Slashdot Mirror
Pwn2Own 2009 Winner Charlie Miller Interviewed
crazipper writes "Tom's Hardware interviewed Charlie Miller, winner of this year's Pwn2Own contest and formerly with the NSA. He discusses the effort it took before the contest to be able to take down a MacBook within seconds, sandboxing, and the effectiveness of the NX bit and ASLR. His outlook on end-users protecting themselves against attacks? 'Users are at the mercy of the products they buy.'"
The difference it makes is that with OSS more people can sneak in malicious code without jeopardizing their careers. I always avoid unstable releases and especially nightlies.. but for stable releases "somebody" is reading through everything in the source tarball, right?
The kernel is always safe though of course due to extremely high profile.
And the sheer amount of users who are trained to click OK at every dialog.
Which is half of the reason why UAC is, on the whole, a failure.
(The other half being that certain actions have too multiple prompts)
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Charlie: I'll leave Linux out of the equation since I know my grandma couldn't run it. Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.
Pity that question wasn't earlier, I wouldn't of had to waste my time reading TFA. Nothing he said was particularly surprising and most of it had a fairly obvious bias.
# cat
Damn, my RAM is full of cats. MEOW!!