Security Researcher Hacks MacBook And Takes First Prize
According to a security researcher who walked away with a cool 10000 dollars after hacking a MacBook Air in less than 2 minutes, he chose the Apple Inc operating system for a simple reason, it was easy.

Charlie Miller, works as an analyst at Independent Security Evaluators and stated “It was the easiest one of the three.”

He won the first place prize at the “PWN to OWN” hacker challenge at CanSecWest, winning the computer that he hacked, as well as the cool 10 grand.

All of the updated security patches had been installed on the MacBook, which was loaded with the current version of Mac OS X. The other 2 computers that were up for grabs were the Sony Vaio VGN-TZ37CN, and the Fujitsu U810 notebook.

“We sat down about three weeks ago and decided we wanted to throw our hats into the ring,” said Miller, referring to himself and ISE colleagues. “It took us a couple of days to find something, then the rest of the week to work up an exploit and test it.

“It took us maybe a week altogether,” Miller said.

~

The Mac went down in two minutes. The Vista SP1 PC made it two days. Only the Sony VAIO VGN-TZ37CN laptop running Ubuntu 7.10 survived the CanSecWest PWN to OWN PC hacking contest.

The rules were simple. Hackers had to "read the contents of a designated file on each system through exploitation of a zero-day code execution vulnerability" through a direct wired connection. The successful hacker system would get to keep it, hence the PWN to OWN name, and a cash prize. The competition was sponsored by TippingPoint Technologies' (a network security company) ZDI (Zero Day Initiative).

While neither the hackers nor TippingPoint revealed the details of the hacks, we do know which programs were cracked. In the case of Mac OS X running on a MacBook Air, the Safari Web browser proved to be the crack in Mac OS X's armor. With Windows Vista SP1 on a Fujitsu U810, Adobe Flash proved to be its Achilles' heel.

In theory, the Flash vulnerability is cross-platform. In other words, the same hole might be used to crack Linux or other operating systems.

Since we don't know exactly how the security breach works, we can't be certain, though, that the same problem could be used successfully against Linux.

What we do know is that with cash money on the line, not to mention ownership of a nice new PC, Linux came out untouched.

posted by tommEE  # 3/31/2008 12:02:00 PM
Comments: Post a Comment



<< Home

archives


This page is powered by Blogger. Isn't yours?