Skip to main content

Reigning Pwn2Own champion: “The main thing is not to install Flash!”

With the Pwn2Own hacking contest coming up at Vancouver’s CanSecWest security conference later this month, Italian computer security blog OneITSecurity took some time to interview Charlie Miller. Miller, in case you’re not familiar, is a security expert who has won Pwn2Own two years running by hacking Apple’s Safari browser with incredible speed. Safari isn’t the only target — this year, all major browsers and a selection of mobile operating systems will serve as Pwn2Own challenges – but it’s fair to say that Miller knows a thing or two about keeping your browser secure.

Here are the highlights from Miller’s interview:

He thinks Windows 7 will prove more secure than OS X Snow Leopard this year, in part because it doesn’t have Java and Flash enabled by default. Windows’ full ASLR (address space layout randomization) also gives it a security advantage.

When asked what he thought would make the safest OS and browser combo, he opted for Chrome or IE8 on Windows 7, with no Flash installed, although ‘there probably isn’t enough difference between the browsers to get worked up about.’

For my money, the juiciest quote from the interview was ‘The main thing is not to install Flash!

On the mobile side, Miller guessed that the iPhone 3GS would be more easily exploitable than the Motorola Droid, mainly because the iPhone’s been around longer, and has been subjected to more extensive security research.

You can check out Miller’s full answers (in English or Italian!) at OneITSecurity.