The question still needs to be asked of Miller and the others who claim the Security by Obscurity canard: if 55 million OSX Macs and 110 million iOS devices aren't enough to attract malware authors to the platform, when malware writers were attracted to the 12,000 BlackIce protected Windows computers when they wrote the Witty Worm in 2006, just how many will it take??? When WILL the malware writers be attracted to the millions of Macs sitting out there running bare naked without anti-virus of any kind, sitting ducks, just waiting to be fleeced? When???
In addition, Apple has closed the vulnerabilities that Miller used in these contests. It was revealed, however, in the 2010 contest, that Miller's team discovered in their 2009 research a second flaw which they did not reveal to Apple for correction, apparently choosing instead to hold on to it for use in the following year's contest. Some say that was an unethical decision, that professionals have a duty to report such findings.
I think backdoors are left in these apps on purpose. Making a backdoor look like sloppy coding has become an art itself.
MS had to stop bulking up its systems so much because of competition from Apple and Linux. It would be nice if similar competition stopped the backdoors.
The worst backdoor is having USB keys automatically run executables. How can I ever trust a company that does these things?
I wont call FUD on this article because it's mostly accurate. Good read.
If you want on or off the Mac Ping List, Freepmail me.
Having just suffered a fatal virus crash on my PC, I am loathe to wish ill on anybody.
But it sure would be schadenfreude to see a “Wipe the smug grin off your face” virus shake up the Mac community.
Just sayin’.
In addition, Apple has closed the vulnerabilities that Miller used in these contests. It was revealed, however, in the 2010 contest, that Miller's team discovered in their 2009 research a second flaw which they did not reveal to Apple for correction, apparently choosing instead to hold on to it for use in the following year's contest. Some say that was an unethical decision, that professionals have a duty to report such findings.
They would be wrong based on the conditions of the challenge.
The market now exists, but compensation has been terrible.
From the linked article, printed last July:
"Google has paid out $14,846 for 21 reported vulnerabilities since January."
Calling that "chump change" is an insult to chumps. While Google and Mozilla have increased their payout to about $3000 per exploit, that is still very low.
I bet the black market in exploits is flourishing.