It's for reasons we've heard before—there's just way less stuff out there attacking Macs. He told Tom's Hardware:

"I'd say that Macs are less secure for the reasons we've discussed here (lack of anti-exploitation technologies) but are more safe because there simply isn't much malware out there. For now, I'd still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them."

Whatever OS you're running, the best thing you can do, he says, is to just keep your system up to date (then you won't get Conficker, either). And not be stupid. Since no anti-malware software would've stopped his exploit:

"None of those protections would have probably worked, or at least there were potential workarounds. The best thing the user could have done is not click on the malicious link. Of course, in some cases such as a man-in-the-middle attack, even this wouldn't have helped."

Oh, so maybe everybody is just screwed. [Tom's Hardware via AppleInsider]

Every smartphone OS up for total destruction—iPhone, Windows Mobile, Symbian, Android and BlackBerry—made it through the competition unscathed. Not because they're inherently more secure. It's just because their puny processing power and memory make things like the 10-second Safari hack harder to do, even though the exploit is totally there.

Another reason is that every phone has a unique carrier and OS version situation, which made it harder for researchers to come with exploits—for instance, one crafted for the Storm, which wasn't in the competition, actually didn't work on the Bold. So the multiplicity of phones out there is actually a good thing security-wise, though it makes more monolithic platforms, like the iPhone a more attractive target—kinda like Windows' juggernaut-size makes it a bigger target for exploits than Mac or Linux. That said, I don't think the survival rate will be so great next year. [Computerworld via Slashdot]

As noted yesterday, Safari was compromised in a mere 10 seconds while Firefox and IE were taken down shortly thereafter by a hacker known only as "Nils." Only Chrome was able to withstand the first day of the event thanks, in large part, to its innovative sandbox feature. However, it's reign is likely to be a short one as day two ups the ante with more prize money and the ability to use plugins as part of the hack. [Ars Technica]

Security researcher Charlie Miller hacked Safari in just 10 seconds, then used a remote-execution exploit to take over the up-to-date MacBook and make it do his dirty bidding. Firefox and Internet Explorer 8 (which you can download at noon today) fell within a few hours to Nils, a master's student who busted all three browsers wide open. They each won $5000. Day 2 will offer more $5000 prizes for discovering new bugs in Firefox, Chrome and Safari.

Mobile phone OS's will also be part of the event, with $10,000 for cracking any of the five majors: iPhone, BlackBerry, Windows Mobile, Symbian and Android. Care to take bets on which one will go down first? [Pocket Lint]

Yup, it's true; Adobe not only knew about the security flaw that Shane Macaulay used to hack Vista, they even had a patched prepared. Only thing is, they hadn't got round to releasing it. In fact, the patch was scheduled for release in the next Flash Player update later in the month.

Thankfully, Adobe were not in the dark about the security risk, however, if they were in the know, don't you guys think they have a responsibility to release the fix ASAP? Putting our systems at unnecessary risk due to our choice to support third party software just doesn't seem fair. Further, asking for system stability and security to be made a priority should be a given at all times, or so we reckon. Worse still, the defect may have cost Vista the title of impenetrable OS, and that's gonna hurt the MS fanboys dearly. After all, imagine if OS X had been the only hacked operating system; we think said fanboys may have had something to brag about, or at least a reason to punch Mr Smug Mac in his face. [Ars Technica]

This laptop is a good case study for any forensics group/company/individual that wants to prove how cool they are, and a live example, not canned of what a typical incident responce sitchiation [sic] would look like.

Gawker Media polls require Javascript; if you're viewing this in an RSS reader, click through to view in your Javascript-enabled web browser.

It appears that contestant Charlie Miller just earned himself $10,000 for hacking a Macbook Air inside two minutes. So, those of you who voted Vista as the first to go down are probably fairly shocked right now. Miller was also among the researchers who first hacked Apple's iPhone last year, so it may not be all that surprising to hear that he was able to work his magic with OS X so quickly.

During day one hackers were only allowed to use network-based attacks. Not surprisingly, no one even attempted it. Today the rules were relaxed to allow hacks that involve websites and email. So, Miller utilized a simple website that contained exploit code to get the job done—which leads us to believe that the flaw he exploited exists within the Safari browser. Too bad they cut the prize money in half with each passing day. [PWN 2 OWN via Yahoo and PC World]