Security & Privacy

Infosec Island has published an interview with Charlie Miller, well-known Mac security specialist, who, for the third time in a row, hacked an Apple device at the Pwn2Own contest. Miller discusses Mac OS X and iOS security issues, and gives some insight into some of the new security standards that Apple has been adopting.

While the article is heavy on acronyms (DEP, ASLR, ROP), Miller points out how some security features, such as ASLR (address space layout randomization) can make the work of hackers and malware writers much more complicated.

Regarding the Pwn2Own contest, which some may see as simply a stunt, Miller says:

I really like the concept of Pwn2Own. It gives researchers a chance to demonstrate their skills and make some money. Since all the bugs are reported, it also gets patches produced which reduce the number of bugs in the products we all use. I really think it’s a win-win for everyone.