No. 1 Story
ACCC clears Optus to scrap HFC network and use NBN instead
The ACCC has cleared, provisionally, the proposed deal between Optus and NBN Co under which Optus is to be paid around $800m to shut down its HFC network and transfer customers onto the NBN. read more10-second PWN2OWN Safari crack based on a year-old bug
Stephen Withers
Monday, 23 March 2009 10:04
Page 1 of 5
Much has been made about the supposed speed with which a Mac running Safari was pwned in the PWN2OWN competition at last week's CanSecWest security conference. But it turns out that the crack was over a year in the making.As iTWire's Davey Winder pointed out, the apparent speed was neither here nor there. How long do you think it takes for an exploit delivered through a web page to do its stuff?
Nor was there any significance in the fact that Safari on Mac OS X was the first to fall. The order was determined by pulling entrants' names out of a hat. Miller was the first up, so it was only blind luck that stopped Internet Explorer and Windows from being the first to be pwned.
Firefox also went down in the first round of the competition.
But it's now come out that Miller discovered the Safari flaw that won him a MacBook and $5000 while he was preparing for last year's contest, which he also won.
Since there's only one major prize per platform, Miller kept the second bug up his sleeve.
"Last year, you could only win once so I saved the second bug," he told Kaspersky's Ryan Naraine. "Turns out, it was still there this year so I wrote another exploit and used it this year."
Is criticism of Miller justified? Please read on.
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
