Behind Pwn2Own: Exclusive Interview With Charlie Miller

[Guest]

You’ve probably seen the headlines: “Pwn2Own 2008: MacBook Air hacked in 2 minutes” or “Pwn2Own 2009: Safari/MacBook falls in seconds.” But there’s a story behind every headline and who better to get it from than Charlie Miller, the man behind the buzz.

Behind Pwn2Own: Exclusive Interview With Charlie Miller : Read more

 

[crisisavatar]

he was born to kill

 

[Niva]

Blah, sad he didn't give an estimate to linux security. He said it has some method of protection but didn't expand on that much...

As osx market share grows we'll see more exploits.

 

[Silluete]

Interesting thing about sandboxing, it's mean chrome more safe than other browser? or i missing something here?

 

[lire210]

whats up mac

 

[pcfxer]

Chrome uses processes instead of threads. The difference is that the memory space for each process is different--better sandboxing.

Processes have increased headroom: they are making a copy of local variables and structures at the time of "forking".

Threads "fork off" as functional code and work with their own memory space... in a nutshell.

Sandboxing doesn't mean that Chrome is safer, it does mean that if sandboxing is implemented correctly Chrome CAN be safer. Security is so relative 😉.

 

[AlanDang]

Exactly, Chrome is currently safer than any other web browser on Windows Vista or Windows 7. We have an upcoming interview that talks a little bit more about this, but we haven't made plans on a dedicated article. Is that something people are interested in?

 

[echdskech]

[citation][nom]AlanDang[/nom]Exactly, Chrome is currently safer than any other web browser on Windows Vista or Windows 7. We have an upcoming interview that talks a little bit more about this, but we haven't made plans on a dedicated article. Is that something people are interested in?count me in A[/citation]

Count me in. Come to think of it, I spend more time on my browser than any other piece of software (except the OS ofcourse) at any given day. primarily because I use it both at work for research and for play (ie reading articles here). Also, trend these days seem indicate it becoming more and more a target rather than the OS.

Would be extra nice if the level of detail would be like the articles you guys write when a new cpu architecture is discussed. =)

 

[anthony lackey]

There is less ppl attacking Mac's because they aren't the mainstream. Hackers would rather try to infect as many ppl as possible thats why they target PC users.

 

[Guest]

If Apple does not allow cloning mac os may be safe for a long while, nobody likes to be tied to a single hardware vender. I really don't see how Apple could pull more that 15% to 18% market share without clones. JMO.

 

[dedhorse]

Good interview. Makes up for that Mac review.

 

[zodiacfml]

count me in. i've been using chrome since it came out.
though, in my usage, they haven't fixed the issue with auto-hide taskbar in vista.

 

[eddieroolz]

Great read, nice article Alan!

 

[4c1dr41n1]

What if I use a virtual machine? I could

1) copy it, open it, surf the web, close it, delete the copy.
2) copy it again, open it, use internet bank, close it, delete copy again.

Nice enough sandboxing?

 

[Herbert_HA]

It's a very nice article, indeed.

But please, stop using so many pages! It's a pain in the ass to keep clicking every 2 questions...and that was an small article, other have more than 10 pages, unnecessarily. I guess you people are trying to keep access numbers up, so you could sell more ads, but it's surely not user-friendly to have to load the same content over and over.

 

[4c1dr41n4]

What if I use a virtual machine? I could

1) copy it, open it, surf the web, close it, delete copy.
2) copy again, open it, use internet banking, close it, delete copy again.

Nice enough sandboxing?

 

[nukemaster]

[citation][nom]4c1dr41n4[/nom]What if I use a virtual machine? I could1) copy it, open it, surf the web, close it, delete copy. 2) copy again, open it, use internet banking, close it, delete copy again.Nice enough sandboxing?[/citation]
In that case, just mount a live linux CD image in the drive then use it. always clean, no need to del + copy.

 

[Guest]

Miller, page 4: "In neither case did I get root/admin access."

In other words, he actually didn't hack the Mac.

What in the world is this fraud? How can you say you 'pwned' a computer without root access?

 

[TheFuzzball]

God help us when Conficker becomes cross-platform 😀

 

[Guest]

I wish there was more Charlie's voice in this interview. Now Alan did the most of the talking and Charlie basically had to say yes or no. At least in the most important topics.

Nice reading, but not perfect.

 

[Guest]

It's a little upsetting that he sidesteps the issue of linux on the grounds of granny's incompetence, does he expect granny to stay on top of vulnerabilities in all of her installed software on the windows or mac boxes, assuming she'd need more third party software sources on either of the other platforms than say ubuntu with it's repositories.

 

[yang]

the thing with mac is nobody actually feel like its worth the time of hacking the system. I mean what large companies out there do you actually see that use mac to store their security files? In the end, it all comes down to which would benefit the most to a hacker. hacking a PC or a mac

 

[Spathi]

Linux, OpenBSD, Debian and Debian derivatives like Ubuntu all have nasty bugs... like packets and memory not being zeroed... So you could have data traveling off your computer on the ends of packets that does not belong to the packet... and that data could be personal or can be used to crack encrypted packets. To make Linux secure enough you really have to know what you are doing and compile it yourself... too much work for granny

Linux also puts a 'do not fragment bit' on some fragmented packets... which is a cause of some packet loss problems on the internet as OpenBSD drops them. Many routers have some form of Linux and many companies have an OpenBSD based firewall. Maybe it is fixed, but I doubt it.

 

[Guest]

This is a total joke, as is pwn2own, they totally ignored Opera, which has a unbeatable track record on secuirty, and also has NX and ASLR in it's latest release (9.64).

I can only assume it was "too secure" for their testing...

 

[kdick]

The comment about his Grandma couldn't run Linux either was a very poor joke or really, really ignorant. His Grandma could run most modern Linux distributions just as well as she could run a Windows or Mac installation.

Granted, she might have a devil of a time configuring a Linux installation, but that ought to be distinguished from *running* the installation. I've seen numerous accounts of people setting up a computer running Linux for their parent or grandparent after years of being constantly hassled by the parent or grandparent to keep fixing their Windows box. In all the accounts I've seen, the parent or grandparent then went on to use Linux happily and had no further trouble requiring frequent offspring technical support.

Using Linux isn't difficult. Currently, you sometimes run into hard problems setting up a Linux system. But once it is set up, it requires much less support, and is just as easy to use in day to day work as any other system.