Mac's hacked in seconds second year running!

Printable View

19th March 2009, 01:02 PM
ZeroHour

Mac's hacked in seconds second year running!

Quote:

Many people may remember Charlie Miller from last year's event where he successfully hacked a MacBook and was able to take control over it within seconds, walking away with the MacBook and the grand prize.

Charlie Miller once again successfully hacked the fully patched MacBook by exploiting a security vulnerability in Safari, Apple's web browser. The hack was accomplished by the team clicking on a link that took control of the machine within seconds. Charlie Miller walked away with the MacBook and the $10,000 top prize after successfully hacking the MacBook the fastest.

TippintPoint's Zero Day Initiative has acquired exclusive rights to the vulnerability, and will work with Apple to patch the flaw. Details about the attack will not be disclosed until the patch is ready.

Source: MacBook hacked in seconds, again

LOL epic fail again!
19th March 2009, 01:04 PM
Domino

He had the vuln ready almost since last year...the mac only went down first becasue he had first crack..

You'll notice firefox and IE went down just after as well - only chrome is still up (no opera in this one..)

and I don't know how good their reporting is...but its $5,000 per browser, and the machine you compromised
19th March 2009, 01:15 PM
ZeroHour

It went down fastest because it was easiest!
The other thing is most mac users dont run any security software since they think they are immune. If you were targeted by this hack you wouldnt even know it happened properly where as at least windows users have a chance of it being found via AV,windows defender, windows update malware pack.
Thats the real point of this, your mac is LESS SECURE THEN WINDOWS VISTA! run software to secure yourself as appropriate and dont just believe lord jobs.
19th March 2009, 01:25 PM
Little-Miss

As if there are even competitions out there!! :eek:

I suppose its better then finding out the hard way...
19th March 2009, 01:35 PM
somabc

Quote:

Originally Posted by ZeroHour

It went down fastest because it was easiest!
The other thing is most mac users dont run any security software since they think they are immune. If you were targeted by this hack you wouldnt even know it happened properly where as at least windows users have a chance of it being found via AV,windows defender, windows update malware pack.
Thats the real point of this, your mac is LESS SECURE THEN WINDOWS VISTA! run software to secure yourself as appropriate and dont just believe lord jobs.

Don't believe the hype, windows so called security products would have done nothing to protect you here. These hackers used vulnerabilities that only they knew about, not anything your AV scanner would have picked up. Also they had to click on a link to be infected they could not infect the mac without access.

PS The Mac was competing with Windows 7, not Vista.
19th March 2009, 01:43 PM
ZeroHour

Yeh vista took longer to hack and they used FF on it. These holes could very easily be known about by the crims considering they are paid much more to find them. Just because no one has found live usage of the exploits it doesnt mean there wont be.

I know the limitations of the windows freebies but its better then nothing like what you get on a mac. At least there is a chance they find a way to remove it and send it out. TONS have been fixed this way if you pull the stats and it has helped a lot of people.

My point truly is, if you have a mac and think your immune and dont need AV software think again!
Its for those out there that think it cant get hacked or that its somehow magically better then windows.
19th March 2009, 01:49 PM
Domino

they took about the same time to hack -

'go to this site, click on that'

the mac guy went first.....cause he won last year
19th March 2009, 01:57 PM
Butters

Quote:

Originally Posted by Domino

they took about the same time to hack -

'go to this site, click on that'

the mac guy went first.....cause he won last year

Yea it seems a bit odd that they are glorifying his hacking skill when physically the end user has to click a link to let him in.

Bit like having to invite a vampire in before he can come in your house.

"Sorry mate, not tonight"
19th March 2009, 01:59 PM
Domino

well - the clever bit was finding that vulnerability - but he is a mac security expert.

this year theres a whole host of mobile devices involved too - so I expect that'll be interesting once the results are published.

also: remind me Shaun, what phone do you have.....?
30th November 2009, 01:53 AM
HAB

keylogger binding and remote deployment for quick click user activation

Can keyloggers such as Aobo Mac OS X Keylogger and Perfect Keylogger for Mac be binded ( disguised eg. video file ) and sent/deployed remotely through email to a target Mac for activation by the user ?
30th November 2009, 06:13 AM
torledo

:p

Quote:

Originally Posted by ZeroHour

It went down fastest because it was easiest!
The other thing is most mac users dont run any security software since they think they are immune. If you were targeted by this hack you wouldnt even know it happened properly where as at least windows users have a chance of it being found via AV,windows defender, windows update malware pack.
Thats the real point of this, your mac is LESS SECURE THEN WINDOWS VISTA! run software to secure yourself as appropriate and dont just believe lord jobs.

i've read a number of interviews charlie miller has done over the last year, and i can't remember one where he goes out of his way to recommend users get an anti-virus solution for their mac.

Also, leopard and snow leopard may be technically less secure than vista/7, but that's different to how safe a user is on the relative platforms. Aren't most [all?] viruses and worms targetted for the windows OS becuase of the economics aspect. The question of why should those who write malicious code for criminal purposes double the time writing exploits for an OS with such a much smaller market share.

It seems that those who do highlight flaws such as this in OSX and it's apps want Apple themselves to take the onus to secure the operating system, rather than burden users with loads of third party 'security' apps potentially slowing the system down [ i don't think it's the presence of Windows Defender and AV engines that makes Vista the OS more secure but the changes under the hood MS have made],

Because apple are far less of a niche player then before, and with increased market share they run the risk of not being able to have an OS that makes it more difficult for exploit writers should it become more targeted.

As others have said, would a zero day problem like this have been picked up by an AV engine, surely OSX users can't do much beyond keeping the OS and Apps patched [which apple presumably recommend], and use a different browser for the mac if they are paranoid about that.
And hopefully some day Apple can secure the OS in the manner that Miller has repeatedly called for. Ironically, it's Apple who recommend users run anti-Virus on OSX , so it sounds like your on message with 'Lord Jobs'. :p