03-20-2009, 01:07 PM
Totally agree. But I also think that exploits that rely on social engineering are essentially harmless with a minimum of user education. When Miller hacks a legitimate popular website that makes Macs vulnerable I'll worry. Not saying it can't or won't be done, but until it is... I just don't consider this something for users to get freaked out about.
He found a problem, it gets reported and sent to Apple. Yay. I feel no less comfortable using Safari on my Macs today. What does make me feel better is his buddy Dino, who's a Mac user who find vulnerabilities in his spare time and donates his work to Apple, who he says is responsive and gives him attribution. Miller on the other hand has only reported 2 --- two --- Safari vulnerabilities in 2 years because he gives nothing away and waits for the contest to sell his work. To each his own, but I take issue when I hear about guys like Miller who try to come off as doing security work for some greater good. His low productivity speaks for itself.
He found a problem, it gets reported and sent to Apple. Yay. I feel no less comfortable using Safari on my Macs today. What does make me feel better is his buddy Dino, who's a Mac user who find vulnerabilities in his spare time and donates his work to Apple, who he says is responsive and gives him attribution. Miller on the other hand has only reported 2 --- two --- Safari vulnerabilities in 2 years because he gives nothing away and waits for the contest to sell his work. To each his own, but I take issue when I hear about guys like Miller who try to come off as doing security work for some greater good. His low productivity speaks for itself.