Commenti a: Pwn2Own 2010: interview with Charlie Miller

Di: Theresa Richardt

Theresa Richardt — Mon, 20 Jun 2011 09:36:41 +0000

Great post. I was checking constantly this blog and I am impressed! Very useful information specifically the last part I care for such information much. I was seeking this certain info for a very long time. Thank you and best of luck.

Di: Oh For F's Sake

Oh For F's Sake — Sat, 19 Mar 2011 01:19:47 +0000

ActiveX hasn’t been a problem since IE4. Let me guess? Wikipedia? Firefox Forums? Urban Dictionary?

Don’t even speak of secunia either, they have no system as to how “serious” an exploit is. If I see another “A malicious website can look like a banking site” security report labeled SERIOUS. Hell all their exploits involve you:
A) Being stupid enough to enter personal information on a redirected site.
B) Being stupid enough to visit “unsecure sites” (i.e. pornographic) and give out personal information.
C) Being stupid enough to disable security precautions (yes, one of their exploits involves using a low browser security. It never triggered for me [and I think they had a message asking me to lower security so it would work])
D) Being stupid.

So obviously microsoft won’t bother, I mean… if you’re dumb enough to disable web browser security and get “infected” with bonzo buddy… you obviously shouldn’t be using a computer.

In other words, IE doesn’t have security holes. IT HAS USERS. Firefox is secure ONLY because it makes it very difficult to disable security, while IE lets you do it in a few clicks.

Now IE still isn’t into the whole “browser customization” market, I do believe… so Opera, Firefox, Chrome, w/e… they all support customization (and native Ad Blocking ). Hence I use Opera… but IE really is just as secure… unlike what you kiddies seem to think.

Di: Ruvann

Ruvann — Sun, 13 Mar 2011 15:06:35 +0000

I don’t get the internet explorer recommendation. Serious flaws were the sole reason for attacks last year that made, if i recall correctly, the german government asking people not to use IE until those flaws were fixed.
It was definitely no secret. That’s just one of the incidents i have heard of concerning weak seacurity in IE.

I’m no pro or anything but from all the many reports, i believe IE to be the last resort.
The only thing IE is useful for is using it once to download another browser

Di: Jdashn

Jdashn — Tue, 08 Mar 2011 22:13:54 +0000

If linux security is a myth why does he not go for breaking linux/FF than OSX/Safari? Wouldnt it be worth the bragging rights seeing as how it’s not been done at Pwn2Own before?

Di: Andrea

Andrea — Fri, 04 Feb 2011 11:08:45 +0000

It’s funny to see that the myth of Linux security has become so entrenched that people would contradict even the best security hackers to keep the myth alive.

Linux is nothing special, get over it.

Di: dc

dc — Wed, 14 Jul 2010 16:23:47 +0000

First off, people don’t know what they are talking about. ActiveX is not a “scripting language”, it is a code container that allows to run browser extensions. I agree that it is very unsafe if you have some untested 3rd party ActiveX installed, but still please have your terms straight.

As for JScript and ActiveX going away or not being supported on a Windows platform, I doubt that it will happen in the near future. The reasons? There are too many web sites and companies that rely their whole livelihood on those. Example would be Adobe Flash itself, which runs as an ActiveX component.

As for IE not being as safe and secure as FF or Chrome for instance, I would agree with it. The reason being is not because MS wrote a bad code for it but because there are way too many hackers targeting Microsoft. It’s that plain and simple.

As for the advice in this article not to use Flash and JScript in your browsers, I think it’s like saying, if you don’t want to get hurt stay in your basement. As you can imagine, that is not possible in today’s world, so everything has to be done in moderation and people should be educated about what to do and what not to do on the web.

Have a safe browsing!

Di: Pit London

Pit London — Thu, 22 Apr 2010 22:14:27 +0000

I use opera and firefox on win xp and is work fast and stabill i never use any IE i just dont trast becouse i seen to many trap things.i use as well linux ,i dont like really what come wrom M$.
ps. this is strange what saying charli millere or this is to much comersiall…….dont know???

Di: Kamilion

Kamilion — Tue, 06 Apr 2010 06:56:25 +0000

Sorry to come in late on this — but there’s one big thing missing: Every copy of IE8 I’ve seen in the field is filled with TOOLBARS! Sometimes SIX OR MORE! All the users I talked to dutifully carried whatever the website told them to do… (I just got another user today insisting that “vista security 2010″ was legit… *sigh*)

Di: LS

LS — Fri, 26 Mar 2010 23:54:10 +0000

No hacking contest is complete without Linux involved.
I’m sure this guy is biased because his job depends heavily on working with commercial software. He doesn’t want to look any less skillful by admitting he can’t hack Linux. Software is much like politics.

Di: EchoBravo

EchoBravo — Fri, 26 Mar 2010 18:34:11 +0000

/*No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux you’re talking about. */

How about doing it on your own just for the bragging rights to be the first one do it Linux using Firefox. You already have the money. Talk is cheap. Make all those companies running servers and desktops be aware. Many governments and universities have switched to Linux desktop.