Best offers
- macbook pro ssd performance
- macbook pro ssd
- how big is 24 monitor
- pwn2own
- best ssd for macbook pro
- what is the best external hard drive to use with macbook
- better than macbook air
- ssd hard drive for macbook pro
- best monitor for a macbook pro
- best ssd drive for macbook pro
- ssd drive install macbook pro
- pwn2own mac
- should i upgrade my hard drive to ssd
- pwn2own charlie miller
- charlie miller toms hardware
Partners
The Games selection
adventure :
Ray
Adventure game, South Park style. Pick the way the story goes by picking an answer among those offered.
|
crazy :
Interactive Boogy
Pick one of the 3 songs, hit on the correct keys matching this boy's dance moves.
|
Sponsored links
- Email |
- Print |
- Comments (32) |
- Share
Alan: Does it make sense to store all of my personal data on a jump drive or SSD and plug-in/unplug the drive only when I need to access that data? Or is that just the action of paranoia with little benefit?
Charlie: Yea, you can do a lot of things like that if you’re really paranoid. I don’t think it’s worth the effort. If I exploit your browser and you don’t have your external drive plugged in, I can wait until you plug it in to steal your personal data.
Alan: You’ve won two Mac notebooks from Pwn2Own so far. Are you using either of those? What's the configuration of your primary system?
Charlie: I usually work on a pretty old MacBook that I've upgraded the hard drive on. Its been the computer that I had both times at Pwn2Own and its been in many countries with me like Korea, Japan, Australia, Malaysia, and of course, Canada. Hardware-wise, it’s pretty much stock--1.83 GHz Core Duo, 2 GB RAM. When I'm at home, I hook it up to a big 24" monitor. As for the winning notebooks, I only use my MacBook Air from last year when I’m doing a big fuzzing run or testing something. I don’t know what I’ll do with my new MacBook Pro, but I definitely won’t retire my trusty MacBook.
Alan: So, if you had to make a recommendation, Mac, PC, or Linux? Or do you find them to be equally (in)secure?
Charlie: I'll leave Linux out of the equation since I know my grandma couldn't run it. Between Mac and PC, I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.
Alan: Sure, the risk = threat x vulnerability x consequence concept. Macs have low threats but high vulnerability while Vista is the other way around. I recently switched to a Mac myself and wrote about it for Tom's Hardware (and had a lot of angry readers). Like you mentioned earlier, we want to support vendors with the most secure software, but it’s not easy to always figure out which software is the most secure and sometimes the real-world risk is lower with a vulnerable platform with fewer threats.
So for our readers, what are some tips for running a "secure" PC/Mac/Linux machine?
Charlie: For all OS's, make sure you keep your system up to date. That’s the best thing you can do. On a PC, I'd recommend running some AV software to help clean up when things go bad. Otherwise, just be smart, pay attention, and hope for the best. It is possible to really lock down your computer (running noscript for example) and make it safer, but in my opinion it’s not worth the trouble and the loss of functionality you experience.
Alan: Thank you for your time. One last question, who’s your pick for the NCAA tournament?
Charlie: I’m one of the few geeks who like sports. Even though it’ll never happen, I’ll go with my “local” team, Mizzou.
- 1 / 2
- Next
-
he was born to kill
Blah, sad he didn't give an estimate to linux security. He said it has some method of protection but didn't expand on that much...
As osx market share grows we'll see more exploits.
Interesting thing about sandboxing, it's mean chrome more safe than other browser? or i missing something here?
whats up mac
Chrome uses processes instead of threads. The difference is that the memory space for each process is different--better sandboxing.
.
Processes have increased headroom: they are making a copy of local variables and structures at the time of "forking".
Threads "fork off" as functional code and work with their own memory space... in a nutshell.
Sandboxing doesn't mean that Chrome is safer, it does mean that if sandboxing is implemented correctly Chrome CAN be safer. Security is so relative
Exactly, Chrome is currently safer than any other web browser on Windows Vista or Windows 7. We have an upcoming interview that talks a little bit more about this, but we haven't made plans on a dedicated article. Is that something people are interested in?
Exactly, Chrome is currently safer than any other web browser on Windows Vista or Windows 7. We have an upcoming interview that talks a little bit more about this, but we haven't made plans on a dedicated article. Is that something people are interested in?count me in A
Count me in. Come to think of it, I spend more time on my browser than any other piece of software (except the OS ofcourse) at any given day. primarily because I use it both at work for research and for play (ie reading articles here). Also, trend these days seem indicate it becoming more and more a target rather than the OS.
Would be extra nice if the level of detail would be like the articles you guys write when a new cpu architecture is discussed. =)
There is less ppl attacking Mac's because they aren't the mainstream. Hackers would rather try to infect as many ppl as possible thats why they target PC users.
If Apple does not allow cloning mac os may be safe for a long while, nobody likes to be tied to a single hardware vender. I really don't see how Apple could pull more that 15% to 18% market share without clones. JMO.
Good interview. Makes up for that Mac review.
count me in.
i've been using chrome since it came out.
though, in my usage, they haven't fixed the issue with auto-hide taskbar in vista.
Great read, nice article Alan!
What if I use a virtual machine? I could
1) copy it, open it, surf the web, close it, delete the copy.
2) copy it again, open it, use internet bank, close it, delete copy again.
Nice enough sandboxing?
It's a very nice article, indeed.
But please, stop using so many pages! It's a pain in the ass to keep clicking every 2 questions...and that was an small article, other have more than 10 pages, unnecessarily. I guess you people are trying to keep access numbers up, so you could sell more ads, but it's surely not user-friendly to have to load the same content over and over.
What if I use a virtual machine? I could
1) copy it, open it, surf the web, close it, delete copy.
2) copy again, open it, use internet banking, close it, delete copy again.
Nice enough sandboxing?
What if I use a virtual machine? I could1) copy it, open it, surf the web, close it, delete copy. 2) copy again, open it, use internet banking, close it, delete copy again.Nice enough sandboxing?
In that case, just mount a live linux CD image in the drive then use it. always clean, no need to del + copy.
Miller, page 4: "In neither case did I get root/admin access."
In other words, he actually didn't hack the Mac.
What in the world is this fraud? How can you say you 'pwned' a computer without root access?
God help us when Conficker becomes cross-platform
I wish there was more Charlie's voice in this interview. Now Alan did the most of the talking and Charlie basically had to say yes or no. At least in the most important topics.
Nice reading, but not perfect.
It's a little upsetting that he sidesteps the issue of linux on the grounds of granny's incompetence, does he expect granny to stay on top of vulnerabilities in all of her installed software on the windows or mac boxes, assuming she'd need more third party software sources on either of the other platforms than say ubuntu with it's repositories.