Linked by Thom Holwerda on Fri 28th Mar 2008 20:39 UTC, submitted by irbis
"An Apple Mac was the first victim in a hacker shoot-out to determine which operating system is the most secure. A former US National Security Agency employee has trousered USD 10000 for breaking into a MacBook Air at CanSecWest security conference's PWN 2 OWN hacking contest. The MacBook was lined up against Linux and Vista PCs - which have so far remained uncracked. Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but yesterday the rules were relaxed so that attackers could direct contest organisers using the computers to do things like visit websites or open email messages. The MacBook was the only system to be hacked by Thursday. Miller didn't need much time. He quickly directed the contest's organisers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems." There is more bad news for Apple: "If you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." Update: The contest is over. Vista got hacked using Adobe's Flash, Ubuntu was left standing.
Permalink for comment 307050
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2005-07-13
It's worth remembering that when it came to attacks based directly at the platform rather than applications running on it, there were no contenders which bodes well for the default security posture of all three platforms.
Was this a case of OSX really going down, or was it related entirely to the flaw in Safari that opened the system to remote access?
I think it's an important distinction because this is the direction the blackhats are moving in. The days of open ports in Windows are over, even Microsoft has taken to a more responsible security design. Linux and OSX already had a natural advantage in this area. So attacks will no longer be against the platform, necessarily, but more against the applications running on top of them. Browsers, plugins, media players etc. will all be the focus of blackhat activity, and that is disconcerting because it means that vulnerabilities in an application on one platform could be easily transferable to other platforms. A flaw in firefox is often a flaw in firefox Win/OSX/*nix. The flaw in Safari that broke OSX could easily apply to the Windows version as well, hard to know without disclosure yet.
It's good that we have a choice of secure platforms to use, but now there is the whole issue of needing ISV's to take the same security approach that the OS vendors have often been forced to take, otherwise it will all be for naught. The platform can certainly help minimize the damage a rogue app exploit can occur in a cross-platform app, but it's still an issue that will need to be addressed.
As much as I'm tempted to giggle at bit at the fact that OSX was the first to go down, I don't think it's Apple the OSX vendor that should be blushing. It's Apple the software company that should be concerned, but that could just as easily have been Adobe or someone else. In fact, I was kind of expecting it to be Adobe with all of the flash issues they've had lately.
Anyways, will be interesting to watch and see what happens over the rest of the contest.