LTD Posted April 21, 2007 Share Posted April 21, 2007 Let's keep track of this, folks. So far, so good! Note that they're going to "lower the barriers" a bit, for a more sporting situation, it seems. ;) Link: http://blogs.zdnet.com/security/?p=173 Link to comment Share on other sites More sharing options...
Slimy Posted April 21, 2007 Share Posted April 21, 2007 Right after a major patch was released. Great day for them to choose :yes: Link to comment Share on other sites More sharing options...
User6060 Posted April 21, 2007 Share Posted April 21, 2007 Yeah they broke it, i think today or yesterday In winning the contest, he exposed a hole in Safari, Apple's browser. "Currently, every copy of OS X out there now is vulnerable to this," said Sean Comeau, one of the organizers of CanSecWest. http://www.infoworld.com/article/07/04/20/...nference_1.html Link to comment Share on other sites More sharing options...
Slimy Posted April 21, 2007 Share Posted April 21, 2007 Hey! You ruined it! I was about to get that up on the front page :p (it's coming, give me some time) Link to comment Share on other sites More sharing options...
LTD Posted April 21, 2007 Author Share Posted April 21, 2007 Yep, they got through. Nice prize, too! Link to comment Share on other sites More sharing options...
QuarterSwede Posted April 21, 2007 Share Posted April 21, 2007 Read a pretty good point on Macrumors.com ... if this is a WebKit bug, claiming the 'Macintosh' or 'OS X' has been exploited because of a bug in the browser engine is just as silly as claiming Linux has been exploited because Firefox has a vulnerability. Link to comment Share on other sites More sharing options...
random_n Posted April 21, 2007 Share Posted April 21, 2007 Is it really so silly? Safari is made by Apple, comes with all Apple computers, and is one of the most popular programs for the platform. The program is designed to wander the Internet, so the avenue of infection is a rather likely one. And speaking of Linux, there is a chance that this bug was carried over from the KHTML core, which could mean the vulnerability exists in Konqueror as well. That could mean a KDE exploit, which is used by a very significant portion of the Linux crowd. Claiming the WebKit bug is a Mac OS X exploit is no more silly than claiming that an MSHTML exploit is a vulnerability in Windows. Link to comment Share on other sites More sharing options...
raskren Posted April 21, 2007 Share Posted April 21, 2007 Claiming the WebKit bug is a Mac OS X exploit is no more silly than claiming that an MSHTML exploit is a vulnerability in Windows. Zing! That's a good point. Link to comment Share on other sites More sharing options...
duhk Posted April 21, 2007 Share Posted April 21, 2007 Can a hacker access a windows xp machine with no programs running too? Link to comment Share on other sites More sharing options...
PyX Posted April 23, 2007 Share Posted April 23, 2007 I think they needed Safari (the issue is in Safari, right?) and Mail (a user had to click a link in an email, right?) or something, so the no program running... I don't believe it. Will they try to break it again another way or if it's over now? Link to comment Share on other sites More sharing options...
PyX Posted April 26, 2007 Share Posted April 26, 2007 Hmmm okay, apparently, you have to click a link in Safari, but the flaw is in QuickTime... and not just on OS X. Link to comment Share on other sites More sharing options...
Recommended Posts