{"id":749,"date":"2009-03-23T13:52:17","date_gmt":"2009-03-23T12:52:17","guid":{"rendered":"http:\/\/blog.intego.com\/?p=749"},"modified":"2009-03-23T13:52:17","modified_gmt":"2009-03-23T12:52:17","slug":"interview-with-mac-hacker-charlie-miller","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/interview-with-mac-hacker-charlie-miller\/","title":{"rendered":"Interview with Mac Hacker Charlie Miller"},"content":{"rendered":"

Charlie Miller, the security researcher who recently hacked a Mac in ten seconds<\/a> (using an exploit he had developed over a period of several months prior to the hacking contest), answered some questions<\/a> from ZDNet’s Ryan Naraine. Miller explained a bit about how he works, about this type of hacking contest, and whether he has told Apple about the bug he exploited to win the contest. One comment to note:<\/p>\n

I never give up free bugs. I have a new campaign. It\u2019s called NO MORE FREE BUGS. Vulnerabilities have a market value so it makes no sense to work hard to find a bug, write an exploit and then give it away.\u00a0 Apple pays people to do the same job so we know there\u2019s value to this work. No more free bugs.\n<\/p><\/blockquote>\n

He discusses the “value” of bugs – ie, how much they can be sold for (but doesn’t say to whom he sells them), and claims that Apple’s Safari is quite easy to hack. As for why Google’s Chrome browser wasn’t hacked, Miller said:<\/p>\n

I didn\u2019t think anyone would get go after Chrome, IE or Firefox.\u00a0 It\u2019s all economics. It\u2019s only hard or easy compared to what someone would pay.\u00a0 If Pwn2Own offered $1 million per bug for Chrome, there would be a line of people here looking to bankrupt them.<\/p><\/blockquote>\n

Food for thought…<\/p>\n","protected":false},"excerpt":{"rendered":"

Charlie Miller, the security researcher who recently hacked a Mac in ten seconds (using an exploit he had developed over a period of several months prior to the hacking contest), answered some questions from ZDNet’s Ryan Naraine. Miller explained a bit about how he works, about this type of hacking contest, and whether he has […]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[7,13,11],"tags":[],"yoast_head":"\n\n\n\n\n\n\n\n\n\n\n\n\n\t\n\t\n\t\n