MacBook Air First To Be Compromised In Hacking Contest

Multiple readers have written to let us know that the MacBook Air was the first laptop to fall in the CanSecWest hacking contest. The successful hijacking took place only two minutes into the second day of the competition, after the rules had been relaxed to allow the visiting of websites and opening of emails. The TippingPoint blog reveals that the vulnerability was located within Safari, but they won't release specific details until Apple has had a chance to correct the problem. The winner, Charlie Miller, gets to keep the laptop and $10,000. We covered the contest last year, and the results were similar.

Hack a Mac, Get More Publicity

[vertigoCiel]

I don't think that the OS X laptop was necessarily cracked because there are more (or easier to exploit) vulnerabilities for OS X than for Vista or Ubuntu. It's more impressive to crack an OS X machine than a Vista machine, because OS X has a reputation for being virus and malware free, so the security researcher receives more acclaim.

And in other news.....

[edwardpickman]

All Apple products cause herpes.

Sorry it's worth the troll mod. Come on guys the Mac/Apple bashing articles are really getting silly. You might as well add it to the Slashdot logo, "We Love Microsoft and Hate All Things Apple." Honestly look at the numbers of articles pro and against each product line. Then check the postings. Say something pro Mac and you'll get shot down. Say something pointing out issues with PCs and you'll get Trolled. Yes go ahead and troll me but you're just killing the messenger and looking petty doing it.

Air?

[Heembo]

Can the winner turn in that crappy MacBook air for a real laptop like a Dell XPS M1730?

Low? What's Low?

[reiisi]

Low integrity?

Either Microsoft is playing with the English language again, or I really don't like the security model they've slapped together here.

Uhm, that's not a separate user. Thats a separate access mode for the logged in user. User Access Controls. Not the same thing.

It's also not a single-purpose browser. Close to a parameterized browser, but still not even that. Well, maybe they can achieve the equivalent of a parameterized browser within the login user context. Maybe. (But then you wouldn't hear anything at all about the toolbars that try to "tell" you when the web site you're visiting is trusted.)

And there's part of the reason why MSIE under Vista has given us a number of admin-level vulnerabilities, in spite of this security model.

There is no way for a general purpose browser to be secure. There's a semantic conflict. Oxymoron, in more human terms.

And access controls are not a substitute for actually putting a different user out on the web.

No, the Unix model doesn't get you there, either, although it could get you a lot closer if you could sudo your browser to another user in either X-11 or Aqua. (And, of course, then we'd have Microsoft forcing us to take them to court to show why their attempt to patent sudo is egregious.)

Tell it to the ISO.

[Mactrope]

Lots of reputable companies work with the ISO but look what Microsoft has done to them. Anything that Microsoft touches is suspect.

Correct processing of facts requires a memory. If the ISO case is not good enough for you, look up what they did to ACPI. Subtle changes can corrupt just about anything.

Re:Identical articles

[catmistake]

Major OS Revisions, Apple vs. Microsoft:

March 2001___Mac OS X 10.0 (Cheetah) ----> Feb. 2000____ NT 5.0 (Windows 2000)
Sept 2001_____Mac OS X 10.1 (Puma) -------> Oct. 2001____ NT 5.1 (Windows XP)
August 2002___Mac OS X 10.2 (Jaguar) ------> March 2003__ NT 5.2 (Server 2K, XP x64)
Oct. 2003____Mac OS X 10.3 (Panther) ------> Aug. 2004____ NT 5.3?(SP2)
April 2005____Mac OS X 10.4 (Tiger) ---------> Nov. 2006____ NT 6.0 (Vista)
Oct. 2007 ____Mac OS X 10.5 (Leopard) ------> ???. 2010____ NT 7.0 (Windows 7)