MacBook Hacked In Contest Via Zero-Day Hole in Safari 156
EMB Numbers writes "Shane Macaulay just won a MacBook as a prize for successfully hacking OS X at CanSecWest conference in Vancouver, BC. The hack was based on a Safari vulnerability found by Dai Zovi and written in about 9 hours. CanSecWest organizers actually had to relax the contest rules to make the hack possible, because initially nobody at the event could breach the computers under the original restrictions. 'Dai Zovi plans to apply for a $10,000 bug bounty TippingPoint announced on Thursday if a previously unknown Apple bug was used. "Shane can have the laptop, I want the money," Dai Zovi said in a telephone interview from New York. TippingPoint runs the Zero Day Initiative bug bounty program.'"
Re:So, if I reaf TFA correctly: (Score:5, Informative)
Re:So, if I reaf TFA correctly: (Score:5, Informative)
The rules originally required getting a user shell on a macbook connected to a wireless router without any other access, or getting a root shell under the same conditions on a second macbook without using the same bug.
The prize was the macbook(s) you hacked.
But they decided not enough people were interested, so 3Com added a $10,000 bounty for a winning bug.
But no one could crack it, so they set the machine up to visit malicious web pages submitted by email.
Then someone found a bug in Safari, and successfully crafted a webpage to exploit it to get user shell access.
Re:So, if I reaf TFA correctly: (Score:5, Informative)
The Register is more informative. (Score:2, Informative)
I wish they'd been more explicit as to what 'relaxing the rules' meant. But maybe that would've spoiled the story.
They allowed user activity, aka he browsed to a site he created for the purpose. It seems this is not a full auto worm type exploit of the kind common in the Windoze world. See here [theregister.co.uk]. It's hard to say if the problem was javascript of something like Flash called by it.
All the M$ tools are going to be underlining their popularity arguments and slinging mud at all the more secure OS. Even the Register indulged in a little of that kind of flamage.
Read a better article than the one linked. (Score:5, Informative)
This seems a little sensationalized... (Score:4, Informative)
Regular User (Score:1, Informative)
2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Al
Just to review the rules, the first box required a flaw that allows the attacker to get a shell with user level privilages. The second box, still up for grabs, requires the same, plus the attacker needs to get root.
http://cansecwest.com/ [cansecwest.com]
Re:So, if I reaf TFA correctly: (Score:3, Informative)
Re:Hey, good! (Score:0, Informative)
No he wasn't. He was the subject of a major Apple lead smear campaign which misrepresented his claims. The bug he found was actually fixed by Apple a few months later, but the usual bunch of apologists, even at the time Apple was fixing the bug, went out of their way to lie about what both Apple and the bug finders had done.
This [zdnet.com] basically explains what happened. Anyone who reads it and continues to claim anything from "the Airport hack didn't exist" to "Maynor and Ellch faked the demo" is, frankly,to use your language, a raging tool.
Re:So not the OS then! (Score:1, Informative)
there are some weird things in Safari... (Score:5, Informative)
Safari lets you include local files, for example...
i told apple (and got a lame reply that it would be fixed eventually) month ago, yet it still works.
see http://destabili.zation.eu/ [zation.eu] for a quick harmless example that can check what applications you got installed.
and then there is a way to crash Safari which exists for more than a year - again i had an email conversation where they wanted more info and crashreports - yet nothing was ever done about it.
http://lixlpixel.org/safaricrash/ [lixlpixel.org] and follow the instructions - but make sure you don't have any important tabs open...
Re:switcher (Score:2, Informative)
Well in the nightly Webkit builds the javascript engine has been overhauled, so chances are it's "already" fixed, in a sense. Up until now it's looked like Apple's been prepping that for a Leopard release, but maybe this will prompt them to move it up.
By the way, those Webkit nightlies are really looking strong. [ajaxian.com]
Re:Konqueror (Score:3, Informative)
Now, WebKit is developed in a public repository, and used by Nokia and others, as well as Apple. There has been some discussion of KDE abandoning KHTML and using WebKit for Konqueror, but this was met with mixed reactions. WebKit and HTML are now very different systems, although they share a common heritage and often import each others' changes when possible.