Linked by Thom Holwerda on Thu 19th Mar 2009 06:44 UTC, submitted by Moulinneuf
Privacy, Security, Encryption As he had already predicted, cracker Charlie Miller has won the PWN2OWN contest by cracking Safari and Mac OS X within seconds of the start of the competition. "It took a couple of seconds. They clicked on the link and I took control of the machine," Miller said after his accomplishment. He took home the USD 10000 prize, as well as the MacBook he performed the exploit on. Internet Explorer 8 fell a while later by cracker Nils, who also cracked Safari and Firefox after being done with IE8.
Permalink for comment 353857
To read all comments associated with this story, please click here.
by henrikmk on Thu 19th Mar 2009 08:43 UTC
Member since:

From the article above:

That fact highlights that, in reality, the platforms and browsers involved aren't targeted by a series of equal attacks. Instead, researchers arrive with exploits they hope to use against vulnerabilities they are aware of in specific platforms or browsers, but have not yet reported. Were they to report the exploits in advance, they would be patched by the vendor. There's no money in that, so the contest provides an incentive to report vulnerabilities.

If it's all so money motivated, perhaps Apple should simply pay Charlie Miller $500 every time he finds a valid security hole in an Apple application. Since he seems to be so good at it, they should take advantage of it. That would be cheaper for them than having headlines like this, which is likely to cost them a few Mac purchases (but not that many).

Edited 2009-03-19 08:44 UTC

Reply Score: 6