Pwn2Own Interview with Charlie Miller
March 2nd, 2010 admin
Topics:
Charlie Miller, the Pwn2Own contest winner for two years in a row, gives his take on Internet security. Guess what — your Mac OS is no less vulnerable than its Microsoft Windows counterpart. Windows 7 or Snow Leopard , which of these two commercial OS will be harder to hack and why? Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk…
Related Posts
At the FIRST conference last month, Dave Aitel said something to the effect that DEP and ASLR are the only two noteworthy technologies produced by Microsoft since starting their security initiative. Forgive me Dave if I messed that up, and feel free to respond! I thought that was interesting after reading the post DEP / ASLR Neglected in Popular...
An article from The Economist makes a point that I have been thinking about for a while: the modern technology makes life harder for spies, not easier. It used to be the technology favored spycraft — think James Bond gadgets — but more and more, technology favors spycatchers. The ubiquitous collection of personal data makes it harder to...
Microsoft just released a patch to address the License Logging Server Heap Overflow Vulnerability (CVE-2009-2523). This vulnerability affects the License Logging Service (LLS), a feature which according to Microsoft is “designed to help customers manage licenses for Microsoft server products that are licensed in the Server Client Access License...
This one on simple-talk.com….
Read More →
Space terrorism? Yes, space terrorism. This article, by someone at the European Space Policy Institute, hypes a terrorst threat I’ve never seen hyped before. The author waves a bunch of scare stories around, and then concludes that “the threat of ‘Space Terrorism’ is both real and latent,” then talks about countermeasures....
Microsoft recently announced it had withdrawn its MS10-025 security update when they found the update didn’t adequately address the underlying issue it was intended to fix. The update and subsequent withdrawal affects only Windows 2000 servers that have the optional Windows Media Service installed. A re-release of the patch is due sometime in...
I got to talk to a number of very interesting people while work with the FIRST conference.
Read More →
Randy George wrote a good article for InformationWeek titled The Dark Side of Data Loss Prevention . I thought he made several good points that are worth repeating and expanding. [T]here’s an ugly truth that DLP vendors don’t like to talk about: Managing DLP on a large scale can drag your staff under like a concrete block tied to their...
Kind of a dumb mistake: The USB drives in question encrypt the stored data via the practically uncrackable AES 256-bit hardware encryption system. Therefore, the main point of attack for accessing the plain text data stored on the drive is the password entry mechanism. When analysing the relevant Windows program, the SySS security experts found a...
Microsoft recently announced a new vulnerability in certain versions of its Internet Explorer web browser. If exploited, the vulnerability (CVE 2010-0249) can allow remote code execution. Announcement of this vulnerability follows on the heels of last week’s targeted zero-day attacks against a number of companies. Since we are talking about...
Related Tweets from Twitter
Related News from Digg
Leave a comment
| Trackback
