Apple’s Leopard lasts ‘30 seconds’ in hack contest
March 29th, 2008 by Paras WadehraApple’s Leopard has been hacked within 30 seconds using a flaw in Safari, with rival operating systems Ubuntu and Windows Vista so far remaining impenetrable in the CanSecWest PWN to Own competition.
Security firm Independent Security Evaluators (ISE) — the same company that discovered the first iPhone bug last year — has successfully compromised a fully patched Apple MacBook Air at the CanSecWest competition, winning $10,000 as a result.
Charlie Miller, a principal analyst with ISE, said that it took just 30 seconds and was achieved using a previously unknown flaw in Apple’s Web browser Safari.
Competitors in the hacking race were allowed to choose either a Sony laptop running Ubuntu 7.10, a Fujitsu laptop running Vista Ultimate SP1 or a MacBook Air running OS X 10.5.2.
“We could have chosen any of those three but had to make a judgement call on which would be the easiest and decided it would be Leopard,” Miller said.
“Every time I look for [a flaw in Leopard] I find one. I can’t say the same for Linux or Windows. I found the iPhone bug a year ago and that was a Safari bug as well. I’ve also found other bugs in QuickTime.”
Del.icio.us
Digg
Technorati
Furl
reddit
9 Responses to “Apple’s Leopard lasts ‘30 seconds’ in hack contest”
Smells and sounds like a setup to me? I wonder who\\\’s trying to smear the hottest selling laptop around???
Why is it, if as this article suggests, it is easier to hack an apple system than a windows one we have lots of friends whose computers run windows and they crash and freeze and have fatal errors and so on all the time and our apple operating system doesn\’t seem to do any of these things?
Another point of view:
http://www.roughlydrafted.com/2008/03/29/mac-shot-first-10-reasons-why-cansecwest-targets-apple/
You mean, Apple’s Safari… not Leopard, and it was 1 day and 2 minutes not, 30 seconds, and you neglected to mention Miller could only do it once he was given full physical and password access to the machine.
So it’s hardly a “hack”… more like giving criminals keys to a house, then say: “gosh, in 2 minutes, they broke in!”
What a farce of a contest.
For a little perspective:
http://www.roughlydrafted.com/2008/03/29/mac-shot-first-10-reasons-why-cansecwest-targets-apple/
And, yet, there are tens of millions of Windows zombie computers out there and no Mac zombies. When Macs start having the real world problems that Windows has had for decades, let us know.
The Mac in question was directed to a malicious website where a Trojan was downloaded and an Administrator password was entered that gave permission for a concealed program to install and create the access needed to win the contest.
Anyone can hack any computer with physical access and a freely given password to that computer.
No computer was compromised the first day. The Mac was compromised the second day.
No computer was exposed to the internet. No anti-virus software or firewall was used either. A Vista machine exposed to the internet without a firewall or a-v software would have been turned into a spambot very quickly on the first day. The rules were designed to give away prizes. Microsoft was a sponsor. Vista lasted until the third day.
The story has an element of truth but you should really be reporting the facts in a less sensationalist fashion. It was seconds into the second day of the contest using an exploit he\\\’d set up on a website prior to the comp. So the flaw wasn\\\’t previously unknown to him.
Its not like I just decided to make up a news item! It was reported on zdnet like this. There was no mention of a second day in the contest.