Hacker educating Microsoft and Apple

The three time repeat hacking contest winner;Charlie Miller, of the annual Pwn2own contest is tired of the way that computer industry companies tries to fix it flaws and bugs. That is why he won't tell Microsoft, Apple and Adobe about the 20 flaws and vulnerabilities it has in its software. Instead he will show and teach them how to find the bugs themselves. He recently just won $10,000 in the hacking challenge and has been the winner the past 3 years.

He states that he wants change and says that he is tired of the lack of progress in software security. He talks about companies making patches here and there,which makes the software perform better but its doesn't improve the security of the product. Miller finds the mistakes of the software by using what is called a "dumb fuzzer", a tool that automatically looks for flaws in software by inserting data to see where the program fails. Miller found vulnerabilities in Apples Mac OS 10.6 and safari browser, Microsoft's PowerPoint presentation maker and in Adobe's PDF viewer and Reader.

PC World Article

Miller demonstrated how he came to finding the bugs in front of Microsoft,Apple and other vendors in hopes that the companies would listen and improve of their security standards. He knows he might seem like a bad guy in some peoples eyes but he wants them to take initiative and do more fuzzing to improve on security. Maybe this the way to put the pressure on companies to do so.

No Plug in Required

There is a new video player out for the web. HTML 5 is now available on Vimeo and YouTube. It allows you to view a video with out any plug in being installed on your computer. It is currently still in beta testing and is only compatible with a couple browsers at this point. Those browsers are Chrome, ChromeFrame on Internet Explorer and Safari at this point.

It appears that not every one on the net is happy about this development. Vimeo spokesperson Brad Daugherty said "Almost every thread on the Internet about HTML 5 devolves into some kind of flamewar. Please don't comment here extolling the virtues of open source or unencumbered codecs,". Deborah Szajngarten, director of Marketing and Communications at Vimeo points out this is only a test at this time and their goal was to provide the video community with the best tools out there.

So what are the other reasons that are railing against this change. I mean how could a User-Friendly plug in free player be a bad thing. If you are Adobe or Microsoft, you would be thinking other wise. Videos are big business. Both companies want to keep their footholds in this business via their propriety platform.


The article writer thinks that by the end of the year there will be more devices like the IPhone that doesn't support flash will be introduced to the game and the war will be on.

Most Hacked Software

Forbes magazine recently posted an article about the year's most hacked software. Believe it or not it was not Microsoft, but Adobe. According to iDefense, 45 bugs were found in Adobe reader software this year opposed to only 14 last year. Most of the more common Microsoft programs dropped in number of bugs found. Experts believe that one of the things that make Adobe a good candidate for hackers is because of the large number of users who have Adobe reader. They also explain that the complex code causes the potential of having a high risk of flaws.



Adobe is aware of these problems with their software being targeting so they have recently decided to require a quarterly patching cycle, an idea taken from Microsoft. Adobe has decided to take a more proactive approach to finding and fixing bugs.

Some of the other companies that made the most hacked software list were Internet Explorer, Firefox, Adobe Flash, Apple Quicktime, Microsoft Office, and Windows. Cybersecurity research frim Qualys was one of the companies that Forbes used to do find out the most vulnerable software and their chief technology officer, Wolfgang Kandek, states that "wormable" quality to Windows bugs means they remain his top priority.

Some people believe that if they are only using trusted software that they will not be vulnerable to many of the bug you read about in the news, but really it is the most common software that we use that causes the hackers to be able to get into our system.