冰灵博客

For the longest time in hacker folklore Internet Explorer and Microsoft Windows were the key targets and most exploitable while Macintosh and Safari were virtually ignored. But times they are a-changin’, roles are reversing, and Google’s Chrome comes out as a dark horse.

Researchers entering the Pwn2Own browser exploit contest at CanSecWest in Vancouver delivered bad news to all three major Web browsers. IE, Safari, and Firefox were all cracked, leaving Google’s Chrome unbroken. When the researchers took a crack at smartphones like the iPhone, Blackberry, and Android, they also fell short.
But the bigger news is the insight Charlie Miller, a security researcher for Independent Security Evaluators who cracked a fully patched MacBook Air through Safari, gave ZDNet in an interview. Miller labeled Mac OS as the easiest of the bunch to exploit while naming Firefox on Windows machines one of the most difficult, and Chrome as almost impossible.

The difficulty Chrome presents, said Miller, is a reason why hackers, especially those in the contest, largely ignore it. Google’s browser is just too much work.

“There are bugs in Chrome but they’re very hard to exploit,” he explained. “I have a Chrome vulnerability right now but I don’t know how to exploit it.  It’s really hard.  The’ve [sic] got that sandbox model that’s hard to get out of… I might have this bug and I might be able to get code execution.  But now you’r ein [sic] a sandbox and you have no permissions to do anything. You need another bug to get out of the sandbox. Now you need two bugs and two exploits.  That raises the bar. “

On the other hand, Mac OS is the easiest, and with rising popularity of Apple machines, it becomes a more attractive target. Over the decades, the sheer ubiquity of Windows machines made Microsoft the biggest target, leaving Mac machines virtually ignored by the hacker community.

Miller suggests it’s the operating system more than the browser these days, and the folks at Microsoft have made it very difficult to exploit Windows via anti-exploit mitigations and randomization, “two hurdles” lacking on Macs.

While Firefox is just slightly more difficult to exploit than IE 8, in Miller’s estimation, the killer combination is Firefox on Windows. “It’s really hard to exploit Firefox on Windows,” he said. “For all the browsers on operating systems, the hardest target is Firefox on Windows.  With Firefox on Mac OS X, you can do whatever you want.  There’s nothing in the Mac operating system that will stop you.”

When I want to search for images, the first place to look for that comes to my mind is Google Image Search. It does lack a few features, but I still use it for all my image-searching needs.

To get a direct link for any image in Google Image Search, you have to first click the image and get the direct link from the website page where that image belongs to. But thanks to a Greasemonkey script, getting a direct link is much easier now.

Google Direct Image Links is a Greasemonkey script that adds a link to the direct URL of the image above every search result in Google Image Search.

This is a very useful script for people (like me) who use Google Image Search very often. No need to open the image page first just to get the direct link. You can copy it directly from the results page.

Download the script from the link given below.

Download Google Direct Image Links script