Mac hacked in 2 minutes

By Express
in Back Page News

 Share

Recommended Posts

Veteran

Express

Posted
Posted

Source: http://news.yahoo.com/s/infoworld/20080327...infoworld/96676

It may be the quickest $10,000 Charlie Miller ever earned.

He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810, and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system using a previously undisclosed "0day" attack.

Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.

Link to comment
https://www.neowin.net/forum/topic/628192-mac-hacked-in-2-minutes/
Share on other sites
Grand Master

theyarecomingforyou

Posted
Posted
More proof that macs don't have better security than windows, just less hackers target macs...

Evidence that Macs have security flaws, not that they don't have better security. However, I would have to note that OSX has had a lot of security flaws recently - its claim to be more secure than Windows is certainly being erroded. Certainly market share is a factor.

Community Regular

.exo.

Posted
Posted (edited)
More proof that macs don't have better security than windows, just less hackers target macs...

agreed. and yes I use macs. granted unix IS a different beast than windows.

i've gotten just about everyone in my extended family to switch to macs just because they don't have to deal with the security-maintenance [scanning for viruses, malware, spyware, adware, etc.] on a regular basis (which none of them did when they had windows, and unfortunately I'm the family g33k). This made my life a lot easier not having to constantly fix their machines. Don't get me wrong, I think windows is excellent (and still use it daily) as long as you keep up with the security-maintenance.

Edited by EXO242
Grand Master

EduardValencia

Posted
Posted
You don't even need stats, OSX being based on BSD that's already loads more secure than any Windows version out there. That's not what the article's about anyway.

Not said by the people who know,imagine all this vulnerabilities in Mac OSX with this tiny market share,then imagine if Mac OSX has 93% of market share (DANG!),now imagine that windows (Vista and XP) has lesser vulnerabilites with 750 million computers than OSX with 50 million pc at the most,and im being optimistic.

Can you see the breach?

Hope so,otherwise i'm so sorry :)

Grand Master

Eric Veteran

Posted
  • Veteran
Posted
You don't even need stats, OSX being based on BSD that's already loads more secure than any Windows version out there. That's not what the article's about anyway.

If it's more secure, why was it the first one hacked out of 2 Windows laptops and a MacBook? And that's exactly what the article is about.

Mentor

random_n

Posted
Posted
Physical access = hackable, no matter what the system.

That's true, but you can make it excruciatingly difficult. Look at the Xbox 360 - you'd think that by now somebody would have at least hacked a way to use hard drives with partitions larger than the retail drives. Or found a way to break out of the hypervisor and access the RSX chip in the PS3. And there are millions of those machines out there where people have full 24/7/365 unsupervised access to them, with quite a few looking to game the system.

It's the open-endedness of typical software that lends itself to bugs. Considering the alternatives, though, I'll stick with the bugs. :yes:

Grand Master

Brandon Live Veteran

Posted
  • Veteran
Posted
You don't even need stats, OSX being based on BSD that's already loads more secure than any Windows version out there. That's not what the article's about anyway.

There are two major problems with that claim:

1) How do you define "BSD" and that BSD is "more secure than Windows?" There are several different BSDs, and the one regarded as most secure is OpenBSD - because it includes basically nothing. OpenBSD bears no relation to OS X.

2) Mac OS X is only very loosely based on BSD. While it does have a BSD kernel (and a Mach kernel, in a really funky arrangement), its userland, core libraries, and applications are almost entirely custom Apple code and design - with no real emphasis on security. Apple simply doesn't have the same experience writing secure software that Microsoft does. Ridicule Microsoft all you want, but they / we have learned a whole lot from what Windows has been through over the last decade. Security has become a core part of development at Microsoft. So far, Apple has done little to show that they can do the same.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Qualcomm's new Snapdragon Reality Elite chip brings on-device AI to Android XR devices

      By pradeepviswav · Posted

      Qualcomm's new Snapdragon Reality Elite chip brings on-device AI to Android XR devices by Pradeep Viswanathan Qualcomm has been delivering dedicated SoCs for mixed reality and spatial computing devices for several years. The journey started with the Snapdragon XR1, followed by the Snapdragon XR2 in 2019, the Snapdragon XR2 Gen 2 in September 2023, and finally the Snapdragon XR2+ Gen 2 in 2024. Today, Qualcomm announced a major upgrade with the new Snapdragon Reality Elite Platform, which targets premium mixed reality and spatial computing devices. OEMs can use this SoC to power both all-in-one video-see-through headsets and lightweight, tethered optical-see-through glasses. Qualcomm highlighted that the Snapdragon Reality Elite will power the next wave of Android XR devices coming later this year. These wearables will offer better visuals, improved power efficiency, and deeper on-device AI integration compared to the previous generation. The Snapdragon Reality Elite can deliver up to 48 TOPS of AI performance, allowing large language models and large vision models to run directly on the device for the first time. In addition to enabling new spatial AI experiences, these new AI capabilities will improve head and hand tracking, as well as see-through features. On the performance side, the Snapdragon Reality Elite offers up to 60% higher GPU performance, up to 30% higher CPU performance, and up to 160% higher NPU performance compared to the previous generation. The platform supports visuals of up to 4.4K per eye at 90 frames per second for sharper images and smoother motion. Qualcomm is also claiming significant efficiency improvements. The Snapdragon Reality Elite can offer up to 20% longer battery life under the same workload. More importantly, the chipset can run up to 12 degrees Celsius cooler under load, making headsets more comfortable for users to wear for longer periods. The platform also includes improvements to video see-through, featuring lower latency and better image quality. Qualcomm states that its EVA hardware block helps accelerate demanding computer vision workloads, improving how digital content blends with the real world.
    • Report: Microsoft to use AWS to help GitHub deal with a major surge in demand

      By Nas · Posted

      Umm... GitHub continues to use AWS. That's the story, that's the headline. There's no "new" news here. GitHub continues to require additional capacity beyond the originally-planned Azure allocations. There's nothing special about this; nothing noteworthy. They're still using AWS' infra until the cutover is complete.
    • what other retro software do yall use

      By goretsky · Posted

      Hello, Also known for https://www.theguardian.com/technology/2009/jan/29/adware-internet.   Regards, Aryeh Goretsky    
    • You pay just $100 per TB with this rare 4TB PCIe Gen4 NVMe SSD deal

      By goretsky · Posted

      Hello, I have used a few TEAM Group SSDs, USB flash drives, and Micro SDXC cards in the past. They all seemed to work fine. Regards, Aryeh Goretsky
    • You pay just $100 per TB with this rare 4TB PCIe Gen4 NVMe SSD deal

      By vjlex · Posted

      "just $100 per TB"? Just? Are we trying to make this seem like the new normal? Kinda weird to make it sound like that is not a ridiculously expensive asking price.

  • Recent Achievements

    • Collaborator
      vjlex earned a badge
      Collaborator
    • Reacting Well
      Dys Topia earned a badge
      Reacting Well
    • Conversation Starter
      NovaEdgeX earned a badge
      Conversation Starter
    • One Year In
      Console General earned a badge
      One Year In
    • Week One Done
      Twozo Technologies earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      517
    2. 2
      +Edouard
      182
    3. 3
      PsYcHoKiLLa
      106
    4. 4
      Steven P.
      88
    5. 5
      ATLien_0
      68
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!