On TV.com: Hope for HEROES Now
BNET Business Network:
BNET
TechRepublic
ZDNet

April 19th, 2007

MacBooks survive day one in hacker jungle

Posted by Ryan Naraine @ 10:25 pm

Categories: Apple, Browsers, Data theft, Exploit code, Hackers, Metasploit, Patch Watch, Pen testing, Responsible disclosure, Rootkits, Vulnerability research, Zero-day attacks

Tags: Attacker, Apple MacBook, Hacker, Ryan Naraine

VANCOUVER, BC –  Two tricked-out MacBook laptops have survived the first day of a 'PWN to OWN' contest that dared hackers to take control of default Mac OS X installations.

MacBooks pwn to own

The contest started around midday Friday Thursday, the second day of the CanSecWest conference here and triggered interest from hackers in attendance but it was not immediately clear just how many attempts were being made to break into the machines.

Organizers say they have seen "some activity" on the network set up with the two new MacBooks — a 17" and a 15" — but details remained scarce when the day ended.  According to a report, Tipping Point's Zero Day Initiative has added a $10,000 bounty to the first hacker who launches a successful attack with a new, yet-to-be-patched vulnerability.

The two laptops have been set up on a special access point and the successful hacker must gain admin level access on the 17" machine to qualify for the prize.  To win, the attacker must commandeer the machine and find a file with instructions on how to SSH to a server to authenticate the hijack.

On the second day, the barrier will be lowered a bit and the attackers will be allowed to put exploit code on a special wiki and launch drive-by exploits on the Mac's built-in Safari browser.  If the machines survive this level, the attacker will be allowed to connect to over USB or Bluetooth.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 162 Talkback(s)
this is gay
I dont care if they are able to hack it through USB. That would prove nothing! the point is. The OS is only concerned with keping files from being put on your computer which windows doesn't do. You ca... (Read the rest)
Posted by: aceofspades1217@... Posted on: 04/26/07 You are currently: a Guest | | Terms of Use
TRULY AMAZING !!!!!!!!!!!!!!!!!!!!!  Intellihence | 04/19/07
It can be  fde101 | 04/20/07
Well Mac OS X is based...  el1jones | 04/20/07
I agree  jjarman | 04/20/07
I agree,,,, it is amazing  Badgered | 04/20/07
1 day is not really a lot of time to hack it  intrepi@... | 04/22/07
USB and Bluetooth access? Why not really lower the bar?  YinToYourYang-22527499 | 04/20/07
This is why I give Ryan Naraine 2 thumbs up .  Intellihence | 04/20/07
boo hoo whats wrong with george ou?  Ipsenol | 04/20/07
Access  Imaginos1892 | 04/20/07
LOLOL WoW Mac is secure  aceofspades1217@... | 04/26/07
This old news  YinToYourYang-22527499 | 04/20/07
I can see that you're concerned  Technicolour Squirrel | 04/20/07
I wish Mac would extend to 30 days  intrepi@... | 04/22/07
Is Apple SO DISINTERESTING to HACKERS...  Feldwebel Wolfenstool | 04/20/07
Possibly becaue of their inability to hack APPLE .  Intellihence | 04/20/07
Today's hackers and money  raul62 | 04/20/07
Well...  zkiwi | 04/20/07
Everything depends on the prize  raul62 | 04/20/07
Ok then  zkiwi | 04/20/07
MIke wouldn't hack it, he's just ask his rep to tell him...  ajole | 04/20/07
This is Excuse #133  Technicolour Squirrel | 04/20/07
More FUD...  Mike Cox | 04/20/07
Stop making yourself look foolish . I rate you at -10  Intellihence | 04/20/07
Its a *joke*  Stuka | 04/20/07
I've been around thses forums long enough to know Mikey is an idiot  Intellihence | 04/20/07
No, you've been here long enough to prove YOU'RE an idiot. (nt)  James T. Kirk | 04/20/07
I'll second that  ye | 04/20/07
And a third...  ajole | 04/20/07
I see the "Intellihence is a moron" club has many supporters! (NT)  Scrat | 04/20/07
Oh I forgot to mention stuka .  Intellihence | 04/20/07
Sorry, but Mike's humor is much better. (nt)  Zeppo9191 | 04/20/07
Yeah, it is.  Stuka | 04/20/07
That's a joke Mike? No LAN cards?  raul62 | 04/20/07
Message has been deleted.  Intellihence | 04/20/07
Easy Guys, look up Satire in the Dictionary!!  bka1959 | 04/20/07
Smack 'em with a clue-by-four....  James T. Kirk | 04/20/07
And you're the Idiots idiot..  ajole | 04/20/07
Look another icehole crying in Ms's corner .  Intellihence | 04/20/07
Naw.. you...  Northwolf | 04/21/07
Hehe. [nt]  olePigeon | 04/20/07
Mike, Mike Mike,,,  People | 04/20/07
know the no  People | 04/20/07
It may have lacked his usual flair, but he sure did reel in a few (NT)  Badgered | 04/20/07
Familiarity breeds contempt, I think he's on just about right.  ajole | 04/20/07
People, People, People...  tMeister | 04/20/07
Now that's funny!  joeldm | 04/20/07
Security by uselessness  Imaginos1892 | 04/20/07
Fished in!!!!! (nt)  James T. Kirk | 04/20/07
Oops I forgot  Imaginos1892 | 04/20/07
Laughing and Crying  LadyGray | 04/23/07
So much for...  UbiquitousGeek | 04/20/07
It was Bill Gates who stated the Mac could be broken into everyday .  Intellihence | 04/20/07
I know it was Bill...  UbiquitousGeek | 04/20/07
It just goes to show how foolish consumers are .  Intellihence | 04/20/07
Exactly...  UbiquitousGeek | 04/20/07
I'm curious...  KTLA | 04/20/07
Where is the computer "newb" at the keyboard?  NonZealot | 04/20/07
I don't know what planet you are on but Macs don't have those Windows issue  Intellihence | 04/20/07
Still...  UbiquitousGeek | 04/20/07
What an amazingly dumb thing to say  wcb42ad | 04/20/07
ActiveX  Filker0_z | 04/20/07
My friend..  cashaww | 04/21/07
No argument from me on any of the OS's  intrepi@... | 04/22/07
Newb at Keyboard stat you gave not true!  rolla_ifs@... | 04/20/07
You prove my point  NonZealot | 04/20/07
again you miss the real point  jjarman | 04/20/07
Please describe these "watchdogs"  NonZealot | 04/20/07
cool, i'm glad to see you interested in learning more about this...  jjarman | 04/20/07
Thanks for proving my point  NonZealot | 04/20/07
hmmm...apparently anything anyone says prooves your points  jjarman | 04/20/07
Oooo ooo ooo, can I lie about things too!!??  NonZealot | 04/20/07
Please keep it more mature and think through your arguments.  jjarman | 04/20/07
Agreed.  ye | 04/20/07
Ummm, with that kind of judgement  Kid Icarus-21097050858087920245213802267493 | 04/20/07
Thanks for proving my point  NonZealot | 04/20/07
exactly, so if the Mac DOES get hacked  Kid Icarus-21097050858087920245213802267493 | 04/20/07
Don't disagree  NonZealot | 04/20/07
this is gay  aceofspades1217@... | 04/26/07
Not meaningless  People | 04/20/07
Not a bad idea!  NonZealot | 04/20/07
Back alley  People | 04/20/07
You know this is just making the PC fanboys crazy . . .  joeldm | 04/20/07
You know what they should do . . .  joeldm | 04/20/07
Well of course...  UbiquitousGeek | 04/20/07
misguided  shraven | 04/20/07
as opposed to the fame...  jjarman | 04/20/07
Not worth the effort  Been_Done_Before | 04/20/07
silly  jjarman | 04/20/07
This says it all  ye | 04/20/07
And the point is  frgough | 04/20/07
Exactly. Why bother?  No_Ax_to_Grind | 04/20/07
Ten thousand reasons to bother  tic swayback | 04/20/07
what toaster hack would give you 10k and instant fame?  jjarman | 04/20/07
LOL  James T. Kirk | 04/20/07
Odd  tic swayback | 04/20/07
You mean Windows actually has some fanboys?  labarker | 04/20/07
Actually, no  tic swayback | 04/20/07
Yeah  Badgered | 04/20/07
Guess you've never used a Mac then  tic swayback | 04/20/07
I agree  NonZealot | 04/20/07
well  Badgered | 04/20/07
Please don't leave common sense out of this  daMan25 | 04/20/07
Deja moo...deja moo...  Imaginos1892 | 04/20/07
Well put.  James T. Kirk | 04/20/07
or he will be corrected by people who know this argument is plain wrong  jjarman | 04/20/07
Market share , market share my arse !!!!!!!!!!  Intellihence | 04/20/07
the large target bs has already been disproven many times over...  jjarman | 04/20/07
Links please!  NonZealot | 04/20/07
i hope this clarifys the point  jjarman | 04/20/07
re: I hope this clarifys the point  Badgered | 04/20/07
sure there have been holes, but none that have lead to a working exploit  jjarman | 04/20/07
Why are you incapable of finding it yourself?  Imaginos1892 | 04/20/07
You almost got it right!!!  NonZealot | 04/20/07
Yet we see MAC ads all over the TV.  babar77 | 04/20/07
THANKS FOR PROVING MY POINT!!!  NonZealot | 04/20/07
NonZealot you missed their point  jjarman | 04/20/07
but zero is a big point  jjarman | 04/20/07
Some reasons that MacOS X is harder to crack  Filker0_z | 04/20/07
Liar!  ye | 04/20/07
excellent points  jjarman | 04/20/07
Market share...  budwhite02@... | 04/20/07
Common sense tells you it is about market share.  ye | 04/20/07
Appears to be user-mode only  Filker0_z | 04/20/07
Run it as root and it will be a root level expoit.  ye | 04/20/07
good points  jjarman | 04/21/07
3rd Day  jjarman | 04/21/07
Disproven???  3D0G | 04/20/07
The article says nothing about market share!  labarker | 04/20/07
Read the message I replied to. (NT)  3D0G | 04/20/07
Big Red Target  frgough | 04/20/07
Even for free  Mectron | 04/20/07
IQ?  jjarman | 04/20/07
IQ  trm1945 | 04/20/07
What a silly unsubstantiated post  intrepi@... | 04/22/07
Where?  daMan25 | 04/20/07
Simulate real life situations  daMan25 | 04/20/07
Geeeez, it's getting a little deep in here!!  Kid Icarus-21097050858087920245213802267493 | 04/20/07
Never said that  daMan25 | 04/20/07
Short answer, yes.  stan@... | 04/20/07
Windows = Hitler????  daMan25 | 04/20/07
Easy use of the Hitler reference  haynes_dan@... | 04/21/07
I'll bet David Maynor, Apple cracker extraordinare, could easily hack it...  thelemite | 04/20/07
LOL Indeed! On you I'm afraid...  derekcurrie | 04/20/07
Speaking of research..... Look up the word...  thelemite | 04/21/07
Money where your mouth is time  tic swayback | 04/20/07
Open to the world?  KTLA | 04/20/07
To a real hacker....  tic swayback | 04/20/07
Good hacker won?t advertise ..., but in Russ  Vily Clay | 04/20/07
Send it to in Russia, China, .. and wait for a couple hours. (NT)  Vily Clay | 04/20/07
One down, one to go  ye | 04/20/07
Only through Safari  rushnrockt | 04/20/07
So?  ye | 04/20/07
common, yes  jjarman | 04/21/07
So if they're not impervious how do you explain...  ye | 04/21/07
Via USB?  Win3.1 | 04/20/07
Too Late, MacBooks are a gonna...  Scrat | 04/21/07
Drive-by on second day  dlmeyer@... | 04/21/07
Love hearing from the apologists!!  NonZealot | 04/21/07
Liar!  Deanbar | 04/22/07
connected to access point?! default installs?!  the_fiddler_on_the_roof | 04/22/07
It was a well prepared but cheap PR stunt  Rick_K | 04/23/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here