Mac hacked in 2 minutes


Recommended Posts

Express

Source: http://news.yahoo.com/s/infoworld/20080327...infoworld/96676

It may be the quickest $10,000 Charlie Miller ever earned.

He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810, and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system using a previously undisclosed "0day" attack.

Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.

Link to post
Share on other sites
PricklyPoo

More proof that macs don't have better security than windows, just less hackers target macs...

Link to post
Share on other sites
EduardValencia
More proof that macs don't have better security than windows, just less hackers target macs...

+1

Link to post
Share on other sites
1Frothy

Right :rolleyes: and Vista and UAC is bulletproof too.

Link to post
Share on other sites
theyarecomingforyou
More proof that macs don't have better security than windows, just less hackers target macs...

Evidence that Macs have security flaws, not that they don't have better security. However, I would have to note that OSX has had a lot of security flaws recently - its claim to be more secure than Windows is certainly being erroded. Certainly market share is a factor.

Link to post
Share on other sites
.exo.
More proof that macs don't have better security than windows, just less hackers target macs...

agreed. and yes I use macs. granted unix IS a different beast than windows.

i've gotten just about everyone in my extended family to switch to macs just because they don't have to deal with the security-maintenance [scanning for viruses, malware, spyware, adware, etc.] on a regular basis (which none of them did when they had windows, and unfortunately I'm the family g33k). This made my life a lot easier not having to constantly fix their machines. Don't get me wrong, I think windows is excellent (and still use it daily) as long as you keep up with the security-maintenance.

Edited by EXO242
Link to post
Share on other sites
tomasarson
Right :rolleyes: and Vista and UAC is bulletproof too.

no one in this thread has said anything close to that.

Link to post
Share on other sites
EduardValencia
Right :rolleyes: and Vista and UAC is bulletproof too.

No but vista is much more secure than OSX

statistical results prove it

shhhhhhhhh

Link to post
Share on other sites
bloodrain
Right :rolleyes: and Vista and UAC is bulletproof too.

and that has anything to do with the brand new mac air being hacked...... how?

Link to post
Share on other sites
revvo
No but vista is much more secure than OSX

statistical results prove it

You don't even need stats, OSX being based on BSD that's already loads more secure than any Windows version out there. That's not what the article's about anyway.

Link to post
Share on other sites
funkyjunky

Blasphemy! *lol*

That's insane.. props to him :) Hopefully, in a rather few months, I'll be starting to really hack...

*keeps dreaming*

Link to post
Share on other sites
EduardValencia
You don't even need stats, OSX being based on BSD that's already loads more secure than any Windows version out there. That's not what the article's about anyway.

Not said by the people who know,imagine all this vulnerabilities in Mac OSX with this tiny market share,then imagine if Mac OSX has 93% of market share (DANG!),now imagine that windows (Vista and XP) has lesser vulnerabilites with 750 million computers than OSX with 50 million pc at the most,and im being optimistic.

Can you see the breach?

Hope so,otherwise i'm so sorry :)

Link to post
Share on other sites
betasp

Physical access = hackable, no matter what the system.

Link to post
Share on other sites
bloodrain
Physical access = hackable, no matter what the system.

not true.

Link to post
Share on other sites
betasp
not true.

Name an OS? I can tell you how to pull data. Remember, even encrypted drives can be thwarted by reading the keys form memory.

Link to post
Share on other sites
neufuse

Here's a clue for people, the only time your system is hack safe is when it is not connected to a network! period!

Link to post
Share on other sites
EduardValencia
Here's a clue for people, the only time your system is hack safe is when it is not connected to a network! period!

+1

Link to post
Share on other sites
Express
Physical access = hackable, no matter what the system.

A webpage reading local files in not a physical access hack.

Link to post
Share on other sites
Eric
You don't even need stats, OSX being based on BSD that's already loads more secure than any Windows version out there. That's not what the article's about anyway.

If it's more secure, why was it the first one hacked out of 2 Windows laptops and a MacBook? And that's exactly what the article is about.

Link to post
Share on other sites
betasp
A webpage reading local files in not a physical access hack.

Someone had to surf to the page....

Link to post
Share on other sites
betasp
A webpage reading local files in not a physical access hack.

Someone had to surf to the page....

Link to post
Share on other sites
EduardValencia

betasp,that avatar and phrase is amazingly funny,long time no see

Link to post
Share on other sites
Menge

i wonder what kind of exploit was used and how easy was to find it. (always good to keep safe, since i also own a Mac :p)

Link to post
Share on other sites
random_n
Physical access = hackable, no matter what the system.

That's true, but you can make it excruciatingly difficult. Look at the Xbox 360 - you'd think that by now somebody would have at least hacked a way to use hard drives with partitions larger than the retail drives. Or found a way to break out of the hypervisor and access the RSX chip in the PS3. And there are millions of those machines out there where people have full 24/7/365 unsupervised access to them, with quite a few looking to game the system.

It's the open-endedness of typical software that lends itself to bugs. Considering the alternatives, though, I'll stick with the bugs. :yes:

Link to post
Share on other sites
Brandon Live
You don't even need stats, OSX being based on BSD that's already loads more secure than any Windows version out there. That's not what the article's about anyway.

There are two major problems with that claim:

1) How do you define "BSD" and that BSD is "more secure than Windows?" There are several different BSDs, and the one regarded as most secure is OpenBSD - because it includes basically nothing. OpenBSD bears no relation to OS X.

2) Mac OS X is only very loosely based on BSD. While it does have a BSD kernel (and a Mach kernel, in a really funky arrangement), its userland, core libraries, and applications are almost entirely custom Apple code and design - with no real emphasis on security. Apple simply doesn't have the same experience writing secure software that Microsoft does. Ridicule Microsoft all you want, but they / we have learned a whole lot from what Windows has been through over the last decade. Security has become a core part of development at Microsoft. So far, Apple has done little to show that they can do the same.

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.