+ Post New Thread
Page 1 of 4 1234 LastLast
Results 1 to 15 of 47
Mac Thread, So much for Macs being secure in Technical; MacBook Air falls in two minutes at PWN 2 OWN | Zero Day | ZDNet.com Told you Mac's sucked :P ...
  1. #1
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,079
    Thank Post
    116
    Thanked 70 Times in 48 Posts
    Rep Power
    56

    So much for Macs being secure

    MacBook Air falls in two minutes at PWN 2 OWN | Zero Day | ZDNet.com

    Told you Mac's sucked :P
    Be interesting to see who wins between vista and linux today.

  2. #2

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    9,241
    Thank Post
    239
    Thanked 1,567 Times in 1,249 Posts
    Rep Power
    339

  3. #3
    Disease's Avatar
    Join Date
    Jan 2006
    Posts
    1,079
    Thank Post
    116
    Thanked 70 Times in 48 Posts
    Rep Power
    56
    ho ho I could not be arsed to search. oh well.

  4. #4
    torledo's Avatar
    Join Date
    Oct 2007
    Posts
    2,928
    Thank Post
    168
    Thanked 155 Times in 126 Posts
    Rep Power
    47
    'According to sources at the conference, Miller used an exploit against the Safari browser that ships standard with Mac OS X. Details of the vulnerability and the attack vector are now the property of TippingPoint’s ZDI (Zero Day Initiative), the sponsor of the Pwn2Own challenge'


    More like Safari sucks.

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,802
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224
    TippingPoint | DVLabs | PWN to OWN: Final Day's Results and Wrap Up

    The vista and the ubuntu machine are still standing. The rules have been further relaxed.

    we are now opening up the the scope of the targets beyond just default installed applications on those laptops; any popular 3rd party application (as deemed "popular" by the judges) can now be installed on the laptops for a prize of $5,000 upon a successful compromise
    I'm expecting the Vista machine wont last long under these circumstances.

  6. #6

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,680
    Thank Post
    3,210
    Thanked 1,030 Times in 955 Posts
    Rep Power
    361

    how are they setup ?

    can't open that article ( at least not from work ) but was curious as to how they set up each machine do they configure firewalls and other mechanisms before they allow them to try to gain access to each machine or is it just a base line pre installed image that each machine already came with ?

  7. #7
    joe90bass's Avatar
    Join Date
    Oct 2007
    Location
    S Wales
    Posts
    1,349
    Thank Post
    322
    Thanked 107 Times in 96 Posts
    Rep Power
    50
    @gecko They're as shipped by the vendor:

    The Cash Prizes
    All machines will be fully patched and in a default configuration. Simply put, if the vendor shipped it on the box and it's enabled, it's in scope.


    Day 1: March 26th: Remote pre-auth
    All laptops will be open only for Remotely exploitable Pre-Auth vulnerabilities which require no user interaction. First one to pwn it, receives the laptop and a $20,000 cash prize.
    The pwned machine(s) will be taken out of the contest at that time.

    Day 2: March 27th: Default client-side apps
    The attack surfaces increases to also include any default installed client-side applications which can be exploited by following a link through email, vendor supplied IM client or visiting a malicious website. First one to pwn it receives the laptop and a $10,000 cash prize.
    The pwned machine(s) will be taken out of the contest at that time.

    Day 3: March 28th: Third Party apps
    Assuming the laptops are still standing, we will finally add some popular 3rd party client applications to the scope. That list will be made available at CanSecWest, and will be also posted here on the blog. First to pwn it receives the laptop and a $5,000 cash prize.

    *To accommodate any individuals who may not have gotten a chance to take a stab at the machines, we'll provide the opportunity onsite for folks to submit their vulns through the normal ZDI process if they'd like to be compensated for their discovery.

    The awards ceremony will take place at the end of the day on the 28th. More details and daily results from the contest will be posted here on our blog. Please feel free to ask questions in the Comments section of this posting and we will try to answer them in a timely manner.

    Update - see our main blog index for the most recent daily updates from the contest.

  8. #8

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24
    *yawn*

  9. #9


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by Disease View Post
    Be interesting to see who wins between vista and linux today.
    Vista was compromised.

    So at the end of the last day of the contest, only the Sony VAIO laptop running Ubuntu was left standing.
    Cue MS apologist: It's more secure because no-one uses it, its adobe's fault etc.....

  10. #10

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,400
    Thank Post
    636
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    One-Nil-Nil to open source

  11. #11

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,131
    Thank Post
    1,907
    Thanked 1,342 Times in 741 Posts
    Blog Entries
    3
    Rep Power
    395

  12. #12
    bizzel's Avatar
    Join Date
    Jul 2007
    Location
    Cambridge
    Posts
    654
    Thank Post
    102
    Thanked 204 Times in 72 Posts
    Rep Power
    51
    Quote Originally Posted by tech_guy View Post
    I thought this was long fixed? The article is from 2006.

  13. #13

    Join Date
    Jul 2005
    Location
    Corby
    Posts
    1,056
    Thank Post
    12
    Thanked 20 Times in 18 Posts
    Rep Power
    24
    Edited: a 2006 article is used to try and prove something. What, I don't know!

    I mean- imagine a hardware vendor having hardware issues?
    Last edited by kingswood; 29th March 2008 at 05:22 PM.

  14. #14

    tech_guy's Avatar
    Join Date
    May 2007
    Location
    That little bit in the middle of Little Old England
    Posts
    8,131
    Thank Post
    1,907
    Thanked 1,342 Times in 741 Posts
    Blog Entries
    3
    Rep Power
    395
    D'oh, I just clicked on the link at the bottom of the original story about the hack - didn't see the date. Whoops. Oh poop. Whatever.

  15. #15


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Quote Originally Posted by tech_guy View Post
    D'oh, I just clicked on the link at the bottom of the original story about the hack - didn't see the date. Whoops. Oh poop. Whatever.
    I guess Zdnet don't carry so many OSX security stories

SHARE:
+ Post New Thread
Page 1 of 4 1234 LastLast

Similar Threads

  1. Sibelius & F-secure
    By pallen in forum General Chat
    Replies: 3
    Last Post: 31st January 2008, 08:04 PM
  2. Secure Printing
    By FreeWill in forum Wireless Networks
    Replies: 2
    Last Post: 9th October 2007, 11:45 AM
  3. How secure is a VLAN?
    By Ben_Stanton in forum Wireless Networks
    Replies: 5
    Last Post: 26th July 2007, 09:15 AM
  4. Making RDP more secure
    By mattx in forum Windows
    Replies: 2
    Last Post: 7th February 2007, 01:52 PM
  5. Secure Folder
    By SimpleSi in forum Windows
    Replies: 17
    Last Post: 5th October 2006, 12:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •