MacBook Air First To Be Compromised In Hacking Contest

Multiple readers have written to let us know that the MacBook Air was the first laptop to fall in the CanSecWest hacking contest. The successful hijacking took place only two minutes into the second day of the competition, after the rules had been relaxed to allow the visiting of websites and opening of emails. The TippingPoint blog reveals that the vulnerability was located within Safari, but they won't release specific details until Apple has had a chance to correct the problem. The winner, Charlie Miller, gets to keep the laptop and $10,000. We covered the contest last year, and the results were similar.

Re:Owning Beauty

[goombah99]

You forgot to factor in the $10,000 cash prize. And you forgot the prospect for employment. Hack a mac and you put it on your resume, hack a PC and no one cares or worse thinks your are a script kiddie.

More to the point, what you can't measure here is the real world vulnerability. I cringe at keeping my Linux machines up-to-date and protected. I rely on firewalls not themachines. With the machines, which are production machines, it's huge roll of the dice to try to apply a patch and descend into dependency hell and discover over the next week which parts of your production got broken and which need compat libs and so on. With my fleet of macs, I don't hesistate to software update (well actually, unless the vulnerability is rampant I wait a week cause even apple screws the pooch. But just a week, and then you know it's safe.)

SO in the real world macs are highly patched. MS can be and it's only a wee bit harder. (And when they fuck up (SP1) they go big, but it's mainly a function of your hardware.) Linux requires real expertise and knowledge of how your specific magic mixture of packages will be affected.

A real hero

[Fulkkari]

The successful hijacking took place only two minutes into the second day of the competition, after the rules had been relaxed to allow the visiting of websites and opening of emails. The TippingPoint blog reveals that the vulnerability was located within Safari, but they won't release specific details until Apple has had a chance to correct the problem. The winner, Charlie Miller, gets to keep the laptop and $10,000.

In other words this guy most likely found a security bug in Safari, but instead of reporting it directly, made an exploit and waited for a hacking contest to get a monetary benefit out of it. A real hero. Or maybe he was just quick. Which seems more plausible?

Alternate headline: Mac last hacked IRL

[sootman]

My teenage son can demolish any PC in an afternoon of unsupervised surfing. My neighbor's Vista box barely runs; God knows what they've got on it. (Unlike the Ubuntu box I let them borrow for two years before they bought their new Dell 3 months ago.) The Mac mini my son uses to surf (when he's allowed) runs as well as it did two years ago and I haven't even run software updates on it. (No sense mentioning it has no antivirus software either.)

I don't care if it's spyware, adware, a virus, a tray icon, or or even just a simple browser toolbar or homepage or search-engine hijacking; or if it's installed manually or via drive-by methods--whether its due to small market share, inherent (UNIX) security, or something else, I will continue to argue that Mac and Linux are the better platforms, IN PRACTICE, for the average user.