Subscribe to Liquidmatrix Security DigestNews FeedSubscribe to Liquidmatrix Security DigestComments

Browse > Home /

CanSecWest: Countering Misinformation

0

Here is a piece on the recent CanSecWest conference. This piece by Thom Holwerda is a response to an article that showed up on “Roughly Drafted“.

From OS News:

As you surely know by now, the CanSecWest conference was the stage for a contest, PWN to OWN. Three laptops were set up; laptops running Windows Vista, Ubuntu Linux, and Mac OS X. The goal was to hack the computer and read the contents of a file located on each of the machines, using a 0day code execution vulnerability. During the first day, you can only attack the machine over the network, without physical access. On the second day, user interaction comes into play (visiting a website, opening an email). On the third and final day, third-party applications are added to the mix. Each machine had the same cash prize on its head. As you all know, the Mac was hacked first, on day two. The user only had to visit a website, and the Mac was hacked. Vista got hacked on the third day using a security hole in Adobe’s Flash, and the Ubuntu machine did not get hacked at all.

Good read. Check it out.

Article Link

Posted by Dave Lewis on Monday, March 31, 2008 at 8:11 am 
Filed under Conferences · Tagged with , ,

Two Minutes To MacBook

0

mbair.jpg

Well, CanSecWest (which I missed yet again) has hit the press with the hacking contest that saw the MacBook Air hacked in…2 minutes. The winner received 10K for his troubles. Now that is one helluva hourly rate.

From security.itworld .com:

Miller, best known as one of the researchers who first hacked Apple’s iPhone last year, didn’t take much time. Within 2 minutes, he directed the contest’s organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign and he’s not allowed to discuss particulars of his bug until the contest’s sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple’s Safari browser.

Nicely done.

Article Link

Posted by Dave Lewis on Friday, March 28, 2008 at 7:17 am 
Filed under Conferences, Hacker · Tagged with , ,