[Infowarrior] - Pwn2Own winner tells Apple, Microsoft to find their own bugs
Richard Forno
rforno at infowarrior.org
Thu Mar 25 20:25:14 UTC 2010
Pwn2Own winner tells Apple, Microsoft to find their own bugs.
Charlie Miller won't hand over 20 flaws he found by fuzzing Mac OS,
Office, Adobe Reader
By Gregg Keizer
March 25, 2010
What really disappointed Miller was how easy it was to find these
bugs. "Maybe some will say I'm bragging about finding the bugs, that I
can kick ass, but I wasn't that smart. I did the trivial work and I
still found bugs."
He went into the project figuring that he wouldn't find any
vulnerabilities with the dumb fuzzer. "But I found bugs, lots of bugs.
That was both surprising and disappointing." And it also made him ask
why vendors like Microsoft, Apple and Adobe, which have teams of
security engineers and scores of machines running fuzzers looking for
flaws, hadn't found these bugs long ago.
One researcher with three computers shouldn't be able to do beat the
efforts of entire teams, Miller argued. "It doesn't mean that they
don't do [fuzzing], but that they don't do it very well."
http://www.computerworld.com/s/article/9174120/Pwn2Own_winner_tells_Apple_Microsoft_to_find_their_own_bugs?
More information about the Infowarrior
mailing list