Linked by Thom Holwerda on Thu 19th Mar 2009 06:44 UTC, submitted by Moulinneuf
Privacy, Security, Encryption As he had already predicted, cracker Charlie Miller has won the PWN2OWN contest by cracking Safari and Mac OS X within seconds of the start of the competition. "It took a couple of seconds. They clicked on the link and I took control of the machine," Miller said after his accomplishment. He took home the USD 10000 prize, as well as the MacBook he performed the exploit on. Internet Explorer 8 fell a while later by cracker Nils, who also cracked Safari and Firefox after being done with IE8.
Thread beginning with comment 353846
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[3]: Sad to say
by Kroc on Thu 19th Mar 2009 08:08 UTC in reply to "RE[2]: Sad to say"
Member since:

A self-propagating Mac virus is not going to be very successful unless it can spread via other means than just the browser. It may enter via the browser, but going machine to machine is going to need to be more clever than that.

The patch for this flaw will be released, and this whole thing would have been nothing but one big ego-trip for the hacker, with no profound meaning.

Are we to expect to shower the grey-hats and white-hats with attention and prizes for every browser bug they find? No, finding and reporting browser bugs should be humble work, and many hackers are humble enough to do it this way, letting the vendor know early and giving them time to resolve the issue.

This competition is just to sensationalise and rile up the haters and the ignorant over a matter that should be handled much better.

-- PS. Both Webkit and Gecko are open source engines, if the guy weren't a pr!ck, then he would have filed the bugs and provided patches. This competition just waves money in front of hackers faces and says "Hey, don't contribute to the safety of everybody online, when you can have all this money, and your name splashed across the news for days!".

This is disrespectful to the end user, the person who we tend to forget, is the most important person in front of the computer.

Edited 2009-03-19 08:14 UTC

Reply Parent Score: 4

RE[4]: Sad to say
by oxygene on Thu 19th Mar 2009 09:30 in reply to "RE[3]: Sad to say"
oxygene Member since:

This is disrespectful to the end user, the person who we tend to forget, is the most important person in front of the computer.

Huh? "the most important person in front of the computer"?
Probably for companies that have to care about their market share. But for some random Joe Hacker?

Reply Parent Score: 1

RE[5]: Sad to say - I'm an end user
by jabbotts on Thu 19th Mar 2009 13:05 in reply to "RE[4]: Sad to say"
jabbotts Member since:

As a tech professional and an end user, I think things that benefit my computing experience are pretty important.

My grief with large software companies is not that they are successful but that they continue to make decisions in favor of the shareholders at the expense of the end user. A better balance between profits and product quality could be struck but that doesn't maximize shareholder equity payouts.

Apple has a vested interest in appearing invulnerable. It's BS marketing and company insecurity but the network stack bug that "didn't exist"... They braught in lawyers to silence the researchers that tried to report it. Then quietly a month later, a patch for the network stack and drivers apears in the osX Update utility. Microsoft also suffers from the idea that publicly announced bug counts are a discredit to marketing so it's more important to push blame on to third party developers rather than fix the OS flaw that the third party apps keep getting exploited through. Neither of these things benefits the end user.

As an end user, I want new features to benefit me rather than be purely to give the appearance of a new product we all have to upgrade too. As a technology professional, I want things that make my users computing life easier and safer. As a security professional specifically, I'd like nothing more than to work myself out of a job. My goal is to arrive at work and find out that there are no risks to mitigate or future risks to plan for because of end user education and product quality; luckily, I have many years of employment before that's likely to happen.

It's all about the end user; either myself or the people I support. (but yeah, it's sad that the end user is just a wallet to come of the biggest retailers)

Reply Parent Score: 5

RE[4]: Sad to say
by Soulbender on Thu 19th Mar 2009 11:50 in reply to "RE[3]: Sad to say"
Soulbender Member since:

This competition is just to sensationalise

On that we can agree. It even has an incredible lame name to prove it.

Reply Parent Score: 3