Safari hacker talks security
We recently discussed the PWN2OWN competition at this year’s CanSecWest security contest, but if you’re looking to really dig deep into matters of security, you’ll want to check out this interview over at Tom’s Hardware with contest winner Charlie Miller.
Miller—a former NSA employee—is the security researcher who exploited a bug in Safari within a matter of moments (for the second year in a row), but as he points out in the interview, this belies all the time he spent researching and testing in the months beforehand.
It only looks Hollywood because you don’t see the hard work in the preparation. If you set me down in front of an application I’ve never seen before and told me I have 2 minutes to hack it, as is often the case in movies, I’d have no more luck than your grandma at accomplishing it. Well, maybe a little more of a chance, but not much!
It’s a fascinating read for anybody who’s interested in security. Miller also spends some time talking about what platform he’d recommend, and makes the excellent distinction between safety and security when it comes to your computing environment (for example, Miller says Macs are less secure—there are more vulnerabilities to exploit—but safer, because there are fewer actual exploits).
For those who were curious about the eventual fallout of the PWN2OWN competition, there’s a wrap-up over on Tipping Point’s site. In the end, Google’s Chrome was the only browser to remain unhacked (an apparent testament to its sandboxing architecture) and none of the mobile platforms, including the iPhone, were successfully compromised.