Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Hack Contest Redux

Posted by samzenpus on from the what-breaks-first dept.

narramissic writes "Remember the controversial Mac hacking contest from last year's CanSecWest conference? No? Here's a refresher: Conference organizers challenged attendees to hack into a Macintosh laptop, with the successful hacker winning the computer and a cash prize. Winner Dino Dai Zovi found a QuickTime bug that allowed him to run unauthorized software on the Mac once the computer's browser was directed to a specially crafted Web page. Well, the contest is back again this year, but with a twist, says Dragos Ruiu, the principal organizer of CanSecWest: 'We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first.""

9 of 164 comments (clear)

  1. easy by jim.hansson · · Score: 5, Interesting

    http://slashdot.org/firehose.pl?op=view&id=508230

    --
    preview button, my computer does't have any preview button
  2. how about a taste test by gandhi_2 · · Score: 2, Interesting
    where you have to try apples, oranges, and beef jerky and decide which one tastes "best".


    out of the box linux? Is there really such a thing? Ubuntu OEM, knoppix? That's a pretty wide range here.

    --
    THL phish sticks
  3. I'd like to see stats on effort per platform by SuperBanana · · Score: 4, Interesting

    We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first.

    What I'd be most interested in is a survey of contestants as to their platform experience, and how focused they intend to be on attacking the different platforms. That part could be wildly unscientific, but could be interesting if everyone answers openly.

    Couple that with some good logs of network activity, to see how focused attacks are on the various systems.

    For example, it could turn out that nobody goes for the supposed low hanging fruit, and everyone tries to target the Mac...or an OpenBSD box, if they bring one. Etc.

    --
    Please help metamoderate.
  4. Re:"fair" would be "what users need" by CannonballHead · · Score: 3, Interesting

    I think this is an excellent point.

    Default windows configuration is defaulted to... well, a very compatible set of options.

    Not having actually done a Mac install, I don't know what the default is.

    A default Linux partition, depending on the flavor, could be pretty minimal...

    Here's what I think would make it more fair: make all the operating systems able to do the same things. Presumably, the normal Mac user, at some point, will want to opens a windows media file and an Office 2007 file. The typical Windows user will use quicktime at some point, and thus have it installed and have its possible security holes, too.

    Otherwise, I could create a Linux distro that is THE safest operating system EVER... and just not let you do anything, no network connectivity, etc. Pretty safe! And useless.

  5. OSX, Linux, Vista by Anonymous Coward · · Score: 2, Interesting

    If I were to enter such a contest I would target OSX first, then Linux and Finally vista.

    OSX is first because apple has been hideing behind security by obscurity for too long. I have seen no evidence that suggests OSX gets it any more than Microsoft did.

    Linux next because source code is avaliable... and while clever hits without source are sometimes easier you just might get lucky walking the ususal paths and find something exploitable.

    MS has been more or less awake from the security perspective for years now and most of the expliot efforts have been targeted at this platform which raises the bar for discovery of new expliots because all the trivial vectors have already been probed. Following the same line windows expliots are simply worth more than OSX or Linux expliots. Good ones can be worth a room full of PCs if you can find the right buyer.

    Applications such as browsers, media players, and various popular plugins ... acrobat, flash...etc provide great cross platform opportunity for successful attacks. It might actually be worth ones time to try for a common expliot and win all three :)

    Besides a PC is a PC... you can always reformat the drive and install Solaris if you want :)

  6. Re:What about Quicktime? by QuantumG · · Score: 2, Interesting

    Quicktime comes with Firefox these days .. I've lost count of the number of times I've seen Quicktime crash Firefox.. every time I think "I bet that is exploitable", but, ya know, I'm too lazy to bother looking.

    --
    How we know is more important than what we know.
  7. Re:Vista would be first by tsotha · · Score: 2, Interesting

    Oh, I'm sure Linux boxes are subject to attacks as well. I just think, as a nefarious writer of cracking software, you'd have to believe your time is better spent cracking Windows than Linux. And I don't believe servers are the most profitable boxes to hack anymore - keyloggers to swindle online banking users are probably the big moneymakers.

  8. Re:too easy by HiThere · · Score: 2, Interesting

    Actually, Vista may be the last standing. I'm not saying it's the most secure, but it's the most unknown. And if you were a Black Hat who had developed a route into Vista, I'm sure there are more profitable ways of exploiting your ingenuity.

    --

    I think we've pushed this "anyone can grow up to be president" thing too far.
  9. Re:TFA doesn't say by Shados · · Score: 4, Interesting

    Try this for giggles. Have a Vista machine. Send them an email with an exe file. Try and get them to execute it. Good luck. If you manage that, try the same exercise by MSN Messenger. At that point, even I am not sure I can do it without googling, and even then its tricky. Vista is a b**** when it comes to running EXEs received by email or MSN.