Gone in 2 minutes: Mac gets hacked first in contest

[Zeus_Hunt]

All hypes and myths about Apple being the most secure OS, or at least being the last OS to be hacked may have been busted by Charlie Miller on Thursday when he managed to hack an Apple MacBoock Air in 2 minutes flat during the CanSecWest security conference's PWN 2 OWN hacking contest. Show organizers offered a Sony Vaio, Fujitsu U810 and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed "0day" attack. Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages. Miller, best known as one of the researchers who first hacked Apple's iPhone last year, took advantage of the new privileges given by the jury and within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer. He was the first contestant to attempt an attack on any of the systems, and that was enough for him to win quick $10,000 and perhaps show how secure the MacBook Air was.

View: Original Article

[dMog]

HA HA!!

[demonon]

Victory shall be mine!

[Atasas]

How cheap does it dets?

MacOS is still most secure to user with skills of computer managment:0-5 those are 67%...

[mjall]

yes this is good news to me, i hate all the guts that people keep suing MS for, welcome aboard apple which i don't like at all hahahahaa

[Zeus_Hunt]

Microsoft was not without a reaction to the past week's events at CanSecWest Vancouver 2008. The conference's PWN2OWN 2008 hacking challenge sponsored by TippingPoint involved three machines and just as many operating systems, VAIO VGN-TZ37CN running Ubuntu 7.10, Fujitsu U810 running

Vista Ultimate SP1 and MacBook Air running OSX 10.5.2. In the first day of the contest, when hackers were permitted only network attacks all the platforms held their own. But starting with day two, Mac OS X Leopard fell within two minutes.

On day three, Vista SP1 was hacked after a few hours, while Ubuntu managed to get through intact. Jeff Jones, Strategy Director in the Microsoft Security Technology Unit, commented on the fact that Leopard, a product that is heavily advertised as being more secure than Windows Vista, was the first to fall. Apparently, flawless marketing campaigns do not equal secure offerings. Apple has learned this the hard way.

"Okay, having said that, given how obnoxious and misleading I find those Mac OS X ads and how they've spent millions of dollars publicly criticizing Windows Vista security improvements, I find it ironic and apropos that Mac OS X was the first machine to be owned in the PWN 2 OWN contest at CanSecWest. Charlie Miller appears to have set up a web site containing malicious code and used a 'browse to own' vulnerability to win the contest," Jones stated.

Charlie Miller, with Independent Security Evaluators (ISE), is the hacker that claimed a $10,000 prize and a MacBook Air, and revealed to ComputerWorld that he and his team chose to own Leopard because it was less of a challenge than Vista SP1 or Ubuntu. Miller exploited a zero-day vulnerability in Safari 3.1.

"It was the easiest one of the three. We wanted to spend as little time as possible coming up with an exploit, so we picked Mac OS X. We sat down about three weeks ago and decided we wanted to throw our hats into the ring. It took us a couple of days to find something, then the rest of the week to work up an exploit and test it. It took us maybe a week altogether," Miller stated.

On the third day of CanSecWest 2008, Vista SP1 Ultimate was also hacked, but not through a hole in the operating system's components. A zero-day vulnerability in Adobe's Flash was exploited in order to compromise Vista.

[dock98]

about someone realized Mac is mostly hype.just good advertising and high prices.

[LoKz]

Ha.. Ha...

[shought]

Mac isn't very popular in my country, most people (average computer users) know it exists, but almost no one i know ever used it...

[ZeuZ]

How cheap does it dets?

MacOS is still most secure to user with skills of computer managment:0-5 those are 67%...

Erm, no, this proves that even under hundres of malicious users (a.k.a hackers for the prize) Linux standed victorious on that field. Also faster, less resource usage (even though being Debian Based, in first run you won-t notice it's speed, but after a time, a process in Ubuntu disables services that are not comonly used and then you gain speed and power even more. Taking that in count, I choose PC BSD/Debian for the faster, secure normal user PC OS. Being also Debian the faster community for bug fixing.

Mac isn't very popular in my country, most people (average computer users) know it exists, but almost no one i know ever used it...

Same here. I've been able to test them, graphically intense I would say. Still, I stand strong, Linux/BSD FTL