funsec mailing list archives

Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs

From: Joel Esler <joel.esler () me com>
Date: Sat, 27 Mar 2010 08:19:30 -0400

Apple does too.  Ever read the security vulnerabilities for the "Credit" line?  Look how many say "Apple".  A bunch.

Perhaps they just aren't looking the same places as Charlie.  That's all.  You know, they only have access to the 
multiple millions lines of code they maintain for all their products...

J

On Mar 27, 2010, at 7:58 AM, Larry Seltzer wrote:

I wrote about this myself a little while ago:
http://blogs.pcmag.com/securitywatch/2009/12/does_microsoft_look_for_vul
ner.php

Microsoft puts a lot of effort into security research for products under
development. But once the product ships they stop looking. Alex Sotirov
pointed out that Microsoft's customers, by paying iDefense and
TippingPoint and the like, end up paying for research Microsoft should
be doing. Perhaps Microsoft is also a customer of these companies, I
don't know. 

LJS

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org]
On Behalf Of Juha-Matti Laurio
Sent: Saturday, March 27, 2010 7:24 AM
To: funsec () linuxbox org
Subject: [funsec] Miller, Pwn2Own's winner tells Apple, Microsoft to
find their own bugs

http://www.computerworld.com/s/article/9174120/Pwn2Own_winner_tells_Appl
e_Microsoft_to_find_their_own_bugs

"The only researcher to "three-peat" at the Pwn2Own hacking contest said
today that security is
such a "broken record" that he won't hand over 20 vulnerabilities he's
found in Apple's,
Adobe's and Microsoft's software.

Instead Charlie Miller will show the vendors how to find the bugs
themselves.

Miller, who yesterday exploited Safari on a MacBook Pro notebook running
Snow Leopard to win $10,000 in the hacking challenge,
said he's tired of the lack of progress in security. "We find a bug,
they patch it," said Miller.
"We find another bug, they patch it. That doesn't improve the security
of the product."

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


--
Joel Esler
http://blog.joelesler.net


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Juha-Matti Laurio (Mar 27)
- Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 27)
  - Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Joel Esler (Mar 27)
    - Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 27)
    - Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Joel Esler (Mar 27)
    - Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Charles Miller (Mar 27)
    - Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Joel Esler (Mar 27)
    - Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs Larry Seltzer (Mar 27)
  - Re: Miller, Pwn2Own's winner tells Apple, Microsoft to find their own bugs disco jonny (Mar 28)