Macbook Hacked in 2 Minutes!

[guruparan]

Macbook (MacbookAir) got hacked withing 2 minutes!! :-)

Source: From Macworld

(http://www.macworld.com/article/132733/2008/03/hack.html)

Where: Security Conference open (http://cansecwest.com/post/2008-03-20.21:33:00.CanSecWest_PWN2OWN_2008)

:-D

Prize he won: 3 laptops (Sony Vaio, Fujitsu U810 and the MacBook ) + US$10,000

Edited March 27, 2008 by guruparan

[Hell-In-A-Handbasket]

OMG a computer got hacked when the hacker was actually at the computer, im so in trouble from hackers /sarcasm

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages

[Berserk87]

ha.

so did he pick the macbook? :p

OMG a computer got hacked when the hacker was actually at the computer, im so in trouble from hackers /sarcasm

read the article....he wasnt on the computer, he took control of it by "tricking" someone into going to a certain webpage, which has a malicious script on it, and gives him control of the hosts computer.

[PL_ Veteran]

OMG a computer got hacked when the hacker was actually at the computer, im so in trouble from hackers /sarcasm

Uhh, no, the hacker still wasn't allowed to touch the computer :huh:

[Hell-In-A-Handbasket]

directed people to go to a site, instructing somebody is about the same as actually doing it personally.

thats like ariving at somebodys door saying your from their bank and telling them to go to www.whatever.tv and having them enter their bank information to confirm they are who they say they are

[guruparan]

He got 3 laptops (Sony Vaio, Fujitsu U810 and the MacBook ) + US$10,000

[Numpad]

i could of won that.. i would of just asked the person on the laptop to bring it over to where i am.. Voila!

[Elessar]

directed people to go to a site, instructing somebody is about the same as actually doing it personally.

thats like ariving at somebodys door saying your from their bank and telling them to go to www.whatever.tv and having them enter their bank information to confirm they are who they say they are

You fail. Most sites tailored for specific countries start with two letters, for example, us.abc.com, i'm sure it would be simple to have someone click a link going to usa.abc.com which is controlled by the hacker who then gains access to your computer, not that hard and the person doing the clicking probably didn't suspect a thing.

[sundayx Veteran]

i could of won that.. i would of just asked the person on the laptop to bring it over to where i am.. Voila!

Yeah! go you!

[Thrawn]

directed people to go to a site, instructing somebody is about the same as actually doing it personally.

thats like ariving at somebodys door saying your from their bank and telling them to go to www.whatever.tv and having them enter their bank information to confirm they are who they say they are

No, you can get someone to go to a site by a maliciously placed link at a number of places (like a youtube video or something) or an email.

Honestly. OS X sux0rs. I bet my IE 7 with UAC protected mode wouldn't fall for something like this, lol.

[osirisX]

*Hands everybody flame-proof suits*

[Gary2MBz]

Now all those snob Mac users can weep with their false brainwashed statements. IT just goes to show you no OS even LINUX is safe from hackers. Just use COMMON SENSE when computing and don't tell me the Average Joe crap because he'd even hang himself trying to follow common sense.

[Hell-In-A-Handbasket]

there is a track history that proves that it would, especially since the hacker would have directed the operator to allow it

I bet my IE 7 with UAC protected mode wouldn't fall for something like this, lol.

[Eric Veteran]

directed people to go to a site, instructing somebody is about the same as actually doing it personally.

thats like ariving at somebodys door saying your from their bank and telling them to go to www.whatever.tv and having them enter their bank information to confirm they are who they say they are

No, that's like saying, "hey, check this new blog out at blog.whatever.tv" and it's not a blog, but a site that serves a maliciously crafted page.

[Hell-In-A-Handbasket]

the .tv was not serious, i didnt actually mean the country

and besides

Except for reserved names like .com.tv, .net.tv, .org.tv and others, any person in the world can register a .tv domain for a fee. In 2000, Tuvalu negotiated a contract leasing its Internet domain name ".tv" for $50 million in royalties over a 12-year period

You fail. Most sites tailored for specific countries start with two letters, for example, us.abc.com, i'm sure it would be simple to have someone click a link going to usa.abc.com which is controlled by the hacker who then gains access to your computer, not that hard and the person doing the clicking probably didn't suspect a thing.

and besides even that, this is not the least bit worrying

[Fonze]

You fail. Most sites tailored for specific countries start with two letters, for example, us.abc.com, i'm sure it would be simple to have someone click a link going to usa.abc.com which is controlled by the hacker who then gains access to your computer, not that hard and the person doing the clicking probably didn't suspect a thing.

The way domain names work is like a hierarchy. the part all the way to the right of the domain name is the top level, and the part all the way to the left is at the bottom. So in the example us.abc.com, com is at the top, and us is at the bottom.

com

|

abc

/ | \

jp us uk

So, in order for someone to create the domain usa.abc.com, they would have to gain control over the abc domain. If someone were to gain control over the abc domain, they could cause a lot more damage than just creating a new URL to trick people.

[team_NOOB]

*Hands everybody flame-proof suits*

:laugh: qft!

[j0nnymoe]

Now all those snob Mac users can weep with their false brainwashed statements. IT just goes to show you no OS even LINUX is safe from hackers. Just use COMMON SENSE when computing and don't tell me the Average Joe crap because he'd even hang himself trying to follow common sense.

Only reason its said that OS X/Linux users are safer from hackers than windows users, is because the amount of people that use windows and dont have a clue what they are doing with a computer, thus makin them a easy target for hackers

[DrunkenMaster]

I have an iMac .... I am invincible!!!!!!

:p

[MrFuji]

I have an iMac .... I am invincible!!!!!!

:p

Haha, just wait till a mean hacker directs you to a webpage with a malicious script on it :p

[DrunkenMaster]

Haha, just wait till a mean hacker directs you to a webpage with a malicious script on it :p

Nope. I am still Invincible. There are only nice hackers. No one will misdirect me to anything malicious.

[Elessar]

The way domain names work is like a hierarchy. the part all the way to the right of the domain name is the top level, and the part all the way to the left is at the bottom. So in the example us.abc.com, com is at the top, and us is at the bottom.

com

|

abc

/ | \

jp us uk

So, in order for someone to create the domain usa.abc.com, they would have to gain control over the abc domain. If someone were to gain control over the abc domain, they could cause a lot more damage than just creating a new URL to trick people.

I understand how domains are formed, i was commenting in regards to copycat/phishing sites where the goal is to look exactly like a legit site. In my example, a hacker could take that a step further and create a domain that looks very similar to the legit site.

[LTD]

**yawn**

Lets see what else is on . . .

[daveoc64]

I'm glad this has come out.

I'd rather that other Mac users woke up and realised that we AREN'T magically protected by Mac OS X and that given the knowledge of a flaw and what seems harmless to a user, damage can be done.

If anything, I'd say Windows users are a little better protected - not only do the browsers try and pick up on stuff (like phishing or fake sites), but they are also probably running Anti-Virus software and have a reasonable firewall in place - something which is rare on Mac OS X or Linux.

Edited March 27, 2008 by daveoc64

[Typhon]

God I want my 2 minutes of my life back. Yawn yawn let's see what other trash I can post up.