Apple fanbois, you better buckle up, cause when the anti-Apple crew gets a hold of this little titbit from Charlie Miller, they might mock your choice of being a Mac user just a little bit.
Italian IT Security site, oneITsecurity, published an interview with Charlie Miller, two-year contest champion at Pwn2Own where the deal is to find exploitable bugs in browsers, mobile devices etc. Charlie is one of the most famous bug hunters and security experts in the world.
When asked which operating system he finds it harder to hack, Windows 7 or Snow Leopard, he says:
Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows.
So what does Charlie believe is the safest combination of operating systems and browsers? He says:
That’s a good question. Chrome or IE8 on Windows 7 with no Flash installed. There probably isn’t enough difference between the browsers to get worked up about. The main thing is not to install Flash!
I see a pattern here. It seems Charlie doesn’t think Flash is very secure… he doesn’t say anything about Flash being old technology though, that’s Steve Jobs’ job, I guess.
Take a trip over to oneITsecurity and read the complete interview.
The next Pwn2Own contest/conference is held in Vancouver on March 24st and last for three days.