Security research specialist Charlie Miller isn’t planning on sharing the exploits he found in Apple’s Safari Web browser to hack a MacBook in the CanSecWest Pwn2Own contest. Instead, he plans to share his techniques with the company so they can improve product security, according to ZDNet.
Mr. Miller used a technique called “fuzzing” to look for potential flaws in applications ahead of the event and uncovered several in Safari along with some in Adobe and Microsoft applications. “I’m one guy working out of my house. I shouldn’t be able to find bugs like these, ever,” he said.
Instead of turning over his exploits to the companies, however, Mr. Miller plans to show them how they can uncover the same flaws.
The companies, and end users, won’t have to worry about Mr. Miller’s work falling into the wrong hands. He doesn’t plan to release the information to the public, and TippingPoint Zero Day Initiative will handle getting the data to Apple, Adobe and Microsoft.
1 Comments
Sounds like the ‘company’ should be eagerly hiring him (or anyone) as a part-time ‘hacking’ consultant. If the man can produce proof of the flaws in the program’s security, pay him. If not, throw the bum out. Am I missing something here?
Add your comment