A few days before the CanSecWest security conference, an Italian web site, oneitsecurity, interviews Charlie Miller, Mac security expert, and former winner of the Pwn2Own hacking contest (and this year’s favorite). Miller is well known for having hacked Apple’s Safari browser in this contest, two years in a row. Discussing this year’s contest, he doesn’t seem as confident about breaking through Safari’s defenses:
Everything is my target at this point. I’d love to hack one of the mobile devices, but will probably end up on Safari again. I was the first to hack the iPhone and an Android device in the past, so I am comfortable with those two platforms, but its harder to exploit them. This year only one person can win per target, so my biggest obstacle will be making sure nobody beats me to the punch.
When asked which OS and browser combination is safest, Miller replied, “There probably isn’t enough difference between the browsers to get worked up about. The main thing is not to install Flash!” Flash has been strongly criticized of late for its security weaknesses, and Adobe has been slow to fix them.
Read the rest of the article for more about Miller’s hacking tools, and the different platforms he discusses.
