Slashdot Mirror

← Back to Stories (view on slashdot.org)

Pwn2Own 2009 Winner Charlie Miller Interviewed

Posted by samzenpus on from the chief-hacker dept.

crazipper writes "Tom's Hardware interviewed Charlie Miller, winner of this year's Pwn2Own contest and formerly with the NSA. He discusses the effort it took before the contest to be able to take down a MacBook within seconds, sandboxing, and the effectiveness of the NX bit and ASLR. His outlook on end-users protecting themselves against attacks? 'Users are at the mercy of the products they buy.'"

3 of 160 comments (clear)

  1. He was sitting on the winning weakness by iminplaya · · Score: 5, Insightful

    since last year.

    A quote from another interview:

    "Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away."

    Who know what other goodies they have in store. But the browsers and the phones were hardly touched. The contestants are holding out for something better.

    --
    What?
  2. Re:Users are at the mercy of the products they buy by supernova_hq · · Score: 5, Insightful

    The same reason you can't sue an alarm company when someone breaks into your house.

    If your data is

    • Important: back it up
    • Sensitive: encrypt it
    • Not yours to lose: get insurance (good for companies)
  3. Re:NX and ASLR by Sycraft-fu · · Score: 5, Insightful

    ASLR is just more defense in depth. Real security, physical or virtual, comes from having multiple layers. While it is a nice theory to say "Well just make sure X is secure and nothing will ever get past it," that doesn't work in reality. Shit happens, your border security can fail. Thus real security comes in multiple levels. Not all of them are as critical or as effective as others, but they all help.

    ASLR is just another level. If you find a flaw in some software connected to the network, you now have an additional problem in terms of getting code to execute. Is it insurmountable? No, but it is just more shit to get around.

    The more levels of security you have, the less likely someone is to break through all of it, especially before you notice they are trying. Have a border firewall, and host based firewalls. Run a virus scanner on every computer. Enable execute disable on systems. Operate as a deprivileged user whenever possible and so on. The more you do, the more things there are to trip up an attacker. Don't say "Well we don't need this because we have this other thing."

    I see that most common with firewalls. People will have a network firewall and thus assume that host based firewalls aren't worth the trouble. Well, they are. What if something gets by the network firewall? Just because it isn't supposed to doesn't mean it won't happen. Maybe someone brings in an owned laptop, maybe there's a flaw in the firewall, maybe yo just set it up wrong. Whatever, point is have multiple security layers. Make it so that just because you got by the network firewall, doesn't mean you are in.

    So while I certainly wouldn't want to see a company rely on ASLR, as in say "No we don't need to fix that app bug, they can't exploit it since we randomize addresses," I do like it as another layer of defense. Not a magic bullet, but just that much harder to get in.