Linked by Thom Holwerda on Thu 19th Mar 2009 06:44 UTC, submitted by Moulinneuf
Privacy, Security, Encryption As he had already predicted, cracker Charlie Miller has won the PWN2OWN contest by cracking Safari and Mac OS X within seconds of the start of the competition. "It took a couple of seconds. They clicked on the link and I took control of the machine," Miller said after his accomplishment. He took home the USD 10000 prize, as well as the MacBook he performed the exploit on. Internet Explorer 8 fell a while later by cracker Nils, who also cracked Safari and Firefox after being done with IE8.
Thread beginning with comment 353862
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Sad to say
by werpu on Thu 19th Mar 2009 09:19 UTC in reply to "Sad to say"
Member since:

I'm not surprised that it has happened; Apple hasn't seemed to learn a single thing; they introduce garbage collection with Objective-C and yet none of the components of Mac OS X use it, they introduce ASRL and again very few components use it.

You forgot one thing, the components of osx are way older than the GC in objective C they are proven well running code. So why change them just to get a speed hit introduced by GC...
GC does not do a single thing to improve security btw... it makes programs only more stable to some degree by taking over the memory freeing.
The biggest thing to add security is to add strings which have clear boundaries to a language. One of the reasons why C based programs are so inherently insecure are their handling of strings as glorified pointers. Sure there are routines for string copying which prevent the buffer oferflow issues introduced by such data structures, but languages like pascal, modula and others didnt have them in the first place...
GC does not help there either. Dont get me wrong I am a huge fan of GC I use it from day to day base and have been using it for more than a decade, but blaming Apple for not moving old legacy code over to new GC at a time the legacy code is stable and runs will is idiotic!

Reply Parent Score: 3