InfoAnda - What This Chinese Hacker Could Teach Apple

Pakistanis angry over detentions in Times Sq. case
Monday, May 24, 2010
ISLAMABAD – Relatives of three men detained by Pakistan for alleged links to the suspect in the attempted Times Square bombing say the men are innocent.
They

Taiwan denies boycotting Australian film festival
Thursday, August 6, 2009

AFP - Thursday, August 6TAIPEI (AFP) - - Taiwan's Beijing-friendly government on Wednesday denied boycotting an Australian film festival amid a row over the e

Merkel's support dips, regional ally resigns International
Thursday, September 3, 2009

By Sarah Marsh and Noah Barkin

BERLIN (Reuters) - Chancellor Angela Merkel suffered a double blow on Thursday as a senior party ally in east German

Minister seeks closure of anti-Berlusconi websites
Wednesday, December 16, 2009
ROME (AFP) - – The Italian government moved Tuesday to close down Internet sites encouraging further violence against Prime Minister Silvio Berlusconi, who

Asian markets mixed after Wall Street rally
Wednesday, March 18, 2009

By ELAINE KURTENBACH,AP Business Writer AP - Wednesday, March 18SHANGHAI - Asia's stock market rally seemed to be running out of steam Wednesday, despite an

Israel warns Palestinians over seeking recognition | 17 November 2009
Afghanistan poised to announce election results | 23 November 2010
The Sky Is Falling: Mysterious Ice Chunks Hit Chicago Home | 8 November 2009

Statue of Obama as boy erected in Indonesian park | 10 December 2009

Forum Views () Forum Replies ()

Read more with google mobile : What This Chinese Hacker Could Teach Apple

Yahoo! My Yahoo! Mail More Yahoo! Services Account Options New User? Sign Up Sign In Help Yahoo! Search web search Home Singapore Asia Pacific World Business Entertainment Sports Technology What This Chinese Hacker Could Teach Apple By Greenberg Andy - Tuesday, July 20 Send IM Story Print If tough love is the best way to fix the world's software, then Wu Shi may be one of the information security industry's unsung heroes. Since 2007 the 35-year-old Shanghai-based researcher has found and reported more than 100 critical flaws in Web browsers like Internet Explorer, Safari and Chrome that could be used to hijack users' computers when they browse to an infected Web page. In the last year alone he's sold more than 50 of those flaws to vulnerability bounty projects like Zero Day Initiative and iDefense, organizations at Hewlett-Packard and VeriSign, respectively, that pay researchers for bug information and use the data in security products before passing it on to affected software vendors. In Pictures: Red White And Blue In Red China Hong Kong's 40 Richest Best Business Apps For Android Ten Socially Responsible Mobile Apps Waterproofing Your Vacation Those numbers represent more flaws reported to Zero Day Initiative and iDefense in a single year--and certainly more vulnerabilities in Web browsers--than practically any other researcher in the world. And more than half those flaws have been in Apple's Safari browser. In one security update last month, for instance, Apple released 64 new patches for its iPhone operating system. Only six of those security problems had been identified by Apple's internal researchers. Twelve had been identified by researchers at Google. Fifteen had been identified by Wu. "Perhaps Apple should hire Wu Shi to help them, since apparently he can find more than twice the bugs their whole security team can find," fellow security researcher Charlie Miller told Forbes at the time. In instant messenger and e-mail conversations, Wu explains how he uses a method known as "fuzzing" to harvest those bugs. Fuzzing a browser involves entering a stream of tweaked files into the program to see which cause it to crash, and then analyzing those crash instances to see which would allow a hacker to insert code that would give him or her control of the browser. Wu uses his own unique algorithm to generate those test files, and throws them at his own Apache Tomcat server, allowing him to test more samples at a higher frequency than the average researcher. Instead of merely switching single variables in a file, he says his method changes the entire sample, making as many changes as possible that still allow a browser to recognize the file as HTML. "My fuzzing framework focuses on the software's structure, not the details," Wu said. Wu doesn't perform deep analysis on the bugs he finds, says Aaron Portnoy, a research manager at ZDI who has examined his findings. But Portnoy says the Chinese researcher's full-file fuzzing catches bugs that other approaches can't. "These files have complex hierarchies of related items. Instead of changing one of those items, he can change how the relationship tree works," says Portnoy. "A lot of people fuzz data. He fuzzes relationships." Wu says he came up with his bug-finding breakthrough after a series of career disappointments. As China's stock market bubble swelled in 2006, his job at a small IT firm began to feel like a sinking ship. "I fell deeper and deeper into despair," Wu said. "On my salary, I couldn't even feed myself." He left the IT firm and launched a startup based on peer-to-peer file sharing technology. But when a big customer refused to pay for a major project it had commissioned, his partner took another job and the company collapsed. Wu began assembling a security consultancy and experimenting with fuzzing ideas he'd first had as a student at Fudan University years before. He found several Microsoft security flaws and reported them to the company directly before a friend told him about "vulnerability buying" programs like ZDI. "From that time on, I became a full-time bug hunter," he says. The hunt has been fruitful. ZDI has paid Wu at least $5,000 for each of the 50 bugs it's bought from him, and iDefense has on occasion paid more than $10,000 for a single flaw. Wu won't say just how much those rewards have added up to, though some simple math shows they go well beyond a quarter of a million dollars--a tidy sum in China. ZDI has also awarded Wu "platinum status," a title that comes with a $20,000 bonus and a free trip to the Black Hat security conference in Las Vegas. The idea of hundreds of critical security bugs in the hands of a mainland Chinese researcher might worry some in the wake of several widespread cyber espionage networks recently linked to China. The very public hacking of Google, Juniper, Intel, Yahoo and several other companies by cyberspies seemingly based in the country, for instance, used a flaw in Internet Explorer that could have been found with techniques similar to Wu's. But Wu says that he has sold bugs only to those that "don't do evil" and report the bugs directly to software vendors. For some Internet Explorer bugs, he says he's had offers of 10 times ZDI's bounty from black-market buyers. But moral questions aside, Wu wants none of the risks that come with criminal associations. Even so, the sheer numbers of vulnerabilities that Wu has found may be troubling, particularly in Apple's software. Wu says that he focuses on Apple's flaws because it's clear that the company hasn't. (Apple did not immediately respond to a request for comment.) While Microsoft has been busy hardening its software against a decade of attacks--Wu cites threats like the Code Red worm that spread to hundreds of thousands of computers in 2001 and defaced websites with the phrase "Hacked By Chinese!"--Apple has enjoyed complacent years of being ignored by cybercriminals. But Wu says that lull can't last. The rise of targeted attacks, for instance, has meant that Apple's smaller market share can no longer shield the company from dealing with security issues. "The iPhone and Mac OS are much easier to attack than Windows 7," he says. "I think in the future there will be a lot of attacks on Apple's software." In other words, Apple's turn to be "hacked by Chinese" may come soon enough. And not all of them will be as charitable as Wu Shi. See Also: The Mac Hacker Strikes AgainResearcher Will Expose 20 Hackable Apple FlawsHow To Hijack 'Every iPhone In The World' Recommend Send IM Story Print Related Articles US-TECH Summary Reuters - 49 minutes ago Another Foxconn worker falls to death: report Reuters - 49 minutes ago Google to use wind energy to power data centers Reuters - 1 hour 10 minutes ago Nokia jumps on hope of CEO Kallasvuo exit Reuters - 1 hour 46 minutes ago Sharp to join e-reader business war AFP - Wednesday, July 21 News Search Top Stories Goldman Sachs profits fall 82 percent HIV gel breakthrough lifts mood at AIDS conference Honda aims for electric cars, plug-in hybrids by 2012 Embraer wins Flybe small jets order at Farnborough Parachuting donkey shocks Russian beachgoers More Top Stories » ADVERTISEMENT More from Forbes Sarah Palin Refudiates Language Criticism Women and Overperforming: Don t Go for the Bait Gambling Wiz Deals Business Advice in House Advantage Beat The Market With Ben Graham Lev Grossman Talks Magic Most Popular Most Viewed Most Recommended Parachuting donkey shocks Russian beachgoers Major step towards anti-HIV vaginal gel Embraer wins Flybe small jets order at Farnborough HIV gel breakthrough lifts mood at AIDS conference Peruvian detained in Mexico with 18 hidden monkeys More Most Viewed » Reclusive top mathematician turns down prize, again Paris Hilton caught with cannabis in handbag Germany's 'Octopus oracle' keeps perfect record Parachuting donkey shocks Russian beachgoers Who's right - the dolphin or the octopus? More Most Recommended » Elsewhere on Yahoo! Financial news on Yahoo! Finance Stars and latest movies Best travel destinations More on Yahoo! News Home Singapore Asia Pacific World Business Entertainment Sports Technology Subscribe to our news feeds Top StoriesMy Yahoo!RSS » More news feeds | What are news feeds? Also on Yahoo Answers Groups Mail Messenger Mobile Travel Finance Movies Sports Games » All Yahoo! Services Site Highlights Singapore Full Coverage Most Popular Asia Entertainment Photos World Cup 2010 Copyright © 2010 Yahoo! Southeast Asia Pte. Ltd. (Co. Reg. No. 199700735D). All Rights Reserved. Terms of Service | Privacy Policy | Community | Intellectual Property Rights Policy | Help

Other News on Tuesday, 20 July 2010
Clinton meets Afghan president ahead of conference
Boeing, Airbus win orders worth over 23 billion dollars
Qaeda's Zawahri mocks Obama, slams Arab leaders: web |
New Israeli rocket shield passes final test -ministry
German abandons son on highway to 'teach him lesson'
Turkish court indicts 196 over suspected coup plot
US-TECH Summary
Major step seen in quest for anti-HIV vaginal gel
Hillary Clinton arrives in Kabul
Germany investigates report of bank aiding Iran |
Baidu promotes fake drug sites-Chinese TV station
BP signs major offshore gas deal with Egypt
Allawi, Sadr hold talks on forming Iraqi govt
Iran calls for world body free of big power control
Blackberry rejects Apple's signal loss claim
New Israeli rocket shield passes final test: ministry |
Corrected
Nokia Siemens buys 1.2 billion dollars of Motorola assets
Former U.S. resident jailed for Srebrenica massacre |
Attack on British security firm in Iraq kills 4
Nuance plans voice-activated iPhone apps for UK
U.S. sends Guantanamo detainees to Algeria, Cape Verde |
Clinton in Afghanistan to refine war aims
Jobs' offer of free iPhone cases eases PR woes: analysts
Gay-lesbian group overcomes opposition at U.N. |
Apple expands iPad sales to 9 more countries
iPad to go on sale in nine more countries
US-TECH Summary
China rushes to clean up oil spill
Nokia Siemens buys 1.2 billion dollars of Motorola assets
Girls take lead on TV but not in Hollywood films
U.S. troops to arrive at U.S.-Mexico border August 1
U.S. defence chief in Seoul for talks on North Korea
Australia, Britain bury WWI soldier in France
American charged with murdering Thai bar hostess
FIFA inspectors in Japan to check World Cup bid
Zsa Zsa Gabor out of hip replacement surgery
US-ENTERTAINMENT Summary
Spanish channel announces 'world's first 3-D TV series'
Oscar speculation underway for "Inception"
Alleged Tiger Woods mistress to enter "Celebrity Rehab"
Harry Potter star lands gothic thriller role
In Gabon, papyrus plants imprison communities
Girls take lead on TV but not in Hollywood films
Teenage singer Charice gets Botox for 'Glee' debut
India's poor need to join the banking mainstream: minister
India happy with 8.5 percent growth even if IMF more bullish
The Internet can make or break a brand in China: report
India's Reliance comm shares jump on reported deal
Nissan resumes production at four domestic plants
Alleged Tiger Woods mistress to enter Celebrity Rehab |
Girls take lead on TV but not in Hollywood films |
Zsa Zsa Gabor out of hip replacement surgery |
Karzai assures conference on Afghan leadership
Eviction starts of British parliament protest camp
Afghans seek control of security by 2014 |
Landmark international conference opens in Kabul
White House awaits British PM Cameron
Migrants workers collateral damage of UAE slump
US court grants bail to Conrad Black
Thai goverment lifts emergency in more provinces |
Clinton: US, world stand with Afghanistan
Karzai calls for more control of funds, security
U.S. reviewing more sanctions on North Korea: South |
Google renewal reflects legal compliance: China
Clinton to Afghan women: You will not be forgotten
Death comes from far away in Afghan valley |
Kabul meeting to lay ground for 2014 deadline
Peruvian detained in Mexico with 18 hidden monkeys
Libya's Gaddafi says will rein in Sudanese rebel
Migrants workers collateral damage of UAE slump |
Sharp says to enter e-reader market
LCD makers brace for softer H2 as TV growth weakens
Thailand lifts emergency rule in three provinces
Industrywide digital locker beta to launch in fall
China rejects world's number one energy user title
Blame-game over deadly India train crash
Samsung dismisses Apple's claims on smartphones
Warned on future, nations look at clean energy
China satisfied with Google search engine tweaks |
U.S. said to toughen up broadband deployment report
Lindsay Lohan a 'fidgety mess' hours before jail
Industrywide digital locker beta to launch in fall |
Facebook, small firm square off over patent claims
Amazon says price cuts bolstering Kindle sales |
U.S. said to toughen up broadband deployment report |
Egypt play seeks to smash social taboos
Sharp says to enter e-reader market |
LCD makers brace for softer H2 as TV growth weakens |
Abu Dhabi lures tourists with Ferrari theme park
Virus targets Siemens industrial control systems |
Lindsay Lohan a 'fidgety mess' hours before jail
Ex-"Jersey Boys" countersue Valli over rival tour
"Jersey Shore" cast near deal for hefty raise
Virus targets Siemens industrial control systems
IBM profit up nine percent, revenue falls short
Samsung dismisses Apple's claims on smartphones
Moody's gives Motorola positive outlook after Nokia deal
US-TECH Summary
Jerry Bruckheimer strikes out again with Cage flop |
Jersey Shore cast near deal for hefty raise |
"Harry Potter" star Daniel Radcliffe takes on "Woman in Black"
Oscar speculation underway for Inception |
Ex-Jersey Boys countersue Valli over rival tour |
Harry Potter star Daniel Radcliffe takes on Woman in Black |
Study finds MTV AIDS project changes HIV attitudes |
Seoul shares rise on earnings hope;Hyundai Motor up
John Edwards film may unearth new details on scandal |
N.Korea ex-spy in Japan to meet abductee families
Lost star Matthew Fox saddles up for country life |
ASEAN meets in shadow of Korea tensions
British PM agrees to see US senators on Lockerbie
Five militants killed in botched Pakistan attack
Van der Sloot showing 'psychopathic tendencies'
Australia PM pledges close ties with Asia
Thai government lifts emergency in more provinces
Glimmer of hope in China's 'brain drain' battle
Gates: navy exercises to send 'signal' to N.Korea
China: Google renewal reflects legal compliance
FACTBOX-Top S.Korea banks eye Asian markets for 2010 funding
PAKISTAN
S.Korea POSCO plans $412 mln bond issue
Russia complains to Washington over arrest
Study finds MTV AIDS project changes HIV attitudes
Asia travel surge boosts airplane-makers' fortunes
Minimum and maximum temperatures in Celsius
South Korea 3-yr bond yield approaches 2-wk low
Seoul shares open lower; techs retreat
Official: China's slowdown helping restructuring
China expands yuan banking in Hong Kong
Bashir to visit Chad despite arrest warrant
French footballers quizzed in under-age sex probe
Another Foxconn worker falls to death: report
Rebels killed, rocket attack pre-Kabul conference
Parachuting donkey shocks Russian beachgoers
Sharp to join e-reader business war
Goldman Sachs profits fall 82 percent
EU ministers to approve tighter sanctions on Iran |
Australian laser system to track space junk
HIV gel breakthrough lifts mood at AIDS conference
EU ministers to approve tighter sanctions on Iran
Honda aims for electric cars, plug-in hybrids by 2012
What This Chinese Hacker Could Teach Apple
Kurdish rebels kill six Turkish soldiers in clash
Apps That Change The World
Cambodian police abuse sex workers: rights group |
Renegade Afghan soldier kills 3 in training camp |
The World's Most Expensive Bicycles
Serbia and Kosovo's EU future clouded as court rules |
Karzai reaffirms 2014 goal for Afghan-led security
UK swamped with threats after wars: ex-spy chief |
Karzai reaffirms 2014 date for Afghan-led security
Kurdish rebels kill seven Turkish soldiers |
Nine Technologies To Ease Pain Of Getting Old
Celebrities: Macs Vs. PCs
Honda China supplier gets tough on striking workers |
Celebrities Who Love The iPad
Mogadishu fighting kills 52 civilians in a week: group |
Twitter ban as French lawmakers debate pension bill |
Worker at Foxconn affiliate falls to death in China
Taiwan leader vows to fight corruption
Indian diplomat charged with spying for Pakistan
Hotels With The Most Beautiful Views
Inside New York City's Fishy Black Market
N.Korea FM to attend Asian security forum
Behind The Booze Brands
U.S. aid can lessen, but not remove Pakistan mistrust
China floods cut Yangtze shipping
Billionaire Playgrounds 2010
US-S.Korea war games sends 'message' to N.Korea
Celebrities Who Make Music
U.S. and South Korea to hold navy drills against North
The 10 Richest Presidents
Another Foxconn worker falls to death: report |
What This Chinese Hacker Could Teach Apple
The World's Happiest Countries
Pakistani stocks up; rupee, o/n rates flat
Google to use wind energy to power data centers |
Nokia jumps on hope of CEO Kallasvuo exit |
Honda aims for electric cars by 2012
China says exports to slow in second half
Luxury Clothes For Kids
BP plans to divest its E&P operations in Pakistan
Vegas' Perfect Poolside Dining
China lifts spirits on Asian markets
Notebooks 'able to hold off iPads in Asia-Pacific'
LG Chem says considers battery plants in China, Europe
Toyota gets second US grand jury subpoena: company
Strike at Honda parts plant in China drags on
Lindsay Lohan lawyer quits on eve of jail term |
Sam Raimi lassoes Wyatt Earp for sci-fi film |
Greece at new risk of being pushed off euro
Bodies of missing Tenn. mom, Jo Ann Bain, and daughter found
Female Breasts Are Bigger Than Ever
AMD Trinity Accelerated Processing Units Now in Volume Production
The Avengers (2012 film), made the second biggest opening- and single-day gross of all-time
AMD to Start Production of piledriver
Ivy Bridge Quad-Core, Four-Thread Desktop CPUs
Islamists Protest Lady Gaga's Concert in Indonesia
Japan Successfully Broadcasts an 8K Signal Over the Air
ECB boosts loans to 1 trillion Euro to stop credit crunch
Egypt : Mohammed Morsi won with 52 percent
What do you call 100,000 Frenchmen with their hands up
AMD Launches AMD Embedded R-Series APU Platform
Fed Should not Ignore Emerging Market Crisis
Fed casts shadow over India, emerging markets
Why are Chinese tourists so rude? A few insights

USD EUR - 1 year graph		BlogMeter 1.01