he helping security? Do you think anymore than 10% of people who may actually use Safari will ever get the message of the vulnerabilities?
By publicizing the vulnerabilities he is merely bringing attention to himself rather than helping create an environment that is more secure. He also refuses to report issues to Apple because he doesn't like the way the treat the report and how they respond to him... that is arrogant and irresponsible. How about be responsible and do your due diligence. He is supposed to be a researcher, not a hacker. Report the issue to Apple and let them know that in 30 days the issues will be made available to the public. -
#6.4 Posted by shift4 on 13 Jun 2007 - 16:26
- Quote - (betasp said @ #6.3)Quote - (betasp said @ #6)David Maynor lost all creditability with his last stunt. He obviously has an agenda. It is good to put security vulnerabilities on the table but it best to do it in a responsible way.
His quote ""If a vendor answers a vulnerability disclosure with marketing and spin attempts, we no longer report vulnerabilities to that vendor." wreaks of more arrogance a irresponsibility than anything Apple has done.
How is he helping security? Do you think anymore than 10% of people who may actually use Safari will ever get the message of the vulnerabilities?
By publicizing the vulnerabilities he is merely bringing attention to himself rather than helping create an environment that is more secure. He also refuses to report issues to Apple because he doesn't like the way the treat the report and how they respond to him... that is arrogant and irresponsible. How about be responsible and do your due diligence. He is supposed to be a researcher, not a hacker. Report the issue to Apple and let them know that in 30 days the issues will be made available to the public.
Isn't that how the mac survives? Just ignore any security risks and don't report the ones you find. Just ignore the missing wall on the building. It's raining outside but pretend it's still there. If you ignore it, no one will notice. -
#6.5 Posted by betasp on 13 Jun 2007 - 23:00
- Quote - (shift4 said @ #6.4)Quote - (betasp said @ #6.3)Quote - (betasp said @ #6)David Maynor lost all creditability with his last stunt. He obviously has an agenda. It is good to put security vulnerabilities on the table but it best to do it in a responsible way.
His quote ""If a vendor answers a vulnerability disclosure with marketing and spin attempts, we no longer report vulnerabilities to that vendor." wreaks of more arrogance a irresponsibility than anything Apple has done.
How is he helping security? Do you think anymore than 10% of people who may actually use Safari will ever get the message of the vulnerabilities?
By publicizing the vulnerabilities he is merely bringing attention to himself rather than helping create an environment that is more secure. He also refuses to report issues to Apple because he doesn't like the way the treat the report and how they respond to him... that is arrogant and irresponsible. How about be responsible and do your due diligence. He is supposed to be a researcher, not a hacker. Report the issue to Apple and let them know that in 30 days the issues will be made available to the public.
Isn't that how the mac survives? Just ignore any security risks and don't report the ones you find. Just ignore the missing wall on the building. It's raining outside but pretend it's still there. If you ignore it, no one will notice.
You post seems a bit sarcastic. Apple does not "ignore" security risks, if they did there would not be security patches. If someone finds a flaw they want it fixed within days, which is not reasonable. Even MS has moved to 30 day patch routines. I am sure Apple has some sort of ranking/queuing system to determine what needs to be patched. Just because they don't make a particular issue a top priority does not make it less important to report it to them. I also tend to not fault a company for downplaying an issue since that may help keep a person from focusing on that issue to create a virus/worm. MS and even Linux tend to do that... -
#6.6 Posted by whocares78 on 18 Jun 2007 - 04:16
- agreed, he defiantely should have followed the due dilligence.
-
(1 reply)
#7 Posted by GEIST on 13 Jun 2007 - 13:36
- Safari for Windows is a sorry excuse for a piece of Windows software anyways, even for a BETA product. All I see is random characters on every website as well as Safari's user interface and I can't even open its Preferences without it crashing every single time. I've tried pre-alpha versions of other web browsers that were more stable and reliable.
I think Safari for Windows has potential but that beta version is a pretty bad start in my opinion.
-
#8 Posted by +GreyWolfSC on 13 Jun 2007 - 15:21
- I couldn't even drag my bookmarks around in it to rearrange them without it freezing. Once again, my PC is Apple free.
-
#10 Posted by PureLegend on 13 Jun 2007 - 16:25
- And THIS is why they make it hard to run OS X on PC
-
#11 Posted by ziadoz on 13 Jun 2007 - 17:03
- Can't say Apple's 'brush it under the carpet' attitude surprises me to be honest.
-
(2 replies)
#12 Posted by bluarash on 13 Jun 2007 - 17:41
- I have been using the product for about a two days. I don't see many rendering problems. It hasn't actually even crashed yet. I am running it under Vista with 1gig of memory (the apps takes between 60 to 80mb). I don't like it as well as Firefox, but come on guys...
-
#12.1 Posted by solardog on 13 Jun 2007 - 17:54
- I dont think anyones being overly harsh here. There are many complaints/issues of major stability problems under Vista. I used it in XP and didnt have any serious problems, besides it being the ugliest browser Ive ever seen.
-
(2 replies)
#13 Posted by Cyranthus on 13 Jun 2007 - 18:47
- well it is just a beta... what a surprise, it has vulnerabilities! seriously, what software these days DOESNT have vulnerabilities. ive been trying it and its actually not bad, but i dont think its "the best browser ever" according to apple. in fact, its far from it. it doesnt even utilize my back and forward buttons on my ****ing mouse.
-
#13.1 Posted by +GreyWolfSC on 13 Jun 2007 - 21:12
- Quote - (Cyranthus said @ #13)well it is just a beta... what a surprise, it has vulnerabilities! seriously, what software these days DOESNT have vulnerabilities. ive been trying it and its actually not bad, but i dont think its "the best browser ever" according to apple. in fact, its far from it. it doesnt even utilize my back and forward buttons on my ****ing mouse.
You misunderstood... When Apple says something is 'great' or the 'best ever' or the 'most advanced' it just means that it exists. You have to remove all the adverbs and the adjectives that aren't a color hue from their press releases... -
#13.2 Posted by +TCLN Ryster on 13 Jun 2007 - 23:07
- Indeed, Cyranthis definately misunderstood. No-one is shocked that a peice of apple software has flaws, in fact they are expected of any software. What most people are commenting on is the arrogance of apple in declaring their product "the best" and "secure from day one".
-
#14 Posted by GP02X on 13 Jun 2007 - 18:53
- maybe it's apple's secret goal to make safari full of flaws and blame the bugs on windows.
make false claims in their commercials to sway the technically challenged to switch to mac
-
#15 Posted by backslash on 13 Jun 2007 - 21:31
- This beta is definately not ready for the public. I have installed it on 3 machines. 2 of the installs work (sometimes). The program seems to conflict with certain system configurations.
Screenshot
I have seen this problem on more than one system (my machine at work and a friends). I should note that the above problem is not a crash. This is how Safari looks when I launch it (everytime). I also tried reinstalling it. The new browser also seems to crash alot when it uses plugins. Apple will ofcourse blame the plugins for this (it uses firefox plugins!. I noted several crashes when trying to view online video sites that use flash players. However, these same sites do not crash when Firefox 2 is used. I am using Safari right now on my mac, but I feel that Safari should remain on its original platform where it belongs.
Last edited by backslash on 13 Jun 2007 - 21:40
-
#16 Posted by +TCLN Ryster on 13 Jun 2007 - 23:04
- Quote -Security.
Now you can enjoy worry-free web browsing on any computer. Apple engineers designed Safari to be secure from day one.
Source: http://www.apple.com/safari
-
(1 reply)
#17 Posted by Mistwaver on 13 Jun 2007 - 23:21
- It's in beta stage. At this point Apple doesn't care if the browser is secure--they care about if the browser is insecure. This tells them their browser is not a secure product, and ensures the final product is secure as possible.
Last edited by Mistwaver on 13 Jun 2007 - 23:27
-
#18 Posted by Jazket on 14 Jun 2007 - 04:31
- Its a freaking beta for got sake... Every software has vulnerabilities being beta, first off, and seond off, being ported to a totally different OS platform.
Dang... oh and I'm a freaking Windows fan till the day I die. But its not fair to blaim something for what it is not (yet).
Btw, yes Safari is very [censored] ugly...
-
#19 Posted by RAID 0 on 14 Jun 2007 - 04:54
- LTD! WHERE ARE YOU! Mr. Jobs needs you to come in and defend Apple at ALL COSTS!
hehe.. just playin.. but really.. Where is he? The biggest Apple fan on Neowin... OH.. snap! I just got it! Only when Apple's doing WELL does he post.. my bad. Sorry for bringing that up. No snipping here, CHAD! ;-)
(Come on LTD.. take the bait)
First off the mark was David Maynor of Errata Security, who posted notice of a bug about two hours after Apple made Safari 3 available for Windows. By the end of the day, Maynor had racked up six bugs. Four could be exploited to crash the browser and/or PC in a denial of service; the other two, Maynor claimed, were remote execution vulnerabilities. Maynor, who clashed with Apple over a demonstration of a wireless hack on a MacBook at last summer's Black Hat security conference, didn't hesitate to take a shot at the Cupertino, Calif. company. "I can't speak for anybody else, but the bugs found in the beta copy of Safari on Windows work on the production copy on OS X as well," he said in a posting on the Errata site. "The exploit is robust mostly thanks to the lack of any kind of advanced security features in [Mac] OS X."