Over at Daring Fireball John Gruber interviews
Dino Dai Zovi, who won the CanSecWest security contest we mentioned
last week by successfully exploiting a MacBook Pro through a flaw in QuickTime's implementation of Java. Dai Zovi explains the sort of thing he did (though obviously without giving details). He is a Mac user himself and confirms what we noted before that you can defend yourself by disabling Java in your browsers. Dai Zovi's main advice for the "typical" user is merely to run in a non-admin account. It's definitely worth a read
for anybody curious about the exploit.