So here we go…
The likes of ‘Pwn to own’ is a vital tool in the arsenal of the computer bug-fighting community, boldly going into the fray, fighting those bugs so you don’t have to. Bringing to light otherwise unknown security issues into the viewpoint of the public, and using their carefully honed skills to keep your computing life safe.
For the good of the community.
Not for any other reason.
Not so they can stub (another) lit cigarette out in our eyes, maybe.
No, definitely for the good of the community.
OK, back to reality. As you can see I’m not at all enamoured by this stunt. But before you (quite rightly) state that I am a Mac fanboy, let me just put across what I’m on about.
Yes Safari has a bug, quite a serious one and one that needs addressing. A carefully crafted website can give, once visited, root access. This is a biggie, a serious one and I’m in no doubt that Apple is currently fixing this ASAP.
However the bug isn’t the issue here. What is the issue is the way in which this bug has been demonstrated and ‘launched’ into the public arena.
This whole exercise is not about safeguarding the computing public, this is about sad Windows users getting maximum exposure for a bug they have discovered in Safari.
The whole ‘pwn to own’ is a packaging exercise, a PR stunt, to get the largest exposure possible for the discovery of a flaw in Safari’s webkit, I work in marketing and PR, and I know a PR stunt packaged as ‘reality’ when I see one.
Think about it.
1) The MacBook Air. Why the MacBook Air? Why not a Mac Mini?, or an iMac? Because it’s Apple’s flagship product, they’ve pumped millions into its advertising, so any flaw discovered would taint Apple’s top product – and give maximum exposure to the ‘event’.
2) Hacked in 2 minutes? Right. I think you mean 2 weeks and 2 minutes. The website they visited to take advantage of the flaw had been previously created by them. It took them 2 weeks to figure it out.
So a competition was set up just at the same time as they just happened to have finished constructing a website that demonstrated the flaw?
No, what happened was that they discovered the flaw, and were about to announce it when it occurred to them that simply just announcing the flaw wouldn’t be enough.
It’s been done before and it’s old news. Everyone would simply say, “A flaw? Oh, right a bad one. Hmm that’s not very good. But I expect Apple will fix it soon. Next news item please…”
So they held onto their discovery until a suitable PR event occurred, or maybe (and more controversially), a phony competition was packaged around the bug, for maximum media exposure.
Either way, they got that exposure, well done everyone.
When you look at this whole incident from this viewpoint, you have to ask yourself, Windows users are seriously in need of some therapy.
Oh, and the excuse that they won the MacBook Air and are Apple users? Of course they are, how else do you expect they know so much about hacking a Mac?