Friday, April 9, 2010

Charlie Miller on Pwn2Own, Mac Security, and Fuzzing

I recently interviewed Charlie Miller about Mac security for MacTech Magazine's podcast, MacTech Live. Charlie talked about fuzzing, a technique that can be used to find vulnerabilities in software. Using 5 lines of Python code, Charlie recently fuzzed PDFs for testing Adobe Reader and Apple Preview, and fuzzed PPTs for testing Microsoft PowerPoint and Impress, and found dozens of exploitable bugs (approximately 20 of which he was prepared to use at CanSecWest to remotely exploit Safari).

Charlie recently won the Mac prize at CanSecWest's Pwn2Own contest for the third year in a row by successfully executing a remote code exploit against Safari on a fully patched Mac.

Listen to or download the interview (19 minutes): MP3

If you enjoy the interview, you may also be interested in checking out:

For more from the JoshMeister on Security, please subscribe to the RSS feed or follow me on Twitter.

No comments:

Post a Comment

Comment moderation is enabled. (If you wish to contact Josh privately, you can leave a comment and ask that it not be published.)