Linked by Thom Holwerda on Thu 19th Mar 2009 06:44 UTC, submitted by Moulinneuf
Privacy, Security, Encryption As he had already predicted, cracker Charlie Miller has won the PWN2OWN contest by cracking Safari and Mac OS X within seconds of the start of the competition. "It took a couple of seconds. They clicked on the link and I took control of the machine," Miller said after his accomplishment. He took home the USD 10000 prize, as well as the MacBook he performed the exploit on. Internet Explorer 8 fell a while later by cracker Nils, who also cracked Safari and Firefox after being done with IE8.
Permalink for comment 353872
To read all comments associated with this story, please click here.
RE[2]: Sad to say
by kaiwai on Thu 19th Mar 2009 09:51 UTC in reply to "RE: Sad to say"
kaiwai
Member since:
2005-07-06

I'm not surprised because they attacked the browser. Lame.

Browsers have to parse a near infinite combination of good and bad HTML, Javascript and many other formats. The browser is the biggest and most potential attack surface a hacker has to play with.

Seriously, cracking browsers is boring -- I wanted to see direct attacks against the OS and *then* see how well it stands up. Remember the Mac Mini that was left open to the net for 48 hours? 500'000 direct attacks, and not one successful.


Whether someone robs your house by getting through the front door or through one of the windows; to claim that it is 'boring' that they got through the window instead of breaking down your super re-enforced door is an attempt to ignore what just happened - you've just been robbed!

Apple has sandbox technology, why isn't Safari running in the sandbox which some of services run in? why doesn't Quicktime operate in the sandbox? again, Apple has the technology but they aren't taking advantage of it.

Reply Parent Score: 4