Linked by Thom Holwerda on Fri 28th Mar 2008 20:39 UTC, submitted by irbis
Privacy, Security, Encryption "An Apple Mac was the first victim in a hacker shoot-out to determine which operating system is the most secure. A former US National Security Agency employee has trousered USD 10000 for breaking into a MacBook Air at CanSecWest security conference's PWN 2 OWN hacking contest. The MacBook was lined up against Linux and Vista PCs - which have so far remained uncracked. Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but yesterday the rules were relaxed so that attackers could direct contest organisers using the computers to do things like visit websites or open email messages. The MacBook was the only system to be hacked by Thursday. Miller didn't need much time. He quickly directed the contest's organisers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems." There is more bad news for Apple: "If you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." Update: The contest is over. Vista got hacked using Adobe's Flash, Ubuntu was left standing.
Thread beginning with comment 307119
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Here you go!1
by pxa270 on Sat 29th Mar 2008 09:36 UTC in reply to "Here you go!1"
Member since:

I mean, come on, who here can believe that he came just like that and pull out an exploit magically. He prepared that exploit well before, he knew about it, and he was just waiting the moment that they relax the exploit methods to show up. No way that i can believe that he was not targeting the mac well before the context begins.

Nobody is asking you to believe that. Miller stated in his interview afterwards that it took him about 3 weeks to prepare the exploit. All teams were informed of the rules well in advance for all system. The whole point of the contest was to encourage researchers to find previously unknown or undisclosed holes. Miller found one in OS X. No other team found any in Vista or Ubuntu.

And no way that i can believe that the same thing could not gave been done for linux or windows. I mean there are a lot of researchers looking for exploits in Linux and associated softwares, so i can't believe that no one could not use one exploit and make it work if he/she would really wants it. The point is that the mac was the primarily target during this context, that's a matter of fact. Lets face it, that sounds well more sexy to say that the mac was hacked than to say it for linux or windows.

You should read the rules of the contest that others have conveniently summarized. All 3 systems were equally attacked. The contest wasn't over after the Mac went down, it continued for the rest of the day on the Vista and Ubuntu under the same rules, both had their own cash prizes to win, and both survived the day. So you can choose to believe that the teams attacking Vista and Ubuntu weren't interested in $10,000 and a free laptop or were plain incompenent (although one of the Vista attackers exploited the Mac through Quicktime last year, oops). Or you can stop trying to find excuses and just accept that OS X + Safari was just easier to crack than Vista + IE7 or Ubuntu + Firefox.

This context does not prove anything, he just shows that security researchers make their job and that they got more exited when hacking the mac.

Well, it also proves that some people will engage in silly rationalizations when reality clashes with their preconceived notions.

The rules were fair. The Mac lost. It's just that simple.

Reply Parent Score: 12

RE[2]: Here you go!1
by h3rman on Sat 29th Mar 2008 13:05 in reply to "RE: Here you go!1"
h3rman Member since:

Or you can stop trying to find excuses and just accept that OS X + Safari was just easier to crack than Vista + IE7 or Ubuntu + Firefox.

Please stop trying to iHurt people's iReligious iFeelings.

Reply Parent Score: 7

RE[2]: Here you go!1
by tweakedenigma on Sat 29th Mar 2008 16:14 in reply to "RE: Here you go!1"
tweakedenigma Member since:

I agree the Mac lost hands down, Although I would like to see what the exploit involved before I pass judgment. Vista was eventually broken after adding Java(or Flash I can't remember) to the mix and Apple has that software pre-installed on the OS. But time will tell and we will know when its all out in the open.

Reply Parent Score: 2