InfoAnda - What This Chinese Hacker Could Teach Apple

Pakistanis angry over detentions in Times Sq. case
Monday, May 24, 2010
ISLAMABAD – Relatives of three men detained by Pakistan for alleged links to the suspect in the attempted Times Square bombing say the men are innocent.
They

Taiwan denies boycotting Australian film festival
Thursday, August 6, 2009

AFP - Thursday, August 6TAIPEI (AFP) - - Taiwan's Beijing-friendly government on Wednesday denied boycotting an Australian film festival amid a row over the e

Merkel's support dips, regional ally resigns International
Thursday, September 3, 2009

By Sarah Marsh and Noah Barkin

BERLIN (Reuters) - Chancellor Angela Merkel suffered a double blow on Thursday as a senior party ally in east German

Minister seeks closure of anti-Berlusconi websites
Wednesday, December 16, 2009
ROME (AFP) - – The Italian government moved Tuesday to close down Internet sites encouraging further violence against Prime Minister Silvio Berlusconi, who

Asian markets mixed after Wall Street rally
Wednesday, March 18, 2009

By ELAINE KURTENBACH,AP Business Writer AP - Wednesday, March 18SHANGHAI - Asia's stock market rally seemed to be running out of steam Wednesday, despite an

Roadside bomb kills former Pakistan minister | | 3 January 2010
US vets return to Iwo Jima for 65th anniversary | 3 March 2010
Oracle boosts MySQL investment, targets Microsoft | | 13 April 2010

Iran leader says sanctions will not slow atom work | 9 July 2010

Forum Views () Forum Replies ()

Read more with google mobile : What This Chinese Hacker Could Teach Apple

Yahoo! My Yahoo! Mail More Yahoo! Services Account Options New User? Sign Up Sign In Help Yahoo! Search web search Home Singapore Asia Pacific World Business Entertainment Sports Technology What This Chinese Hacker Could Teach Apple By Greenberg Andy - 2 hours 25 minutes ago Send IM Story Print If tough love is the best way to fix the world's software, then Wu Shi may be one of the information security industry's unsung heroes. Since 2007 the 35-year-old Shanghai-based researcher has found and reported more than 100 critical flaws in Web browsers like Internet Explorer, Safari and Chrome that could be used to hijack users' computers when they browse to an infected Web page. In the last year alone he's sold more than 50 of those flaws to vulnerability bounty projects like Zero Day Initiative and iDefense, organizations at Hewlett-Packard and VeriSign, respectively, that pay researchers for bug information and use the data in security products before passing it on to affected software vendors. Those numbers represent more flaws reported to Zero Day Initiative and iDefense in a single year--and certainly more vulnerabilities in Web browsers--than practically any other researcher in the world. And more than half those flaws have been in Apple's Safari browser. In one security update last month, for instance, Apple released 64 new patches for its iPhone operating system. Only six of those security problems had been identified by Apple's internal researchers. Twelve had been identified by researchers at Google. Fifteen had been identified by Wu. "Perhaps Apple should hire Wu Shi to help them, since apparently he can find more than twice the bugs their whole security team can find," fellow security researcher Charlie Miller told Forbes at the time. In instant messenger and e-mail conversations, Wu explains how he uses a method known as "fuzzing" to harvest those bugs. Fuzzing a browser involves entering a stream of tweaked files into the program to see which cause it to crash, and then analyzing those crash instances to see which would allow a hacker to insert code that would give him or her control of the browser. Wu uses his own unique algorithm to generate those test files, and throws them at his own Apache Tomcat server, allowing him to test more samples at a higher frequency than the average researcher. Instead of merely switching single variables in a file, he says his method changes the entire sample, making as many changes as possible that still allow a browser to recognize the file as HTML. "My fuzzing framework focuses on the software's structure, not the details," Wu said. Wu doesn't perform deep analysis on the bugs he finds, says Aaron Portnoy, a research manager at ZDI who has examined his findings. But Portnoy says the Chinese researcher's full-file fuzzing catches bugs that other approaches can't. "These files have complex hierarchies of related items. Instead of changing one of those items, he can change how the relationship tree works," says Portnoy. "A lot of people fuzz data. He fuzzes relationships." Wu says he came up with his bug-finding breakthrough after a series of career disappointments. As China's stock market bubble swelled in 2006, his job at a small IT firm began to feel like a sinking ship. "I fell deeper and deeper into despair," Wu said. "On my salary, I couldn't even feed myself." He left the IT firm and launched a startup based on peer-to-peer file sharing technology. But when a big customer refused to pay for a major project it had commissioned, his partner took another job and the company collapsed. Wu began assembling a security consultancy and experimenting with fuzzing ideas he'd first had as a student at Fudan University years before. He found several Microsoft security flaws and reported them to the company directly before a friend told him about "vulnerability buying" programs like ZDI. "From that time on, I became a full-time bug hunter," he says. The hunt has been fruitful. ZDI has paid Wu at least $5,000 for each of the 50 bugs it's bought from him, and iDefense has on occasion paid more than $10,000 for a single flaw. Wu won't say just how much those rewards have added up to, though some simple math shows they go well beyond a quarter of a million dollars--a tidy sum in China. ZDI has also awarded Wu "platinum status," a title that comes with a $20,000 bonus and a free trip to the Black Hat security conference in Las Vegas. The idea of hundreds of critical security bugs in the hands of a mainland Chinese researcher might worry some in the wake of several widespread cyber espionage networks recently linked to China. The very public hacking of Google, Juniper, Intel, Yahoo and several other companies by cyberspies seemingly based in the country, for instance, used a flaw in Internet Explorer that could have been found with techniques similar to Wu's. But Wu says that he has sold bugs only to those that "don't do evil" and report the bugs directly to software vendors. For some Internet Explorer bugs, he says he's had offers of 10 times ZDI's bounty from black-market buyers. But moral questions aside, Wu wants none of the risks that come with criminal associations. Even so, the sheer numbers of vulnerabilities that Wu has found may be troubling, particularly in Apple's software. Wu says that he focuses on Apple's flaws because it's clear that the company hasn't. (Apple did not immediately respond to a request for comment.) While Microsoft has been busy hardening its software against a decade of attacks--Wu cites threats like the Code Red worm that spread to hundreds of thousands of computers in 2001 and defaced websites with the phrase "Hacked By Chinese!"--Apple has enjoyed complacent years of being ignored by cybercriminals. But Wu says that lull can't last. The rise of targeted attacks, for instance, has meant that Apple's smaller market share can no longer shield the company from dealing with security issues. "The iPhone and Mac OS are much easier to attack than Windows 7," he says. "I think in the future there will be a lot of attacks on Apple's software." In other words, Apple's turn to be "hacked by Chinese" may come soon enough. And not all of them will be as charitable as Wu Shi. See Also: The Mac Hacker Strikes AgainResearcher Will Expose 20 Hackable Apple FlawsHow To Hijack 'Every iPhone In The World' Recommend Send IM Story Print Related Articles What This Chinese Hacker Could Teach Apple Forbes - 2 hours 25 minutes ago US-TECH Summary Reuters - 2 hours 43 minutes ago Europe woes and iPhone surge to hit handset vendors Reuters - 2 hours 43 minutes ago Apple to hold press conference on iPhone 4 AFP - Friday, July 16 Google shares down as results fall short AFP - Friday, July 16 News Search Top Stories Obama's daughter to attend summer camp Wall Street overhaul clears Senate, heads to Obama June Earth's hottest ever: US monitors No oil flowing into Gulf as test starts: BP Putin takes Van Damme to ultimate fighting match More Top Stories » ADVERTISEMENT More from Forbes ASEAN Opts For Nuclear Power HP, Intel, and Weezer Rock Times Square Apple s Bet: Threats Are Opportunities Slinging Mud Tobacco-Asbestos-Katrina Scruggs Style Yankee Ticket Prices Soar After Steinbrenner Death Most Popular Most Viewed Most Recommended Penelope Cruz, Javier Bardem tie the knot Rapid weight loss best way to slim down: studies Putin takes Van Damme to ultimate fighting match June Earth's hottest ever: US monitors JPMorgan profit leaps nearly 80% More Most Viewed » Reclusive top mathematician turns down prize, again Germany's 'Octopus oracle' keeps perfect record Who's right - the dolphin or the octopus? 3 Russian spy suspects due in US court More Most Recommended » Elsewhere on Yahoo! Financial news on Yahoo! Finance Stars and latest movies Best travel destinations More on Yahoo! News Home Singapore Asia Pacific World Business Entertainment Sports Technology Subscribe to our news feeds Top StoriesMy Yahoo!RSS » More news feeds | What are news feeds? Also on Yahoo Answers Groups Mail Messenger Mobile Travel Finance Movies Sports Games » All Yahoo! Services Site Highlights Singapore Full Coverage Most Popular Asia Entertainment Photos World Cup 2010 Copyright © 2010 Yahoo! Southeast Asia Pte. Ltd. (Co. Reg. No. 199700735D). All Rights Reserved. Terms of Service | Privacy Policy | Community | Intellectual Property Rights Policy | Help

Other News on Friday, 16 July 2010
Libyan aid ship docks at Egyptian port
Freed dissidents say disease rampant at Cuban jails
US-TECH Summary
At least 21 killed in Iran suicide attack: report |
Russia has identified Estemirova's killer: Medvedev
Rivalries, economy cloud Google expectations
Pakistan and India agree on talks |
'Significant advances' made towards AIDS vaccine
Penthouse owner makes $210 million bid for Playboy
Boeing says delivery of first 787 may be delayed to 2011
Facebook page praising British killer removed after row
NATO launches Afghan intelligence-sharing drive |
Wall Street overhaul clears Senate, heads to Obama
Half of social networkers worried about privacy: poll
Freed prisoners describe life in Cuban jails |
French foreign ministry probes fake website
Kenya goes hi-tech to curb election fraud
French police hold key figures in Bettencourt case |
Five billion mobile phones in use worldwide: study
Court orders release of former Congo warlord Lubanga |
Microsoft co-founder Paul Allen pledges fortune to philanthropy
Amazon accused of infringing patents with Kindle
Five billion mobile phones in use worldwide: study
Renshaw thrown off Tour for headbutts on Dean
N.Korea demands to see evidence on ship sinking
US army hands over last prison in Iraq
British diplomacy to prioritise business: Hague
More than 900 World War II munitions found in Japan
Indonesia lukewarm on Australia asylum centre plan
U.S. ready to talk to North Korea in right circumstances
Apple to address iPhone 4 flaw but recall unlikely |
Louis Vuitton opens first Lebanon store
Frustration for Korea's Noh at British Open
Robbie Williams rejoins British band Take That
Still plenty of demand for iPad: survey |
Microsoft co-founder Paul Allen pledges fortune to philanthropy |
US-ENTERTAINMENT Summary
Singer Robbie Williams to rejoin Take That
Half of social networkers worried about privacy: poll |
Lindsay Lohan reported in rehab ahead of jail term
FCC eyes satellite spectrum for broadband use |
Boney M to bring disco fever to West Bank festival
Mandela concert postponed in Spain
China boosts offer for WTO pact on government contracts: US
A Minute With: Director Nolan talks about "Inception"
India's TCS quarterly profit jumps 21 percent
China's first micro-winery wins plaudits
Acer, Asus and Lenovo lead pack as PC sales surge
South Korea unveils new measures to attract foreign tourists
Fresh strike hits Honda's parts plant in China
China's growth slows in second quarter
Japan's NTT to buy South African IT firm Dimension Data
Japan central bank raises growth forecast
Japan's Sanyo sells chip business to ON Semiconductor
China's Geely chairman to head up Volvo Cars
Lindsay Lohan reported in rehab ahead of jail term |
Singer Robbie Williams to rejoin Take That |
Katy Perry fends off Eminem on U.S. singles chart |
A Minute With: Director Nolan talks about Inception |
27 killed in Iran twin suicide mosque bombings
Iran scientist was longtime informant
Putin takes Van Damme to ultimate fighting match
What This Chinese Hacker Could Teach Apple
Iran scientist was longtime informant: report |
At least 21 killed in Iran suicide attacks
More than 20 killed, 100 wounded in Iran blasts
2 US troops killed by bomb blast in Afghanistan
Obama's daughter to attend summer camp
NATO launches Afghan intelligence-sharing drive |
Europe woes and iPhone surge to hit handset vendors
Apple to hold press conference on iPhone 4
June Earth's hottest ever: US monitors
At least 21 killed in Iran suicide attacks |
Google shares down as results fall short
No oil flowing into Gulf as test starts: BP
Afghan health team abducted; local official killed
Apple faces music on iPhone flaw but recall unlikely
Fire kills at least 40 in northern Iraq city |
Discovery says infringement case v Amazon not new
Chavez communes stoke Venezuela democracy debate |
China hospital refuses to treat woman with HIV
Striking workers at Honda China supplier demand apology |
Still plenty of demand for iPad: survey
Malaysia seizes endangered reptiles
Penthouse owner makes $210 million bid for Playboy
Philippine power restored after typhoon rampage
Three dead in Mexico in drug cartel attack |
All Blacks gear for 'huge' Springboks battle
Australia set for poll focused on economy: report |
NY lawyer in terrorism case gets 10 year sentence
Fidel Castro, out of seclusion, appears again |
Philippines charges former minister with graft
Global Weather-Celsius
N.Korea builds 'shrine' to leader's likely successor
Mistake to free Lockerbie bomber: British ambassador
Australian PM poised to call August 28 election
Celebrities Who Make Music
Australia set for poll focused on economy
The 10 Richest Presidents
Mine managers detained over toxic China spill
What This Chinese Hacker Could Teach Apple
Ancient species discovered in Barrier Reef depths
Primetime TV shows to get racier after court ruling
"Winter's Bone" star cast in "X-Men: First Class"
Smartphones boost Sony Ericsson Q2 |
The World's Most Fabulous, Most Affordable Wedding Gowns
Europe woes and iPhone surge to hit handset vendors |
The World's Happiest Countries
S.Korea sees smaller deficit in 2010 on recovery
Taiwan stocks join regional falls; techs slip
Luxury Clothes For Kids
Seoul shares fall led by Hynix, LG Display
World's Weirdest Diets
Malaysia cuts subsidies in surprise move
Google profit misses as expenses surge |
Don't shun Euro, French PM tells Japan investors
PAKISTAN
Dollar weak on poor US data
S.Korea Honam to buy Malaysia Titan for $1.27 bln
Toyota to build third plant in Brazil
AIG Taiwan unit buyers make more concessions-paper
Lindsay Lohan reported in rehab ahead of jail term |
Mel Gibson custody battle back in LA court |
Michigan pair convicted in John Stamos extortion plot |
TV personality Erin Andrews sues Marriott hotels |
Primetime TV shows to get racier after court ruling |
Inception dreams up big box office despite doubts |
Winter's Bone star cast in X-Men: First Class |
Country composer, performer Hank Cochran dies |
Penthouse owner offers $210 million for Playboy |
Turkey reopening ancient Armenian church to heal wounds
Hundreds drown in Russia heatwave
Foreigners among 30 dead in Iraq hotel blaze
Smartphones boost Sony Ericsson Q2, sees more growth
'Yorkshire Ripper' must die behind bars: court
Goldman Sachs agrees record $550m fine
Electronic Arts exiting France's Ubisoft
Four Americans among dozens killed in Iraq hotel fire
Hotel fire kills 30 in Iraq's Kurdish north
Italy sweltering in major heatwave
Women priests and sex abuse not equal crimes: Vatican |
Scientists devise guide to the perfect handshake
Lebanon arrests third 'telecom spy'
Blast in Pakistan's Khyber kills eight: official |
NATO airstrike kills Taliban commander, police say
Smartphones boost Sony Ericsson Q2, sees more growth
EU judges bar extradition of Kosovo man to U.S. |
NATO airstrike kills Taliban commander in north
U.S. urges Thailand to end emergency rule |
Chavez communes stoke Venezuela democracy debate |
Indonesia pledges forests for orangutan conservation
Heavy rains, floods kill 24 in Yemen and Saudi |
Germany's Merkel urges China to open up markets
Pakistan market bomb kills 10
Iranian scientist was CIA asset for years: NYT
Pakistan blames India for lack of progress in talks
At least eight dead as heavy rains lash Japan
Londonderry named first city of culture
Thai customs make million-dollar ivory seizure
Robbie Williams rejoins British band Take That
N.Zealand inventors unveil bionic legs for paraplegics
Pakistani stocks end up; rupee flat; o/n rates down
Dollar touches year-low against yen
Apple faces music on iPhone flaw but recall unlikely |
Sony Ericsson reports profits bounce
Electronic Arts exiting France's Ubisoft |
Pakistan needs rate rise to fight inflation-economists
Daimler in truck deal with China's Foton
Pakistan's FY09/10 c/a deficit narrows to $3.507 bln
Half of social networkers worried about privacy: poll |
Indonesia overturns Tommy Suharto ruling
S.Korea apartment prices post 1st weekly fall in 16 mths
Pakistani cbank buys 8 bln rupees of govt paper
George Clooney testifies in Milan fashion fraud case |
Pink rushed to hospital as stunt fails |
Amy Winehouse eyes new album in early 2011 |
Greece at new risk of being pushed off euro
Bodies of missing Tenn. mom, Jo Ann Bain, and daughter found
Female Breasts Are Bigger Than Ever
AMD Trinity Accelerated Processing Units Now in Volume Production
The Avengers (2012 film), made the second biggest opening- and single-day gross of all-time
AMD to Start Production of piledriver
Ivy Bridge Quad-Core, Four-Thread Desktop CPUs
Islamists Protest Lady Gaga's Concert in Indonesia
Japan Successfully Broadcasts an 8K Signal Over the Air
ECB boosts loans to 1 trillion Euro to stop credit crunch
Egypt : Mohammed Morsi won with 52 percent
What do you call 100,000 Frenchmen with their hands up
AMD Launches AMD Embedded R-Series APU Platform
Fed Should not Ignore Emerging Market Crisis
Fed casts shadow over India, emerging markets
Why are Chinese tourists so rude? A few insights

USD EUR - 1 year graph	VPN on MacOSX	BlogMeter 1.01