daveinpoway
join:2006-07-03
Poway, CA | Hackers to challenge Windows, Mac OS X and Linux next week
Read about it here: »www.computerworld.com/action/art···M&nlid=8 |
|
garys_2k
join:2004-05-07
Farmington, MI | Great. We'll all be better off when the new bugs they exploit are patched. |
|
LanDroid2
join:2004-12-20
Cincinnati, OH |  reply to daveinpoway
Any predictions?   |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV | reply to daveinpoway
I am guessing vista will be the easiest of the 3 to hack.
--
Best RegardsVampirefo |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA | reply to daveinpoway
Since the requirement is for a 0 day attack, I'm guessing Ubuntu. It's been the least tested in the wild, and vulnerabilities in it are worth less than the other two to gray hats. |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
 ·Comcast
| said by mikenolan7  :Since the requirement is for a 0 day attack, I'm guessing Ubuntu. It's been the least tested in the wild, and vulnerabilities in it are worth less than the other two to gray hats. that's interesting, you think a linux distro will be hacked quicker than a windows box.
time will tell, but my money is on windows folding the fastest. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA | I always pick the underdog. 
With that kind of cash and cred on the line, it may depend on who gets to go first. |
|
Cabal
Premium
join:2007-01-21
02101
| reply to LanDroid2
Whoever gets lucky in the drawing to be first in line for their 30 minutes alone with the system of their choice. I'm sure at least one person has collected a few in anticipation of the event.
--
Interested in open source engine management for your Subaru? |
|
Link Logger
Premium,MVM
join:2001-03-29
Calgary, AB
·Shaw
| reply to Vampirefo
said by Vampirefo :I am guessing vista will be the easiest of the 3 to hack. I'll say that OS X will be the first to fall again, and once again Apple will refuse to accept that it was owned, just like last year.
Blake |
|
chrisretusn
Retired
Premium
join:2007-08-13
Philippines | reply to daveinpoway
Well it could be any of the three. I'm going with Ubuntu or OS X, but I'm not betting on it. |
|
daveinpoway
join:2006-07-03
Poway, CA | Here's an update: »news.yahoo.com/s/infoworld/20080···ld/96604 |
|
EGeezer
Spring is here
Premium
join:2002-08-04
Central Ohio
clubs:
 ·AT&T CallVantage
·RoadRunner Cable
| reply to daveinpoway
I'd like to see them to do a challenge on various web servers with copies of real web sites and sample data (real data replaced with sample information to protect the innocent).
I think this would be a revelation...
--
Mayors of New York come from nowhere and go nowhere.
Wallace Sayre (apparently, so do governors... ) |
|
Just Basics
join:2003-06-08
Painter, VA | reply to daveinpoway
Nothing on day one:
»dvlabs.tippingpoint.com/blog/200···-results |
|
SUMware
Premium
join:2002-05-21
edit:
March 27th, @01:13PM
| said by Just Basics :Nothing on day one Because... quote:
By late Wednesday -- the first day of the contest, nobody had even tried to hack the three laptops. This wasn't exactly a surprise to the contest's organizers because on day one attackers were only allowed to use network-based attacks that involved no user interaction. Those type of attacks are extremely rare these days.
[emphasis added] |
|
Steve
SAS-70 is extortion
Consultant
join:2001-03-10
Tustin, CA
| reply to Vampirefo
said by Vampirefo :I am guessing vista will be the easiest of the 3 to hack. If I had a zero-day Vista remote attack, I'd never waste it on something like this. I'd instead sell it for far, far more money on the black market.
Steve
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site |
|
SUMware
Premium
join:2002-05-21
edit:
March 27th, @06:37PM
| reply to daveinpoway
MacBook Air falls in two minutes
From InfoWorld
March 27, 2008 - said by IW :
Gone in 2 minutes: Mac gets hacked first in contest
CanSecWest's PWN 2 OWN contest was won in 2 minutes -- after the rules were relaxed a bit -- as Charlie Miller hacked a MacBook Air
It may be the quickest $10,000 Charlie Miller ever earned.
He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.
Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.
He was the first contestant to attempt an attack on any of the systems.
Miller was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.
Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.
From TippingPoint Digital Vaccine Laboratories
27 Mar 2008 - said by DV Labs :
PWN to OWN Day Two: First Winner Emerges!
Congratulations to our first winner of the CanSecWest PWN to OWN contest! At 12:38pm local time, the team of Charlie Miller, Jake Honoroff, and Mark Daniel from Independent Security Evaluators have successfully compromised the Apple MacBook Air, winning the laptop and $10,000 from TippingPoint's Zero Day Initiative. They were able to exploit a brand new 0day vulnerability in Apple's Safari web browser. Coincidentally, Apple has just started to ship Safari to some Windows machines, with its iTunes update service. The vulnerability has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Apple who is now working on the issue. Until Apple releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability. You can track the vulnerability on the Zero Day Initiative upcoming advisories page under ZDI-CAN-303.
[Edit: Added second article info] |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV | reply to daveinpoway
Re: Hackers to challenge Windows, Mac OS X and Linux next week
Ok, I was wrong, LOL. |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV | reply to Steve
true, LOL. |
|
mikenolan7
Premium
join:2005-06-07
Torrance, CA | reply to daveinpoway
Link Logger wins the pool. Guess we each owe him $, Vampirefo. |
|
RadioDoc
Put Out The Cat
Premium,ExMod 2000-03
join:2000-05-11
Chicago, IL
 ·AT&T Midwest
| reply to Link Logger
Bragging rights to Blake.
This one is pretty bad though. It is pretty normal websurfing and/or email-reading behavior and even though people really should know better than click on links they aren't sure of, how many OS X users have been brainwashed into thinking they can't get infected or 'owned' so they are not really on guard as they should be?
I would call this a pretty serious "hack" since it really doesn't require anything but a plain vanilla OS X installation and normal surfing behavior.
--
Toolmaster of La Grange. |
|
