Mac Hacked In Contest... Sort Of | News

Mac Hacked In Contest… Sort Of

April 22nd, 2007 at 3:00 PM - News by Jeff Gamet

The CanSecWest 2007 security conference hosted a "Hack a Mac" contest where contestants worked to gain unauthorized access to a Mac OS X system. Yes, there was a winner, but not until the contest rules were relaxed to the point that someone actually could win.

Shane Macaulay and Dino Dai Zovi won a US$10,000 prize and the compromised Mac for their efforts which included discovering a bug in Safari that allowed them to use a maliciously crafted URL to gain user level access to the computer. The vulnerability is known as a "zero day exploit," meaning an exploit is released the same day it is announced, that there is little or no protection for.

In this case, the security flaw requires a local user attempting to open the malicious URL with Safari before unauthorized user level access can be obtained. Apple has been alerted to the security flaw, and the exploit has not been released to the public.

The original rules required the attackers to gain root level access to a Mac running Mac OS X 10.4.9 with the latest security updates from a different point on the same network. Contestants were not able to gain root access to a second Mac during the two-day conference even after the rules were modified to allow for local attacks using Safari.

Although the prospect of a potential Safari exploit that allows unauthorized access to a Mac is a serious concern, it also underscores the importance of user vigilance. Clicking a Web site link thatis in am email message from someone you donit know, for example, is a really bad idea. The URL may be legit, or it could take you to a Web site that you would rather not see, or it could be constructed to allow someone else to gain control of your Mac.

Unfortunately, many news outlets are taking advantage of this potential exploit to run sensationalized headlines and to incorrectly state that the Mac used in the contest was remotely hacked. It appears that zero day exploits and remote hacks for Windows PCs are par for the course, but a potential Mac exploit - now thatis news.

Commenting is not available in this section entry.

Recent Headlines - Updated November 10th

Tue, 9:34 AM: Product News - MiniMail 2 Adds Snow Leopard Support
8:58 AM: News - AT&T: iPhone Tethering Really is Coming… Eventually
8:16 AM: News - Apple Releases Security Update 2009-006 for Leopard, Snow Leopard
Mon, 7:20 PM: Rumor - Apple May Update iPod touch in December
6:45 PM: Product News - MacUpdate Desktop Updated to 5.0.1 with New Features, Bug Fixes
5:16 PM: Apple Releases Mac OS X 10.6.2 - Guest Account Bug Fixed, Much More
4:12 PM: Games - New For iPhone: Star Rangers, Air Force Supremacy, Blood Beach, More
2:51 PM: Apple Stock Watch - Radio Shack Jumps 14% on iPhone Deal, Apple Up 3%
2:25 PM: Games - EA Scoops Up Social Games Publisher Playfish
1:51 PM: Deal Brothers - Western Digital 1TB SATA Intellipower Hard Drive: $84.99
10:58 AM: News - StarHub Signs Singapore iPhone Deal
10:36 AM: Hot Forum Topic - Reader Speculation: What’s in Apple’s Tablet?

The Mac Observer Reader Specials

TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
OWC: Plug & Play Hardware RAID up to 8.0TB. High Performance, Data Redundant Solutions. FireWire 800, FireWire 400, USB2, or eSATA. Hot Swappable Bays, Data Rates over 200MB/s. Click here
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.

Apple Stock Quote

AAPL: $203.07. Change: +1.61.
(Prices delayed up to 20 minutes.)
Discuss in our Apple Finance Board

Hot Topics

What's the buzz? These articles have TMO readers talking.

Psystar to Court: Just Say We’re Legit - 27 Comments
Apple Magic Mouse is no Magic Bullet - 18 Comments
AT&T Sues Verizon Alleging Misleading “There’s A Map For That” Ads - 18 Comments
CNET Dubs iPhone the Worst Phone in the World - 17 Comments
Fortune CEO of the Decade: Steve Jobs - 14 Comments
Apple May Update iPod touch in December - 11 Comments

TMO Express

Join the TMO Express Daily Newsletter to get the latest Mac headlines in your e-mail every weekday. Find out more!

Top Deals From DealBrothers.com

Recent Features

Get the latest installments of TMO Columns, Podcasts, & Blogs.

© The Mac Observer, Inc. -- All rights reserved. All information presented on this site is copyrighted by The Mac Observer, Inc. except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another frame. The Mac Observer is an independent publication and has not been authorized, sponsored, or otherwise approved by Apple, Inc.