• [^] # Re: Php ? Vraiment ?

    Posté par . En réponse à la dépêche Version finale des plugins de PhpCompta. Évalué à -7.

    http://www.oneitsecurity.it/01/03/2010/interview-with-charlie-miller-pwn2own/

    Windows 7 or Snow Leopard, which of these two commercial OS will be harder to hack and why?

    Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default). Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows.
    

    In Pwn2Own 2010 there is still no trace of Linux as possible target. Is it too harder to find exploits for Linux or a non commercial operating system has no interest for exploit hunters?

    No, Linux is no harder, in fact probably easier, although some of this is dependent on the particular flavor of Linux you’re talking about. The organizers don’t choose to use Linux because not that many people use it on the desktop. The other thing is, the vulnerabilities are in the browsers, and mostly, the same browsers that run on Linux, run on Windows.
    

    ...

    In your opinion, which is the safer combination OS+browser to use?

    That’s a good question. Chrome or IE8 on Windows 7 with no Flash installed. There probably isn’t enough difference between the browsers to get worked up about. The main thing is not to install Flash!