Slashdot Mirror
MacBook Hacked In Contest Via Zero-Day Hole in Safari
EMB Numbers writes "Shane Macaulay just won a MacBook as a prize for successfully hacking OS X at CanSecWest conference in Vancouver, BC. The hack was based on a Safari vulnerability found by Dai Zovi and written in about 9 hours. CanSecWest organizers actually had to relax the contest rules to make the hack possible, because initially nobody at the event could breach the computers under the original restrictions. 'Dai Zovi plans to apply for a $10,000 bug bounty TippingPoint announced on Thursday if a previously unknown Apple bug was used. "Shane can have the laptop, I want the money," Dai Zovi said in a telephone interview from New York. TippingPoint runs the Zero Day Initiative bug bounty program.'"
"All the M$ tools are going to be underlining their popularity arguments and slinging mud at all the more secure OS."
What "more secure OS" are you talking about?
The bounty on Vista vulnerabilities was reportedly $25,000 when is was RTM, and in five months only eight vulnerabilities have been exposed. The bounty on the OSX vulnerability was $10,000, and it took less than half a day for someone to collect it.
Wake me up when OSX (or linux or *BSD) are subjected to the same conditions as Windows and then we'll see which is the most secure OS.
The fact that people can be malware-free by using OSs like Linux, *BSD and OSX is a testament to the real value in security by obscurity.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
the b[SD license,
There's a market for Vista vulnerabilities that pays far more than $25K for a zero-day exploit. You can bet than many more have been found, and are in use by zombie-net operators right now.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Nah, Windows is even worse.
I switched from XP to Linux to BSD to Mac OS in 2003. Early this year I switched back to Linux. Can't beat power and usability (Ubuntu with Gnome), especially not with crap like Finder and the Mac OS window manager.
It says a lot about you and about Slashdot that you can hop on an article about someone hacking OS X, do your "M$ Windoze" routine and then get modded up for it. Seriously though, I'm sure that once Taco figures out his MySQL problems he'll have a tasty Microsoft FUD story for you to comment on. I suggest you wait for that?
Nah. Everyone knows marketshare has nothing to do with which platforms hackers target. If anything hackers would want to crack Vista just for the the notoriety. /offtopic rant: To the asshole that follows me around modding all my posts down: Keep wasting your mod point shithead. I've got more Karma than you'll ever have mod-points.
I don't always use unix-like operating systems; but when I do, I prefer FreeBSD.
You know what's scary? I could tell you're a Mac user from the "oh-so-indie" spelling of "ur."
Make Slashdot readable! See journal.
Can you easily run safari as admin on osx? Why would this be possible? If it is, thats a security vulnerability in it's self.
It should never be easy for the user to do something completely stupid, otherwise they will!
You are about to send your credit card information over an unencrypted channel Cancel or allow?
"Knowledge is the only instrument of production that is not subject to diminishing returns" -Journal of Political Econom
Indeed, this exploit is of absolutely no concern to anyone who doesn't use the internet, and anyone stating otherwise is a "FUDmeister."
Is "Apple-haters" the new "lib'ruls"? IOW, people with legitimate concerns who get dismissed as traitors by people who were never real Mac users to begin with?
Why do you hate Apple? Stop emboldening the enemy.
Make Slashdot readable! See journal.