[syadasti]

Now that they are becoming more popular no security through obscurity for you!

Robert McMillan

San Francisco - It may be the quickest $10,000 Charlie Miller ever earned.

He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810, and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system using a previously undisclosed "0day" attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday, the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.

Last year's contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn't participate in this year's contest, saying it was time for someone else to win.

 

[Transcend]

Of course it was.


Who wants to win the other 2 piles of crap?

 

[jonKranked]

The technique he used would have worked on any of those laptops. If you're dumb enough to click on those "p en1s c1@lis tabs cheap g0at pr0n" emails, then you deserve to get your computer hacked.

 

[syadasti]

Of course it was.


Who wants to win the other 2 piles of crap?

But even you said the MBA was a pile of crap. Its easier to sell the MBA on eBay to another sucker...

Here is what he said:

Charlie Miller, best known as one of the Independent Security Evaluators researchers who first hacked the iPhone last year, said he's participating, not for the cash prize, but for the thrill of seeing whether or not he can be first to hack one of the computers. "For me it's the Super Bowl of security research," he said. "I'm a competitive guy."

 

[syadasti]

The technique he used would have worked on any of those laptops. If you're dumb enough to click on those "p en1s c1@lis tabs cheap g0at pr0n" emails, then you deserve to get your computer hacked.

He didn't click on an email, he visited a website and didn't open anything.

 

[CrabJoe StretchPants]

Of course it was.


Who wants to win the other 2 piles of crap?

I'd take either over the mac myself.

 

[syadasti]

Apple had plenty of time to heed his advice:

http://www.news.com/8301-10784_3-9759132-7.html

 

[jonKranked]

He didn't click on an email, he visited a website and didn't open anything.

a lot of those emails will direct you to a website with a similar exploit. technically, when you visit a website, you do open something - although its only the code for that particular web page.

Same end result, different road to get there.

 

[CrabJoe StretchPants]

a lot of those emails will direct you to a website with a similar exploit. technically, when you visit a website, you do open something - although its only the code for that particular web page.

Same end result, different road to get there.

Kinda like navigating porn sites directly or through google.

 

[jonKranked]

Kinda like navigating porn sites directly or through google.

Exactly. The fundamental technique of the exploit he used isn't platform specific, only the technical execution (the coding).

 

[syadasti]

Exactly. The fundamental technique of the exploit he used isn't platform specific, only the technical execution (the coding).

Yes there is nothing magical about a mac. Its computer that runs software with bugs and flaws like any other. One weak link in the chain is all it takes and computers have millions of lines of code behind them.

 

[DirtyDog]

This is REALLY interesting and all..... but let's keep it in the tech forum.

 

[$tinkle]

ahhh, i get it; this was first posted in the lounge.
wondered why so many bacon eaters gave a crap.

 

[syadasti]

OSX hacked by Thursday($10000), Vista by Friday via cross platform bug (exploitable on OSX or Linux too)($5000), Linux unhacked (too much effort required)($0).

Prize money was awarded by day so the later the system was hacked the less money they got - $20,000 halved each day with less rules/restrictions as each day passed.

OSX declared easiest to hack by hackers.

Vista, MacBook Out--Only Linux Left in Hacking Contest
With Vista hacked Friday, a Linux laptop remained uncompromised at the CanSecWest PWN 2 OWN hacking contest.
Robert McMillan, IDG News Service
Saturday, March 29, 2008 5:00 AM PDT

The MacBook Air went first; a tiny Fujitsu laptop running Vista was hacked on the last day of the contest; but it was Linux, running on a Sony Vaio, that remained undefeated as conference organizers ended a three-way computer hacking challenge Friday at the CanSecWest conference.

Earlier this week, contest sponsors had put three laptops up for grabs to anyone who could hack into one of the systems and run their own software. A US$20,000 cash prize sweetened the deal, but the payout was halved each day as contest rules were relaxed and it became easier to penetrate the computers.

On day two, Independent Security Evaluators' Charlie Miller took the Mac after hitting it with a still-undisclosed exploit that targeted the Safari Web browser. After about two minutes work, Thursday, Miller took home $10,000, courtesy of 3Com's TippingPoint division, in addition to his new laptop.

It took two days of work, but Shane Macaulay, finally cracked the Vista box on Friday, with a little help from his friends.

Macaulay, who was a co-winner of last year's hacking contest, needed a few hacking tricks courtesy of VMware researcher Alexander Sotirov to make his bug work. That's because Macaulay hadn't been expecting to attack the Service Pack 1 version of Vista, which comes with additional security measures. He also got a little help from co-worker Derek Callaway.

Under contest rules, Macaulay and Miller aren't allowed to divulge specific details about their bugs until they are patched, but Macaulay said the flaw that he exploited was a cross-platform bug that took advantage of Java to circumvent Vista's security.

"The flaw is in something else, but the inherent nature of Java allowed us to get around the protections that Microsoft had in place," he said in an interview shortly after he claimed his prize Friday. "This could affect Linux or Mac OS X."

Macaulay said he chose to work on Vista because he had done contract work for Microsoft in the past and was more familiar with its products.

Although several attendees tried to crack the Linux box, nobody could pull it off, said Terri Forslof, a manager of security response with TippingPoint. "I was surprised that it didn't go," she said.

Some of the show's 400 attendees had found bugs in the Linux operating system, she said, but many of them didn't want to put the work into developing the exploit code that would be required to win the contest.

Earlier, Miller said that he chose to hack the Mac because he thought it would be easiest target. Vista hacker Macaulay didn't dispute that assertion: "I think it might be," he said.

 

[syadasti]

Think lazy...OSX more vulnerable and unpatched

Apple's response time to such 0-day vulnerability patches lags significantly behind that of Microsoft.

The study, conducted by the Swiss Federal Institute of Technology, analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple, all of which were high and medium risk according to the National Vulnerability Database.

"Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005," [said researcher Stefan Frei]. "Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." [...]

"We think that Apple had fewer vulnerabilities early on, and they were just surprised or not as ready or not as attentive," Frei said. "It looks like Microsoft had good relationships earlier with the security community."

Over the past few years, Microsoft has tried to cultivate a closer relationship with the security community in order to encourage researchers to give it a heads-up about software problems. Apple, however, doesn't appear to have that same sort of engagement yet, and, "based on our findings, this is hurting them," Frei said.

A spot-check of security firm Secunia's statistics show that 6% of 113 bugs found in Apple's Mac OS X operating system from 2003 to 2008 remain unpatched.