Comments on: Attention Mac Users http://hackademix.net/2009/05/20/attention-mac-users/ Giorgio Maone's answers to the Web, the Universe, and Everything Wed, 16 May 2012 22:03:46 +0000 http://wordpress.org/?v=2.2.3 By: AllSaintsDay http://hackademix.net/2009/05/20/attention-mac-users/#comment-12987 AllSaintsDay Fri, 29 May 2009 07:48:18 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12987 @ Giorgio You're right, it is not complete. I couldn'teven get any of the example applets found at http://java.sun.com/applets/jdk/1.4/index.html to work. @ Giorgio

You’re right, it is not complete. I couldn’teven get any of the example applets found at http://java.sun.com/applets/jdk/1.4/index.html to work.

]]> By: Tom T. http://hackademix.net/2009/05/20/attention-mac-users/#comment-12860 Tom T. Sat, 23 May 2009 06:22:49 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12860 @ JB and AllSaintsDay: OK, the punchline was obvious, but if MS had a remotely alert ad agency, they could use this to rip to shreds the "I'm A Mac - I'm A PC" series of ads (US only?). But I doubt their ad agency is any better than their browser, etc. @ JB and AllSaintsDay:

OK, the punchline was obvious, but if MS had a remotely alert ad agency, they could use this to rip to shreds the "I’m A Mac - I’m A PC" series of ads (US only?). But I doubt their ad agency is any better than their browser, etc.

]]> By: Giorgio http://hackademix.net/2009/05/20/attention-mac-users/#comment-12849 Giorgio Fri, 22 May 2009 11:33:58 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12849 @<a href="http://hackademix.net/2009/05/20/attention-mac-users/#comment-12840" rel="nofollow">AllSaintsDay:</a>: Does <em>any</em> other Java applet work? I suspect Chromium's Java support is not complete yet, on Mac at least... @AllSaintsDay::
Does any other Java applet work? I suspect Chromium’s Java support is not complete yet, on Mac at least…

]]> By: AllSaintsDay http://hackademix.net/2009/05/20/attention-mac-users/#comment-12840 AllSaintsDay Thu, 21 May 2009 23:48:55 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12840 &5 Wait so I just visited the POC at http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html in Chrome. /usr/bin/say was not executed but in Safari and other browsers it was. So does this mean that even though /usr/bin/say did not execute and say anything, I'm still at risk? &5 Wait so I just visited the POC at http://landonf.bikemonkey.org/static/moab-tests/CVE-2008-5353/hello.html in Chrome. /usr/bin/say was not executed but in Safari and other browsers it was. So does this mean that even though /usr/bin/say did not execute and say anything, I’m still at risk?

]]> By: AllSaintsDay http://hackademix.net/2009/05/20/attention-mac-users/#comment-12839 AllSaintsDay Thu, 21 May 2009 23:43:03 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12839 Damnit, if I would of visited the link posted, I would of found the POC, been able to test my question for the answer and therefore avoid the question.. Sigh Damnit, if I would of visited the link posted, I would of found the POC, been able to test my question for the answer and therefore avoid the question.. Sigh

]]> By: Giorgio http://hackademix.net/2009/05/20/attention-mac-users/#comment-12838 Giorgio Thu, 21 May 2009 23:42:08 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12838 @<a href="http://hackademix.net/2009/05/20/attention-mac-users/#comment-12837" rel="nofollow">AllSaintsDay</a>: <blockquote> Considering Chrome sandboxes the plugins like javascript and as long as an exploit could not escape the sandbox, I would be safe from a system compromise…Right? </blockquote> Wrong, sorry. Chrome "sandboxes" tabs and plugins in the sense that they live in a separate process and cannot bring down the whole browser with themselves if they crash (plus, as a bonus, some minor security mitigation due to stricter site-based isolation). This vulnerability has nothing to do with Chrome's sandbox nor with JavaScript. Here we're talking about Java, which by default can do anything an user can, but in a browser applet context is "sandboxed" by its own security manager. In our case, this security manager gets fooled by a bug and the attacker is left free to do anything, from reading your documents and publishing them on his blog to erasing your profile directory for fun. @AllSaintsDay:

Considering Chrome sandboxes the plugins like javascript and as long as an exploit could not escape the sandbox, I would be safe from a system compromise…Right?

Wrong, sorry.
Chrome “sandboxes” tabs and plugins in the sense that they live in a separate process and cannot bring down the whole browser with themselves if they crash (plus, as a bonus, some minor security mitigation due to stricter site-based isolation).

This vulnerability has nothing to do with Chrome’s sandbox nor with JavaScript. Here we’re talking about Java, which by default can do anything an user can, but in a browser applet context is “sandboxed” by its own security manager. In our case, this security manager gets fooled by a bug and the attacker is left free to do anything, from reading your documents and publishing them on his blog to erasing your profile directory for fun.

]]> By: AllSaintsDay http://hackademix.net/2009/05/20/attention-mac-users/#comment-12837 AllSaintsDay Thu, 21 May 2009 23:33:39 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12837 Yawn, how did I know the first comment would go something like that. (Let it go already.) Anyways, I've been using the nightly builds (http://build.chromium.org/buildbot/snapshots/sub-rel-mac/) of Google Chrome for OS X. Considering Chrome sandboxes the plugins like javascript and as long as an exploit could not escape the sandbox, I would be safe from a system compromise...Right? Yawn, how did I know the first comment would go something like that. (Let it go already.) Anyways, I’ve been using the nightly builds (http://build.chromium.org/buildbot/snapshots/sub-rel-mac/) of Google Chrome for OS X. Considering Chrome sandboxes the plugins like javascript and as long as an exploit could not escape the sandbox, I would be safe from a system compromise…Right?

]]> By: GµårÐïåñ http://hackademix.net/2009/05/20/attention-mac-users/#comment-12835 GµårÐïåñ Thu, 21 May 2009 22:26:06 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12835 Sarcasm aside, Macs are only as secure as the fact that most people don't want to waste their time developing anything for it, not that its immune or somehow more secure. Sarcasm aside, Macs are only as secure as the fact that most people don’t want to waste their time developing anything for it, not that its immune or somehow more secure.

]]> By: Web Mirror | hackademix.net » Attention Mac Users http://hackademix.net/2009/05/20/attention-mac-users/#comment-12832 Web Mirror | hackademix.net » Attention Mac Users Thu, 21 May 2009 15:11:14 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12832 [...] An old Java vulnerability, already fixed 6 months ago in every Java implementation except Apple’s, allows remote attackers (i.e. malicious web sites) to launch arbitrary code from Safari or Firefox with full user privileges, … Read the original: hackademix.net » Attention Mac Users [...] […] An old Java vulnerability, already fixed 6 months ago in every Java implementation except Apple’s, allows remote attackers (i.e. malicious web sites) to launch arbitrary code from Safari or Firefox with full user privileges, … Read the original: hackademix.net » Attention Mac Users […]

]]> By: JB http://hackademix.net/2009/05/20/attention-mac-users/#comment-12802 JB Wed, 20 May 2009 17:38:02 +0000 http://hackademix.net/2009/05/20/attention-mac-users/#comment-12802 No...but that's impossible! Macs are supposed to be ultra secure! end sarcasm No…but that’s impossible! Macs are supposed to be ultra secure!

end sarcasm

]]>