Comments on: How I found the Safari exploit

By: mike

mike — Tue, 29 Jun 2010 11:02:33 +0000

How can I access data form the iframe in IE8?
Thanks.

By: Gareth Heyes

Gareth Heyes — Thu, 06 Sep 2007 16:39:59 +0000

No problem Dhubh I might do a few more posts in future like this. Glad it helped, if you like this sort of thing I’d check out my friend Ronald’s site, he has all sort of exploits on there:-
Ronalds site

By: Dhubh

Dhubh — Thu, 06 Sep 2007 16:33:18 +0000

Thank you for the in depth post explaining not just what you did, but why you did things. I really hope that more security blogger start making posts like this because it adds so much more to the learning value.

By: Gareth Heyes

Gareth Heyes — Thu, 06 Sep 2007 07:24:48 +0000

Hi David

I’ve not heard from the guy at Apple, maybe he’s very busy at the moment

Apple just sent me back an official reply, like Thank you for reporting our engineers are looking into it blah blah.

By: David Coallier

David Coallier — Thu, 06 Sep 2007 00:39:12 +0000

Well sorry to see you removed your blog from planetPHP, despite some differents, I like reading your blog. Anyways, this article is fun what did the Apple people say after all ?

By: Gareth Heyes

Gareth Heyes — Wed, 05 Sep 2007 15:33:51 +0000

@buherator

Thank you very much for the translation and I have no problem with you republishing it. I want to help people learn.

By: buherator

buherator — Wed, 05 Sep 2007 15:28:42 +0000

I translated the article and put it on my blog (with your name and links attached of course). I hope you don’t mind!

http://buhera.blog.hu/2007/09/05/igy_kell_safarit_hackelni

Great job, especially because of the explanation of how a hacker thinks. I will recommend it to all the wannabes I’ll meet!

By: Gareth Heyes

Gareth Heyes — Wed, 05 Sep 2007 13:04:53 +0000

Yep I’m not going to allow future comments from Jani or David Rodger, in fact anyone with stupid comments can now consider themselves censored. In fact stupid commentors just don’t visit my blog.

I’m going to remove my site from planet php, so these stupid people can have their wish I don’t care.

It is very sad that a lot of people ruin things for the rest of us. I’m really glad you kept your site going.

By: Ronald

Ronald — Wed, 05 Sep 2007 12:54:30 +0000

Yes indeed, I hoped most commentors were a bit responsible but I was wrong. I know some other high profile bloggers (you know them also) who also were on the brink of shutting it down only because of this stuff. It’s totally disrespectful sometimes. What does planet PHP has anything to do with it, they feed you and not the other way around.
Many think I shut it down because i can’t handle a couple of corrections, but that isn’t true. if I’m wrong I post it on my blog and tells who told me why I was wrong.

I had a anonymous reader who really helped me to understand the concept of heap spraying and he corrected my mistakes instead of firing live ammo at me, so that’s what up. I think we put up too much which such commentors, where do they feel the right to fire such rants? I think we make it them too easy to rant, and yes e-mail works fine now I only get constructive information back and zero rants.

But in the end it is sad when you gave it all, all your time to write some cool post or paper and it gets little or no attention and attracts only flies

But I was lucky that tons of “silent” readers send me long emails when I shut the site down some time ago, that was the reason I came back, otherwise I would have stopped.

By: Gareth Heyes

Gareth Heyes — Wed, 05 Sep 2007 12:39:11 +0000

Ronald I was gutted you switched off your comments. Now I can understand why.