With the Pwn2Own hacking contest<http://dvlabs.tippingpoint.com/blog/2010/02/15/pwn2own-2010>coming up at Vancouver's CanSecWest security conference later this month, Italian computer security blog OneITSecurity took some time to interview Charlie Miller<http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/>. Miller, in case you're not familiar, is a security expert who has won Pwn2Own two years running by hacking Apple's Safari browser with incredible speed. Safari isn't the only target -- this year, all major browsers and a selection of mobile operating systems will serve as Pwn2Own challenges - but it's fair to say that Miller knows a thing or two about keeping your browser secure.
Here are the highlights from Miller's interview: He thinks Windows 7 <http://www.downloadsquad.com/tag/Windows7/> will prove more secure than OS X Snow Leopard this year, in part because it doesn't have Java and Flash enabled by default. Windows' full ASLR (address space layout randomization) also gives it a security advantage. When asked what he thought would make the safest OS and browser combo, he opted for Chrome <http://www.downloadsquad.com/tag/Chrome/> or IE8 on Windows 7, with no Flash <http://www.downloadsquad.com/tag/Flash/>installed, although "there probably isn't enough difference between the browsers to get worked up about." For my money, the juiciest quote from the interview was "*The main thing is not to install Flash!*" On the mobile side, Miller guessed that the iPhone<http://www.downloadsquad.com/tag/iPhone/>3GS would be more easily exploitable than the Motorola Droid, mainly because the iPhone's been around longer, and has been subjected to more extensive security research. You can check out Miller's full answers (in English or Italian!) at OneITSecurity<http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/> . details http://www.downloadsquad.com/2010/03/02/reigning-pwn2own-champion-the-main-thing-is-not-to-install-fla/ Marcos Costa Feliciano - marcos.costa.felici...@gmail.com Adobe Flash Media Server Especialist Adobe Flash Media Server Certified -- Você recebeu esta mensagem porque está inscrito na lista "flexdev" Para enviar uma mensagem, envie um e-mail para flexdev@googlegroups.com Para sair da lista, envie um email em branco para flexdev-unsubscr...@googlegroups.com Mais opções estão disponíveis em http://groups.google.com/group/flexdev
