Posted on 03/19/2009 6:24:11 PM PDT by Swordmaker
Charlie Miller, the security researcher who hacked a Mac in two minutes last year at CanSecWest's PWN2OWN contest, improved his time Wednesday by breaking into another Mac in under 10 seconds.
Miller, a principal analyst at Independent Security Evaluators LLC, walked off with a $5,000 cash prize and the MacBook he hacked.
"I can't talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched," said Miller Wednesday not long after he had won the prize. "It probably took 5 or 10 seconds." He confirmed that he had researched and written the exploit before he arrived at the challenge.
The PWN2OWN rules stated that the researcher could provide a URL that hosted his or her exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware. "I gave them the link, they clicked on it, and that was it," said Miller. "I did a few things to show that I had full control of the Mac."
(Excerpt) Read more at pcworld.com ...
Chrome managed to get through the day though....
It's security by obscurity...
That would be true if they hadn’t even included it in the competition.
Hacks were attempted but were unsuccessful.
That’s not the way hacking works. A hacker first builds a toolset, or uses tools built by someone else. You don’t just sit down at the keyboard and begin hacking. It would be a totally false sense of security if your browswer or OS was safe from hackers without tools. In the real world the threats are going to come from hackers with a large array of self-built and shared hacking tools.
It's not about the toolset, which any hacker can be assumed to have. It's about spending months using that toolset to find a vulnerability, crafting a specific exploit for that vulnerability, and keeping it all secret until the competition so you can have the cash and hardware instead of being ethical and notifying the vendor when you first discovered the vulnerability.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.