Mac hacked in 2 minutes

[guruparan]

even if you have physical access to computer...hacking a system in just 2 mins is PWND!!!

[Thrawn]

even if you have physical access to computer...hacking a system in just 2 mins is PWND!!!

Yup. That's mainly why this is funny.

I bet it would take more than two minutes to hackmy toaster.

[Brony]

even if you have physical access to computer...hacking a system in just 2 mins is PWND!!!

Not pwned but pretty pwned.

+ Overpriced

- A perfect machine (for perfect/cool people).

[C_Guy]

the cracking contest doesn't really count

This is exactly the response I would expect from Steve Jobs because I think he honestly believes his gadgets are invincible, even with proof thrown in his face. Poor guy.

Back to reality now...

I hope this demonstrates to everyone who fell for Apple's hype and perhaps opens their eyes to the FACT that Macs are designed and programmed by humans. They are subject to human error and can never, ever be 100% perfect. This goes for any other hardware or software out there. No one should expect it and no one should promise it.

[ikyouCrow]

not true.

the only safe computer is one that's turned off.

we just need to realize and accept that no system is truly "bulletproof".

[Joe User]

You might want to be a little careful with those claims.

Actually, the claims appear to be valid. Microsoft did a tremendous amount of security work in the past few years. The number of exploits in MS products since they started rolling out in 2005 are quite low. On the other hand Apple seems to be patching more lately, and their number of unpatched exploits is slowly creeping up.

[ichi]

If it's more secure, why was it the first one hacked out of 2 Windows laptops and a MacBook? And that's exactly what the article is about.

Maybe he just wanted a macbook air for free?

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network

He was the first contestant to attempt an attack on any of the systems.

:huh:

Also, how do you measure the time it took him to hack it? It's just the time from the start of the contest? Does it count the time it took him to set up the web page? Or all the previous research?

Edited March 28, 2008 by ichi

[macf13nd]

Actually, the claims appear to be valid. Microsoft did a tremendous amount of security work in the past few years. The number of exploits in MS products since they started rolling out in 2005 are quite low. On the other hand Apple seems to be patching more lately, and their number of unpatched exploits is slowly creeping up.

well put.

More to the point, rather than bashing Apple for having a computer than be be exploited by a person with physical access to it, (very very very very few workstations will not be exploitable) shouldn't we be lauding the guy who did it as a genius?

bloody fanboy threads! :)

[Hell-In-A-Handbasket]

true, but i think alot of exploits are with 3rd party software, like MS. but MS has more as there is more 3rd party software available making holes

Actually, the claims appear to be valid. Microsoft did a tremendous amount of security work in the past few years. The number of exploits in MS products since they started rolling out in 2005 are quite low. On the other hand Apple seems to be patching more lately, and their number of unpatched exploits is slowly creeping up.

agreed, but genius would be to much i feel, more along the lines of "knows his stuff"

well put.

More to the point, rather than bashing Apple for having a computer than be be exploited by a person with physical access to it, (very very very very few workstations will not be exploitable) shouldn't we be lauding the guy who did it as a genius?

bloody fanboy threads!

[Eric Veteran]

It was social engineering however so the cracking contest doesn't really count - this is no different than me putting up an iFrame vulnerability that exists in IE6/IE7 even today.

99% of all hacks are via social engineering. There is no difference between tricking someone on the phone into believing you're with the IT department and need their password and tricking them into going to a web site that isn't what they expected.

Anyone using MSN yesterday should be very aware how easy it's to blow up your IE because I kept getting messages from people asking me to click a certain link that opened an iframe and affects all IE6 and IE7 (Also Vista, because most of the people on the list who sent me the message were Vista users).

Erm... "Open an IFrame?" It's part of a web page. an IFrame is simply a frame that isn't anchored to a page edge and may therefore be obfuscated. (Like overlaying a fake forum menu on top of the real one.)

[Blaxima]

I have to admit I'm glad to see this. To many times Apple (not all) users delude themselves and act as if Apple is the savior or something when it is really just the same <snipped> different pile

Edited March 28, 2008 by John S.
circumvention of swear filter

[ThePitt]

a $10,000 cash prize

that show how cheap in apple are...

[///////////]

but then all the macusers couldnt say "hey i dont need antivirus, im on a mac"

Circaflex,

Contray to popular belief not all of us Mac users think like that or even consider that to be the case. Many of us are actually quite security conscious. I run antivirus to protect myself, as well as to prevent myself from inadvertantly sending nasties off to my PC using friends.

[Linkinfamous]

and your reply to the windows PC, is actually true, it was done in my Security Class before i graduated, just like i also used the MMC to remotely connect to a machine across the classroom and edited their registry(entrys in MMC go to registry) to lock their startmenu, edit permissions. and at a LAN party as a practical joke, inserted a couple porn vid's to a friends startup. if i have physical access to it but its locked, i can BART it, remove the PW, load the registry into BART Edit that, and do whatever else to the system

You have to be on the same network as the machine, and have the Admin password to do that...

[Eric Veteran]

there was more involved then going to a site

and your reply to the windows PC, is actually true, it was done in my Security Class before i graduated, just like i also used the MMC to remotely connect to a machine across the classroom and edited their registry(entrys in MMC go to registry) to lock their startmenu, edit permissions. and at a LAN party as a practical joke, inserted a couple porn vid's to a friends startup. if i have physical access to it but its locked, i can BART it, remove the PW, load the registry into BART Edit that, and do whatever else to the system

there is no Bull***, its fact as iv done it, my job requires me to break into a system @ customers request, or recover files/information if they can no longer access their computer

You need to stop posting and read the article.

"Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on."

ALSO

"Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser."

There was NOT more involved than visiting a web site.

And as for your security experiences, it's getting more fanciful every time, so I just don't believe a word of it now.

Edited March 28, 2008 by GreyWolfSC

[Hell-In-A-Handbasket]

you missed where i said "connect to a machine across the classroom"

and all passwords can be bypassed, or gotten

You have to be on the same network as the machine, and have the Admin password to do that...

[Eric Veteran]

Maybe he just wanted a macbook air for free?

:huh:

Also, how do you measure the time it took him to hack it? It's just the time from the start of the contest? Does it count the time it took him to set up the web page? Or all the previous research?

What he wanted makes no difference in whether the exploit happened or how long it took. And I think measuring it from "go" to the hack working is fair. How would you measure time for a real exploit? From the time that the user encounters it to the time that access is obtained, of course.

[Hell-In-A-Handbasket]

i would post my CompTia Cert's, but because i would block out the comp001003****** CareerID number as well as my name and date validated, it would jsut be the same as posting a random pic of a cert, just with more numbers

And as for your security experiences, it's getting more fanciful every time, so I just don't believe a word of it now.

[Eric Veteran]

i would post my CompTia Cert's, but because i would block out the comp001003****** CareerID number as well as my name and date validated, it would jsut be the same as posting a random pic of a cert, just with more numbers

Wouldn't help. I know people that have Bachelors in Computer Science that can hardly even use a computer.

[Hell-In-A-Handbasket]

you can get an A+ and can barely use a computer as that test was easy, the MS and above A+ actually require some thought, tests for MCSE where a pain when i took them 3-4 years ago

why i went with Certs instead of Computer Science, because iv experienced same people that your talking about, and alot of companies view Certs over Computer Science Degree, heck my Interview for MS ( Contractor in Reston VA for Network Engineer) main thing they asked about were my Cert's and RAID50 ( Mainly just asked if i was MCSE or could be in 3 months), didnt even ask once about a degree

but you got it in your head that i supposedly don't know squat, and im shure nothing will change that

Wouldn't help. I know people that have Bachelors in Computer Science that can hardly even use a computer.

*Edit* because i have a feelign it will come up, just because i had an interview, i do not work for MS, i don't like to sit behind a desk, it sucked @ DoE in Germantown, im pretty shure it still does.

Edited March 28, 2008 by Hell-In-A-Handbasket

[piehouserat]

ive been saying this for a while, as apples user base increases, more and more hackers will divert their attention towards macs. its only a matter of time before even more exploits are found. plain and simple.

[Hell-In-A-Handbasket]

agreed

ive been saying this for a while, as apples user base increases, more and more hackers will divert their attention towards macs. its only a matter of time before even more exploits are found. plain and simple.

[EduardValencia]

market share has nothing to do with vunerabilities,the holes are there regardless of how many use a system

Well that assumption isn?t correct,can you explain why OSX had a surge in vulnerabilities the last 2 years? (aprox)

Obviosuly the OS has evolved since,but evolved negatively or positively? i have no doubt that has evolved in a positive manner,however the switching to the x86 architecture,the introduction of new features not related to designers,and the increasing user base,this bring a whole new choices of configurations in every system.

This reason make me belive that OSX is entering a dangerous era,in few words OSX isnt a Multistellar OS,and this transision will cause a lot of damage,this menas that apple has no idea in wich terrain is entering,competing with an expierenced and dominant Windows,that has been testes and tested by hundreds of million people all over the world,with i may say infinite configurations,and this is the day that winows still has problems with drivers from many manufacturers.

Apple proposed this chanllenge

and Microsoft says ?bring it on?

[Imran Hussain]

My opinion, if a human makes it, there is always another human who can break it. Whether it's Linux, Windows or OS X. So, I see no surprise in this. P.S. that guy already had hacked the iPhone last year, which runs the same browser, so no wonder he did it in 2 minutes.

P.S. Why are there 2 thread on the same topic?? This is the other one:

https://www.neowin.net/forum/index.php?show...628158&st=0

[vincent]

Well that assumption isn?t correct,can you explain why OSX had a surge in vulnerabilities the last 2 years? (aprox)

Obviosuly the OS has evolved since,but evolved negatively or positively? i have no doubt that has evolved in a positive manner,however the switching to the x86 architecture,the introduction of new features not related to designers,and the increasing user base,this bring a whole new choices of configurations in every system.

This reason make me belive that OSX is entering a dangerous era,in few words OSX isnt a Multistellar OS,and this transision will cause a lot of damage,this menas that apple has no idea in wich terrain is entering,competing with an expierenced and dominant Windows,that has been testes and tested by hundreds of million people all over the world,with i may say infinite configurations,and this is the day that winows still has problems with drivers from many manufacturers.

Apple proposed this chanllenge

and Microsoft says ?bring it on?

We a company called MSI in our hospital this week, doing security checks via DDOS attacks, etc on our network to see how secure we our, we run a strict MS network and so far they've managed to bring down 5 systems since Monday

Windows is scary.