MacBook Air First To Be Compromised In Hacking Contest

Multiple readers have written to let us know that the MacBook Air was the first laptop to fall in the CanSecWest hacking contest. The successful hijacking took place only two minutes into the second day of the competition, after the rules had been relaxed to allow the visiting of websites and opening of emails. The TippingPoint blog reveals that the vulnerability was located within Safari, but they won't release specific details until Apple has had a chance to correct the problem. The winner, Charlie Miller, gets to keep the laptop and $10,000. We covered the contest last year, and the results were similar.

0wnership

[Anonymous Coward]

Ah, the pride of 0wnership.

do you hear that ?

[Anonymous Coward]

the sound of a million fanbois as they screamed Nooooooooooooo i sense i disturbance in the reality distortion generator set comments to flamebait and activate the extra moderation modules captain taco

Better headline

[BadAnalogyGuy]

Safari browser has massive security hole.

It's funny how they turned a huge hole in the Safari browser into a commercial for the Mac Air.

"Small size, big holes"

Re:do you hear that ?

[Lovat]

You are correct, sir. Flaimbait tags on both the story and half the comments here in 3 . . . 2 . . . 1 . . .

Keep the laptop

[iliketrash]

"The winner, Charlie Miller, gets to keep the laptop and $10,000."

You mean like when your airplane flight is cancelled and the airline offers you a free ticket. Or when the food at a restaurant is crappy and they give you a coupon to eat there again.

Would you want a Vista machine?

[Anonymous Coward]

Seriously... Microsoft can't even pay people to take it, let alone get them to put in effort to get one.

Re:Identical articles

[Anonymous Coward]

The Vista machine would have been hacked quicker if it ran faster

Re:Get the Facts is a better tag.

[Anonymous Coward]

Yes. The totally unbiased facts from a guy with "Mac" in his username.

Re:Ouch, that didn't take long.

[Almahtar]

The crap load is a metric unit?

Safari holed, so Apple pushes it to Windows ;)

[Marbleless]

So it is just coincidence that Apple are now pushing an unsafe Safari to Windows users (http://apple.slashdot.org/article.pl?sid=08/03/27/129236)?

Or am I being a conspiracy nut? ;)

Re:And in other news.....

[linumax]

"We Love Microsoft and Hate All Things Apple."

O_O Are we on the same slashdot?

We all are on the same website; some posters though, are inside the Reality Distortion Field.

Re:Ouch, that didn't take long.

[Anonymous Coward]

Sorry, you are confusing the Fuck-ton with the Ass-Load. The Imperial Ass-Load is the comparable unit. Fuck-ton is for measuring mass, not volume.

Re:Get the Facts is a better tag.

[exley]

The contest was also sponsored by the likes of Google, Cisco, Adobe, some security folk... They must all have it in for Apple, oh no Apple is screwed! Plus if you read how the contest [itworld.com] was run, it's hard to make the case that this was all pro-MS.

Get the facts... Up to the point where they support your agenda and then punt.

Re:I think this section is relevant

[mrbluze]

Pretty much says it all.

Yeah. A Laptop is safe, even connected to a network, provided you make no contact with the network as the user.

Like my car - very very safe as long as you don't back it out of the garage.

Re:It Might Have Been Harder if...

[moderatorrater]

You're right. With a stricter firewall, the browser wouldn't have been able to fetch anything over the internet at all.

Re:Identical articles

[Basehart]

"So the security will be even more relaxed on the third day because Ubuntu and Vista survived the first two days without a hack. The Mac finished last and is out of the race."

The Mac actually won because it was the first one to be exploited.

Re:Inquiring minds...

[moderatorrater]

Does "first to be compromised" mean the only one to be compromised?

At this time, it was the only one hacked. The contest continue tomorrow.

Is the contest completely over once one machine is cracked?

It continues tomorrow with more 3rd party apps installed that can be used to break into the system. I don't see much chance of the other two making it through tomorrow, but that depends on the programs they install.

If not, were Windows and Ubuntu cracked minutes or hours after OS X?

They're both still un-cracked.

Does using Firefox on OS X make it uncrackable?

If you plug one hole in a sieve, will it hold water?

Was each OS required to use it's own browser: IE, Safari, and Epiphany?

They had to use the software that comes pre-installed on the machine.

Since Firefox works on all 3 systems, wouldn't that be a better gauge of OS security?

Only if Firefox came preinstalled on all 3 systems.

Where did I come from?

Your mother's vagina. Hopefully you've never been back.

Why is the sky blue?

Do I look like Einstein?

Forking Acronyms

[Safiire Arrowny]

"Super user do", sounds better than "switch user do", so from here on, that's what it's going to stand for. I'm also changing the G in GNU to stand for GNU *is* Unix. Good day to you.

Re:That VAIO might be worth pwning

[jerw134]

If it were in my neighborhood, I might go by and pick one or the other up (if no one beat me to it). I want a lightweight portable to take on the train.

Yeah, I'm sure you could just drop by and win one of the laptops. You dolt, these people have been preparing for this contest for the better part of a year, and the Vista and Linux laptops still weren't hacked by the end of day two. I can tell by your posts that you're not that smart, so I have no idea how you think you'd win either of the laptops.

Re:Identical articles

[E IS mC(Square)]

"Maybe I'm being ignorant" he says. Give him a chance. Give him one. ..."but was the same attention devoted to hacking the other systems?" Naah.. he lost it, the ignorant fool.

Re:Owning Beauty

[el americano]

All the Apple patches in the world won't save you from this exploit

How about Firefox + NoScript? Actually I was hoping for an OS vulnerability, something where you can be targeted, but I suppose everyone deserves credit this time around.

Too bad David Maynor wasn't there. He woulda hacked the MacBook Air in 5 minutes!

Re:Better headline

[ilikejam]

There's a 'yo mama' joke in there somewhere.

Re:Identical articles

[Anonymous Coward]

If the winner got to keep it if they hacked it, maybe nobody *wanted* to hack the Vista machine? :-)

Re:do you hear that ?

[ta bu shi da yu]

The assumption that I was criticising him is all yours, good sir.

Re:Identical articles

[drsmithy]

Well, they let them use a Vista laptop because Windows 7 isn't available yet (not sure it means anything, but Microsoft is still an OS generation behind Apple).

You seem to have that arse-about-face. In every way except the display system, even Windows NT 3.51, dating from the early '90s, was a generation ahead of OS X until about 10.4/10.5. Vista leapfrogged ahead with the display system, while 10.4 and 10.5 brought in parity with lower level aspects like fine-grained locking and an ACL-based security system (albeit still only applicable to the filesystem). For all intents and purposes they're equivalent, although arguably Windows is slightly ahead because of its better display system and more active development time.

Re:I think the relevant part is:

[catwh0re]

While this does make sense on the surface, the point of failure is that the hackers are not just entering the competition and trying their luck with random keystrokes. Each person is coming to the event with something they have prepared earlier. (Hence why the machine fell in 2 minutes, it fell with the first attempt.) This hacker targeted the mac for the follow-on benefits, it's a valuable prize and it'll earn him a lot of press. Now he can charge more per hour for his security consulting.

No one is going to be interested in the fact that it required user-assistance and can't be executed remotely (which are by far the most worrisome.)