Pwn2Own 2009 Winner Charlie Miller Interviewed

crazipper writes "Tom's Hardware interviewed Charlie Miller, winner of this year's Pwn2Own contest and formerly with the NSA. He discusses the effort it took before the contest to be able to take down a MacBook within seconds, sandboxing, and the effectiveness of the NX bit and ASLR. His outlook on end-users protecting themselves against attacks? 'Users are at the mercy of the products they buy.'"

EULA

[Anonymous Coward]

EULA, ever read it?

"[SomeStupidSoftwareCompany] is not responsible for any damages caused by the use/misuse of this software."

From Mozilla's EULA:

4. DISCLAIMER OF WARRANTY. THE PRODUCT IS PROVIDED "AS IS" WITH ALL FAULTS. TO THE EXTENT PERMITTED BY LAW, MOZILLA AND MOZILLA'S DISTRIBUTORS, LICENSORS HEREBY DISCLAIM ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION WARRANTIES THAT THE PRODUCT IS FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE AND NON-INFRINGING. YOU BEAR ENTIRE RISK AS TO SELECTING THE PRODUCT FOR YOUR PURPOSES AND AS TO THE QUALITY AND PERFORMANCE OF THE PRODUCT. THIS LIMITATION WILL APPLY NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF IMPLIED WARRANTIES, SO THIS DISCLAIMER MAY NOT APPLY TO YOU.

5. LIMITATION OF LIABILITY. EXCEPT AS REQUIRED BY LAW, MOZILLA AND ITS DISTRIBUTORS, DIRECTORS, LICENSORS, CONTRIBUTORS AND AGENTS (COLLECTIVELY, THE "MOZILLA GROUP") WILL NOT BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES ARISING OUT OF OR IN ANY WAY RELATING TO THIS AGREEMENT OR THE USE OF OR INABILITY TO USE THE PRODUCT, INCLUDING WITHOUT LIMITATION DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, LOST PROFITS, LOSS OF DATA, AND COMPUTER FAILURE OR MALFUNCTION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND REGARDLESS OF THE THEORY (CONTRACT, TORT OR OTHERWISE) UPON WHICH SUCH CLAIM IS BASED. THE MOZILLA GROUP'S COLLECTIVE LIABILITY UNDER THIS AGREEMENT WILL NOT EXCEED THE GREATER OF $500 (FIVE HUNDRED DOLLARS) AND THE FEES PAID BY YOU UNDER THIS LICENSE (IF ANY). SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF INCIDENTAL, CONSEQUENTIAL OR SPECIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT APPLY TO YOU.

So maybe you can get $500 from Mozilla of something goes wrong?

Re:pwnd & ownD

[moderatorrater]

It's true. Not only that, but the interviewer ended up with the majority of the words on the screen anyway. I don't know why the interviewer felt the need to talk so much, but I would have much preferred if the questions were shorter and the answers longer.

Re:He was sitting on the winning weakness

[nicolas.kassis]

yeah it's a little sad that these guys are hoarding this info for so long just to win a stupid contest. And he only had to use one of these exploits. What else is he's hoarding for next year? Just saying that that might be of interest to someone with time to get his macbook ya know ;p he does carry around to many countries.

Re:How can you not love this guy?

[Concerned Onlooker]

I'm beginning to think this "Mac zealot" business is a figment of overly sensitive Windows users imaginations. I work at a place where around 40-50% of the employees choose to use a Mac. The only derisive comments I EVER hear are little snipes aimed at Macs by the Windows crowd. "The page isn't loading? Is it because you're using a Mac?" "You just can't get any work done on a Mac." And yet the Windows crowd loves to complain about Microsoft. I think Microsoft owes their success to the Stockholm syndrome.