MacBook Air First To Be Compromised In Hacking Contest 493
Multiple readers have written to let us know that the MacBook Air was the first laptop to fall in the CanSecWest hacking contest. The successful hijacking took place only two minutes into the second day of the competition, after the rules had been relaxed to allow the visiting of websites and opening of emails. The TippingPoint blog reveals that the vulnerability was located within Safari, but they won't release specific details until Apple has had a chance to correct the problem. The winner, Charlie Miller, gets to keep the laptop and $10,000. We covered the contest last year, and the results were similar.
Re:Identical articles (Score:2, Interesting)
Owning Beauty (Score:2, Interesting)
Instead if they had a choice they would attack the weakest machine and you'd see people voting with their feet as to which machine was the weakest. An actually measurement.
instead you got a beauty contest. Which apple apparently won.
Re:Owning Beauty (Score:3, Interesting)
More to the point, what you can't measure here is the real world vulnerability. I cringe at keeping my Linux machines up-to-date and protected. I rely on firewalls not themachines. With the machines, which are production machines, it's huge roll of the dice to try to apply a patch and descend into dependency hell and discover over the next week which parts of your production got broken and which need compat libs and so on. With my fleet of macs, I don't hesistate to software update (well actually, unless the vulnerability is rampant I wait a week cause even apple screws the pooch. But just a week, and then you know it's safe.)
SO in the real world macs are highly patched. MS can be and it's only a wee bit harder. (And when they fuck up (SP1) they go big, but it's mainly a function of your hardware.) Linux requires real expertise and knowledge of how your specific magic mixture of packages will be affected.
Re:Low? What's Low? (Score:2, Interesting)
A low integrity process cannot write to a high integrity process, so bad information (like malware) cannot get to the system. Likewise, it cannot write to any medium integrity objects (windows, files, processes, etc.), such as those owned by the user running the browser. This means that a buffer overflow exploit in a plug-in will not allow the code to write to the filesystem outside its sandbox, nor will it be able to do things like hijack your homepage.
Of course no security system will prevent you from entering your CC# into a fraudulent online store, so it still has to have a phishing filter.
dom
Tags? (Score:3, Interesting)
Just sayin...
Safe Browsing for real (Score:3, Interesting)
A real hero (Score:5, Interesting)
In other words this guy most likely found a security bug in Safari, but instead of reporting it directly, made an exploit and waited for a hacking contest to get a monetary benefit out of it. A real hero. Or maybe he was just quick. Which seems more plausible?
Re:Identical articles (Score:3, Interesting)
Congratulations sir. Apple hating Slashdotters' capacity for misquoting for libelous use and getting modded "insightful" for it never ceases to amaze me.
Alternate headline: Mac last hacked IRL (Score:5, Interesting)
I don't care if it's spyware, adware, a virus, a tray icon, or or even just a simple browser toolbar or homepage or search-engine hijacking; or if it's installed manually or via drive-by methods--whether its due to small market share, inherent (UNIX) security, or something else, I will continue to argue that Mac and Linux are the better platforms, IN PRACTICE, for the average user.