Sunday, March 30

Mac gets hacked first in contest in 2 minutes!!!

All hypes and myths about Apple being the most secure OS, or at least being the last OS to be hacked may have been busted by Charlie Miller on Thursday when he managed to hack an Apple MacBoock Air in 2 minutes flat during the CanSecWest security conference's PWN 2 OWN hacking contest. Show organizers offered a Sony Vaio, Fujitsu U810 and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed "0day" attack. Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages. Miller, best known as one of the researchers who first hacked Apple's iPhone last year, took advantage of the new privileges given by the jury and within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer. He was the first contestant to attempt an attack on any of the systems, and that was enough for him to win quick $10,000 and perhaps show how secure the MacBook Air was.

Full Story

Mac easiest to hack, says $10,000 winner
"[Mac OS X] security is better than it was three or four months ago," said Miller when asked to characterize Apple's current security status. "... We were equally capable of finding [a vulnerability] in Windows if we had to," he said.

TippingPoint, which acquired the vulnerability for its Zero Day Initiative bug-bounty program, said yesterday that it has reported the Safari flaw to Apple.