PDA

View Full Version : Gone in 2 minutes: Mac gets hacked first in contest


nekrosoft13
03-28-08, 03:08 PM
San Francisco - It may be the quickest $10,000 Charlie Miller ever earned.

He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810, and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system using a previously undisclosed "0day" attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday, the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.

Last year's contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn't participate in this year's contest, saying it was time for someone else to win.


http://news.yahoo.com/s/infoworld/20080327/tc_infoworld/96676

K007
03-28-08, 07:06 PM
San Francisco - It may be the quickest $10,000 Charlie Miller ever earned.

He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810, and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system using a previously undisclosed "0day" attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday, the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.

Last year's contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn't participate in this year's contest, saying it was time for someone else to win.


http://news.yahoo.com/s/infoworld/20080327/tc_infoworld/96676


lol thats awesome.

& people think macs are secure... The security in any computer depends on the user who uses it ><

Sazar
03-28-08, 10:25 PM
The funny thing is, the mac got hacked first last year too, thanks to a quick-time exploit.

Don't worry though, it's nothing a few holier-than-thou commercials from Apple won't fix.

I am sure Steve Jobs will somehow find a way to blame Microsoft.

crainger
03-29-08, 12:41 AM
Microsoft breed the smart PC users who then went to hack poor innocent Macs!

nekrosoft13
03-29-08, 12:49 AM
Microsoft breed the smart PC users who then went to hack poor innocent Macs!

is that the plot for their new commercial?

Richteralan
03-29-08, 12:59 AM
Next in the news we will see Steve Jobs saying that hacking contest doesn't count.(lee)