Recent trends for malware usually point to some older version of Internet Explorer running on Windows XP. The lack of address randomization and execution protection makes it an easy target to create functioning exploits. This years CanSecWest security conference again proves that it draws some of the brightest security researchers from around the globe. As usual Charlie Miller is there on his "no more free bugs" tour - pointing out that Apple still hasn't taken security seriously enough, and showing through 5 lines of python code ways to reliably identify 20+ exploitable bugs in very common Internet related applications. Seriously Apple, time to implement the basics, users of your operating system are not just educated coders and security people, they are common people that like to click through stuff. More interesting though is the exploit of a fully patched IE8/Windows7 platform by Peter Vreugdenhil . His two step bug and exploit avoids both the ASLR, and permane