Hack Contest: Lol Mac

[MrAngryFace]

http://www.infoworld.com/article/08/03/27/Gone-in-2-minutes-Mac-gets-hacked-first-in-contest_1.html

He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810 and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed "0day" attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

The MacBook was the only system to be hacked by Thursday, however, the word on the show floor is that the Linux and Vista systems will meet with some serious challenges on Friday.

Miller, a former National Security Agency employee best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was pre-installed on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple's Safari browser.

By late Thursday, Apple engineers were already working on patching the issue, said Aaron Portnoy, a TippingPoint researcher who is one of the contest's judges.

Miller's $10,000 payday may sound sweet, but it's not the most Miller has been paid for his work. In 2005, he earned $50,000 for a Linux bug he delivered to an unnamed government agency.

Last year's contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn't participate in this year's contest, saying it was time for someone else to win.

Shane Macaulay, who was Dai Zovi's co-winner last year, spent much of Thursday trying to hack into the Fujitsu Vista laptop, at one point rushing back to his Vancouver area home to retrieve a file that he thought might help him hack into the system.

But it was all in vain.

"It's one thing to find a vulnerability, it's another thing to make working exploit code," said Terri Forslof, TippingPoint's Manager of Security Response.

Forslof said that a number of "high quality" researchers have said that they will attempt to hack the machines on Friday, the last day of the conference.

She expects both systems to be hacked on Friday, when contest rules will be further eased, and hackers will be able to attack popular third-party software that can be installed on the systems. "I don't think we'll have to take any home," she said.

http://www.infoworld.com/article/08/03/31/Linux-unbeaten-in-hacking-contest_1.html

Earlier this week, contest sponsors had put three laptops up for grabs to anyone who could hack into one of the systems and run their own software. A $20,000 cash prize sweetened the deal, but the payout was halved each day as contest rules were relaxed and it became easier to penetrate the computers.

[ See related story Gone in 2 minutes: Mac gets hacked first in contest. ]

On day two, Independent Security Evaluators' Charlie Miller took the Mac after hitting it with a still-undisclosed exploit that targeted the Safari Web browser. After about two minutes work, Thursday, Miller took home $10,000, courtesy of 3Com's TippingPoint division, in addition to his new laptop.

It took two days of work, but Shane Macaulay, finally cracked the Vista box on Friday, with a little help from his friends.

Macaulay, who was a co-winner of last year's hacking contest, needed a few hacking tricks courtesy of VMware researcher Alexander Sotirov to make his bug work. That's because Macaulay hadn't been expecting to attack the Service Pack 1 version of Vista, which comes with additional security measures. He also got a little help from co-worker Derek Callaway.

Under contest rules, Macaulay and Miller aren't allowed to divulge specific details about their bugs until they are patched, but Macaulay said the flaw that he exploited was a cross-platform bug that took advantage of Java to circumvent Vista's security.

"The flaw is in something else, but the inherent nature of Java allowed us to get around the protections that Microsoft had in place," he said in an interview shortly after he claimed his prize Friday. "This could affect Linux or Mac OS X."

Macaulay said he chose to work on Vista because he had done contract work for Microsoft in the past and was more familiar with its products.

Although several attendees tried to crack the Linux box, nobody could pull it off, said Terri Forslof, a manager of security response with TippingPoint. "I was surprised that it didn't go," she said.

Some of the show's 400 attendees had found bugs in the Linux operating system, she said, but many of them didn't want to put the work into developing the exploit code that would be required to win the contest.

Earlier, Miller said that he chose to hack the Mac because he thought it would be easiest target. Vista hacker Macaulay didn't dispute that assertion: "I think it might be," he said.

[Van Cruncheon]

vista

[Howard Alan Treesong]

lol, macs

[Vizzys]

I read something about an adobe flash exploit related to this contest

[T-Short]

Ah cool. Tippingpoint sponsored. We tried out one of their IPS boxes at work, pretty cool stuff (if you work in IT  )

[Tauntaun]

Apple
               Macpwned

[Fragamemnon]

PWN 2 OWN is the best name for a tech conference ever.