"Hackerek kontra Apple"

Azért van 1-2 elég jól összeszedett mondat a cikkben, amit én személy szerint kiemelnék:

Mac & i: ...and we had high hopes that 10.6 would improve on ASLR. But somehow they seem to have forgotten the Dynamic Linker. In 10.5 the Execute Disable bit for the stack, which DEP depends upon on Intel processors, could even be disabled by a daring programmer with a call to mprotect - has Apple at least changed that in Snow Leopard? Can the heap and stack be considered safe in this regard?

CM: The ALSR on 10.5 is identical to that of 10.6, no improvements were made there. There are still plenty of things that are not randomised, such as the location of the dynamic linker, the comm page, and the executable itself, as well as the stack and heap. DEP for the heap has been added (for 64-bit processes) in Snow Leopard which is a big improvement. However it is still lacking for 32-bit processes such as the QuickTime and Flash browser plugins. Additionally, older Apple computers, like those before 2007, will not support 64-bit processes and so DEP for the heap will not exist in any process. Compare this to Windows where they have full ASLR (everything is randomised) and DEP.

DDZ: On just about all systems with non-executable memory, the system calls to make memory pages executable (mprotect, vm_protect, VirtualProtect, etc) are still permitted. The grsec patches for Linux can disable this behaviour and on iOS, it is prevented by code signing enforcement. What the lack of ASLR does is make it easier for attackers to find bits of code that they can reuse in order to effect a system call that makes the memory containing their shellcode executable (if it wasn't already).

"Mac & i: Summing it all up, do you think Apple has what it takes to make computing secure for their users? Will they only need to update their technologies, or is it also a question of their management's attitude towards security?

CM: Apple is certainly capable of producing a secure product but hasn't put in the effort yet. They are a product company. New, exciting products sell and make them money, security doesn't. If you look at the original iPhone, it sold like crazy, but security wise was just awful. There is a (slowly changing) perception that Apple products are secure. I guess Apple figures why spend money on actual security when they're already considered secure. It will take a security related crisis, like Microsoft experienced nearly ten years ago, to get Apple to change. Security needs to affect their bottom line."

"If you look at web browsers, Google continues to invest the most effort into the security of their browser, Chrome. It's Google's business model to keep you using the web, which requires that you trust the web with your time and data. As they have the most to lose by consumers losing confidence in the web, they will spend the most money to make it safe."

Illetve egy személyes kiskedvenc a cikkből:

Mac & i: The last question goes to Charlie - probably the question you get asked most often: Will you do it again at Pwn2Own 2011, and if so, do you already have a bug in your bag to exploit? Maybe Safari 5?

CM: I'm not sure. It is really a lot of effort and pressure for not too great a reward. I think I've proven the two things I set out to prove, namely, that Apple products are not perfectly secure and that I can write exploits. The problem is you can have an exploit and it can get patched a week before the competition or someone's name can get drawn out of a hat before yours and you get nothing. I guess it will depend on the rules this year. It is a great competition and a lot of fun. As for whether I have an exploit in my pocket, a gentleman doesn't discuss such things, but I'm not a gentleman, so yes.

____________________________________
Az embert 2 éven át arra tanítják hogyan álljon meg a 2 lábán, és hogyan beszéljen... Aztán azt mondják neki: -"Ülj le és kuss legyen!"..