Researcher Cracks Mac in 10 Seconds

Status
Not open for further replies.
Matt_mg

Matt_mg

Well-known member
Researcher Cracks Mac in 10 Seconds
Gregg Keizer, Computerworld
Mar 19, 2009 8:41 am

Charlie Miller, the security researcher who hacked a Mac in two minutes last year at CanSecWest's PWN2OWN contest, improved his time Wednesday by breaking into another Mac in under 10 seconds.

Miller, a principal analyst at Independent Security Evaluators LLC, walked off with a $5,000 cash prize and the MacBook he hacked.

"I can't talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched," said Miller Wednesday not long after he had won the prize. "It probably took 5 or 10 seconds." He confirmed that he had researched and written the exploit before he arrived at the challenge.

The PWN2OWN rules stated that the researcher could provide a URL that hosted his or her exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware. "I gave them the link, they clicked on it, and that was it," said Miller. "I did a few things to show that I had full control of the Mac."

Two weeks ago, Miller predicted that Safari running on the Mac would be the first to fall.

PWN2OWN's sponsor, 3Com Inc.'s TippingPoint unit, paid Miller the $5,000 for the rights to the vulnerability he exploited and the exploit code he used. As it has at past challenges, it reported the vulnerability to on-site Apple representatives. "Apple has it, and they're working on it," added Miller.

According to Terri Forslof, the manager of security response at TippingPoint, another researcher later broke into a Sony laptop that was running Windows 7 by exploiting a vulnerability in Internet Explorer 8. "Safari and IE both went down," she said in an e-mail.

TippingPoint's Twitter feed added a bit more detail to Forslof's quick message: "nils just won the sony viao with a brilliant IE8 bug!"

Forslof was not immediately available to answer questions about the IE8 exploit.

TippingPoint will continue the PWN2OWN contest through Friday, and will pay $5,000 for each additional bug successfully exploited in Apple Inc.'s Safari, Microsoft Corp.'s Internet Explorer 8, Mozilla Corp.'s Firefox or Google Inc.'s Chrome. During the contest, IE8, Firefox and Chrome will be available on the Sony, while Safari and Firefox will be running on the MacBook. The researcher who exploited IE8 will, like Miller, be awarded not only the cash, but also the laptop.

"It was great," said Miller when asked how it felt to successfully defend his title. "But I was really nervous for some reason this time. Maybe it was because there were more people around. Lucky [the exploit] was idiot-proof, because if I had had to think about it, I don't know if I'd had anything."

This year's PWN2OWN also features a mobile operating system contest that will award a $10,000 cash prize for every vulnerability successfully exploited in five smartphone operating systems: Windows Mobile, Google's Android, Symbian, and the operating systems used by the iPhone and BlackBerry.

Miller said he won't enter the mobile contest. "I can't break them," said Miller, who was one of the first researchers to demonstrate an attack on the iPhone in 2007, and last year was the first to reveal a flaw in Android. "I don't have anything for the iPhone, and I don't know enough about Google."

CanSecWest, which opened Monday, runs through Friday in Vancouver, British Columbia.
Click to expand...

There are Virus' for mac it's just that nobody bothers to write them.
 
funny how you all decided to stop reading when they said they cracked a windows 7 sony laptop only a few lines below.
 
Subzero said:
funny how you all decided to stop reading when they said they cracked a windows 7 sony laptop only a few lines below.
Click to expand...

i didn't stop reading there, i read the whole article. The point of this thread is not to show how pc's are better than mac's, it's to show that people who think mac's cant be infected with viruses or craked are dumbasses.
 
C'est juste évident que Mac, Linux, Windows sont ouverts à des virus de toutes sortes...s'agit que les programmeurs s'intéressent à la plate-forme.

Plus que Mac va prendre des parts de marchés plus qu'il va y avoir de virus de conçus pour eux.... à 10% de market share ce n'est pas vraiment l'intérêt de s'attaquer à ça.... comme que les virus ne sortent plus vraiment pour Windows 98 même si ça serait facile.

Tant qu'à moi ce genre de concours là ne devrait pas avoir lieu. Que Apple et Microsoft donnent xxxxx$ à quelqu'un qui réussi a percer leur système c'est correct, mais de là à faire une publicité avec ça je trouve que ça fait juste peur au monde pour rien.

Windows n'a jamais été aussi sécuritaire que maintenant.... est-ce que c'est parfait, non et ça le sera jamais. Au moins Microsoft réagit rapidement la plupart du temps.

Est-ce que Apple est sécuritaire ? Oui...dans la mesure du possible.

Bref, il faut arrêter de capoter avec ça les virus....les efforts sont là et c'est aux usagers de protéger leur données confidentielles comme il faut.
 
its not that there arent viruses, that isnt really a virus, the person had to click on it.... so he a dumb ass mac owner THINKING he cant get a virus, PC owners always think twice before clicking a strange link. its that hackers are too lazy to spend hours trying to find them when PC is easy prey.
 
I predict by 2012 there will be several hackers scamming their way to the top of the food chain feeding off the idiots who keep buying macs :)
 
Status
Not open for further replies.
Back
Top