So, CanSecWest ran another one of their “crack shit and we give you prizes” contests and surprise, surprise, the MacBook got cracked.
Ok, before we get this ball rolling let me make something clear. I’m not a security expert. I’m not looking at this as a security expert. I’ll leave that to people much smarter than me. So, having said that, anyone who attempts to question my security expertise in way of rebuttal will be shot.
I hate these sort of competitions, because they are just theater. And, while one could make the argument that competitions like this help spread awareness about computer security, I’d argue that they don’t. Here’s why.
The problem with competitions like this is that the tech media, and the hordes of mouth breathing commenters / forum retards never seem to take away the important message. Instead we usually get breathless hyperbole (note, I’m specifically not accusing Macworld of that. I linked to them because they were the first story about this that I had open).
Whenever one of these stories breaks, you can be assured that the bulk of the responses will generally fall into one of two buckets.
The MacMacs will inevitably come out of the woodwork to point out every tiny flaw and niggle in the report. In this case the going meme seems to be: “Well, since this exploit required a user to click a link it really isn’t that bad.” Look, chuckle-nuts, it’s a fucking exploit, Apple needs to fix it. Get over it.
Which leads us to the anything but MacMac zealots (Linux, Windows, BlackBerry, take your pick). They, of course, will immediately begin their chants of “Ha ha the MacBook got cracked. I hate you Apple pricks.” All the time ignoring the fact that everything gets cracked.
The only one hundred percent secure system is one that doesn’t interface with the outside world in any way. Exploits happen, and the goal shouldn’t be to use their existence or lack thereof as a marketing tool (and yes, I’m calling Apple out on that point as well). The goal should be to patch the exploits that are there now, and work to prevent future ones from occurring. Unfortunately, theatrics like the PWN2OWN competition do not foster that mindset.