Safari hacker talks security

An interview with Charlie Miller, the security researcher who won the PWN2OWN hacking competition

We recently discussed the PWN2OWN competition at this year's CanSecWest security contest, but if you're looking to really dig deep into matters of security, you'll want to check out this interview over at Tom's Hardware with contest winner Charlie Miller.

Miller -- a former NSA employee -- is the security researcher who exploited a bug in Safari within a matter of moments (for the second year in a row), but as he points out in the interview, this belies all the time he spent researching and testing in the months beforehand.

[ Related: "How secure is Safari?" | Also check out the Test Center's complete guide to browser security. | Discover the key Mac and Apple tech trends for business users. Read InfoWorld's Enterprise Mac blog and newsletter. ]

It only looks Hollywood because you don't see the hard work in the preparation. If you set me down in front of an application I've never seen before and told me I have 2 minutes to hack it, as is often the case in movies, I'd have no more luck than your grandma at accomplishing it. Well, maybe a little more of a chance, but not much!

It's a fascinating read for anybody who's interested in security. Miller also spends some time talking about what platform he'd recommend, and makes the excellent distinction between safety and security when it comes to your computing environment (for example, Miller says Macs are less secure -- there are more vulnerabilities to exploit -- but safer, because there are fewer actual exploits).

For those who were curious about the eventual fallout of the PWN2OWN competition, there's a wrap-up over on Tipping Point's site. In the end, Google's Chrome was the only browser to remain unhacked (an apparent testament to its sandboxing architecture) and none of the mobile platforms, including the iPhone, were successfully compromised.

Macworld is an InfoWorld affiliate.

This story, "Safari hacker talks security" was originally published by Macworld.