Linked by Thom Holwerda on Thu 19th Mar 2009 06:44 UTC, submitted by Moulinneuf
Privacy, Security, Encryption As he had already predicted, cracker Charlie Miller has won the PWN2OWN contest by cracking Safari and Mac OS X within seconds of the start of the competition. "It took a couple of seconds. They clicked on the link and I took control of the machine," Miller said after his accomplishment. He took home the USD 10000 prize, as well as the MacBook he performed the exploit on. Internet Explorer 8 fell a while later by cracker Nils, who also cracked Safari and Firefox after being done with IE8.
Thread beginning with comment 353871
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Money
by kragil on Thu 19th Mar 2009 09:50 UTC in reply to "RE: Money"
kragil
Member since:
2006-01-04

I call BS.

I attended the chaos communication congress in berlin a few times and talked to people who exploit systems for a living and they say if you want to be really safe you have to use a system with little marketshare and with great security.

That is why in the real world you are way way more secure running a Linux distro with SELinux enabled throughout (like Fedora) or AppArmor, Smack etc. Or maybe even better OpenBSD (similar security, even less marketshare)

Edited 2009-03-19 09:51 UTC

Reply Parent Score: 1

RE[3]: Money
by sakeniwefu on Thu 19th Mar 2009 15:52 in reply to "RE[2]: Money"
sakeniwefu Member since:
2008-02-26


That is why in the real world you are way way more secure running a Linux distro with SELinux enabled throughout (like Fedora) or AppArmor, Smack etc. Or maybe even better OpenBSD (similar security, even less marketshare)


That is true(only marketshare has nothing to do with it as long as you don't use windows), but most people get carried away by benchmarks. OpenBSD won't ever compare favorably to Windows or vanilla Linux in benchmarks. And people want their games and browsers and videos at 3000 fps.

If you want your OS to be used, you cannot start putting canaries in your stack, making allocations with byte granularity and randomizing the positions of everything.

Linux has gotten a bit better lately, and there is SELinux(ahem), but I don't see a default Ubuntu installation ever including half of it.

As long as you can more or less follow an introduction to Hacking tutorial with your OS it means it is insecure as hell and you are just lucky of not having been targeted yet.

Reply Parent Score: 2