digg

Facebook Connect Join Digg About

Hacking contest highlights value of vulnerabilities :-)

securityfocus.com Security professionals that take part in an annual hacking contest will have more reasons to part with their latest vulnerabilities: Up to 20,000 more reasons.On Monday, security firm Tipping Point agreed to offer up to $20,000 as a prize to the first person to compromise each of three laptops running popular operating systems...

Who dugg this? Made popular Mar 28, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

87 Comments

show profanity settings
expand all
  • senatorkevin, on 03/28/2008, -1/+72Mac got owned first

    Source: http://www.news.com/8301-13579_3-9905095-37.html
  • frooo, on 03/28/2008, -6/+29Ok cool, so theres going to be this thing with hackers....

    ... when do we get to see Angelina Jolie's boobies again?
  • mjhayter, on 03/28/2008, -4/+25You mean apples marketing campaign has been full of ***** all along? Who would have thought..
  • terminalcode, on 07/31/2008, -0/+21Update: Mac gets pwned 1st this year, http://security.itworld.com/5013/mac-hacked-first- ...
    Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

    He was the first contestant to attempt an attack on any of the systems.

    Miller was quickly given a nondisclosure agreement to sign and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.
  • DiggLive, on 03/28/2008, -11/+32Man do I ***** LOVE THIS. Let's see all the Mac fanboys come up with some excuse.

    "But, but, he's attacking the Mac! That's not allowed!"
    "You're perfectly fine with them attacking Windows..."
    "Shut up, Micro$oft fanboy!"
  • Makaveli604, on 03/28/2008, -0/+20LOL wrong
  • tuh2, on 03/28/2008, -14/+29Guess to all those people who are always posting "Get a Mac"
    You fail at life
  • Terr01, on 03/29/2008, -1/+15"This wasnt a "Mac hack" as it was doable on any platform."

    Oh, I see, because the problem was with Safari.

    So whenever there's a bug on the default included browser, it's not a flaw with the OS?

    Pity, I don't recall that consistent logic being used before with Windows.
  • inactive, on 03/28/2008, -7/+20Mac, Windows and Linux....any bets on who will be compromised first?
  • inactive, on 03/28/2008, -4/+16She dont tell them the truth. They only have their delusions to keep them going!
  • inactive, on 03/28/2008, -3/+14Direct comparisons to exploits found show that OSX has had more security holes then XP and Vista combined.
    Every single time there is a hacking contest with actual money to be won, OSX has always been hacked and/or the first to go ( and this is won with exploits that are "new" and not ones that are "already know" < - part of the contest rules.

    Like getting access to control the computer yes.
  • inactive, on 08/11/2008, -1/+10Sorry, nobody in the computer science world uses a Mac.
  • cyssero, on 04/18/2009, -0/+8Don't worry, one day you will get out of debt and wish you didn't spend that much money on yearly upgrades and over-priced hardware.
  • inactive, on 03/28/2008, -7/+15"Within two minutes of the start, he directed the contest organizers to a certain website that executed his exploit." Mac hack.
    HA,,, haha,,, ahahahahhahahahaa !!

    Again everyone knows (everyone that isnt a Mactard) that Macs have MORE exploits, slower to fix them, and many times dont fix them at all. The only reason they dont suffer from viruses is they are not the main target of the market share, and since they are not, cannot spread a virus as fast.
  • DiggLive, on 03/28/2008, -8/+15http://www.securityfocus.com/brief/711

    Looks like O$X isn't so safe after all.
  • Kaitsu, on 03/29/2008, -2/+9Epic win!
  • DiggLive, on 03/28/2008, -7/+14http://www.securityfocus.com/brief/711

    O$X got pwned.
  • inactive, on 08/11/2008, -3/+9Awesome, Mac is the "winner" at this contest for 2 consecutive years. Suck it, Apple *****!
  • noumuon, on 03/29/2008, -0/+5it's funny that even after nobody could touch ubuntu or vista...
  • DealCracker, on 03/28/2008, -11/+15Oh dear . . Apple goes down first . . but but but . . Steve said . . I mean he said . . on the stage at Macworld . . there must be a mistake . . WAIT I know what it was. . it was was freaken Vista running under Bootcamp! Yeah that's what it was! Whew anybody got a smoke?
  • FizzanoMatrix, on 03/28/2008, -1/+5Throw a Gibson into the mix. Game over.
  • inactive, on 03/28/2008, -4/+8Oh really? so why was MAC the first to go and where are the Vista and Linux hacks? HMM??? Mactard !
    Now who is ignorant?
  • redfox2600, on 03/29/2008, -0/+4Although it might make a nice paper weight, as for a door stop it way to thin.
  • terminalcode, on 07/31/2008, -0/+3oh, I just wanted to let everyone know also, that either this weekend March 28-30 or the first weekend in April we might be doing a SploitCast Conference call with all the geeks out there, and this may be a topic that we will discuss. As soon as something definite is set up the forums will be updated with that information.
    Cheers... ^_^
  • redfox2600, on 03/29/2008, -0/+3He's on digg, your on digg, I'm on digg. We all need lives.
  • darkphan, on 03/29/2008, -0/+3Miller is the same one to exploit Safari on the iPhone, but it was not the same exploit used in this case.
  • ho0ber, on 03/28/2008, -2/+5For viruses and malware in general (that which plagues most of the people I recommend Macs to), Macs will put you a few steps up from windows. But as far as security holes go, they're in every operating system, especially those which are in the market share minority and therefore have fewer people actively seeking out security holes.

    But yes, "lol."
  • OmegaNine, on 03/29/2008, -0/+3I miss when digg was full of these kinds of stories :(
  • inactive, on 08/11/2008, -0/+3OMG I DON'T USE A MAC I MUST BE P00R LOLOLOLOLOL!!! That's what you sound like.
  • Tenoq, on 03/29/2008, -3/+5Actually it was longer still - he'd been working on the code for that exploit for 3 weeks prior to the event. He picked the Mac because it was a sure thing: he had the code already.
  • Cherubim, on 03/29/2008, -1/+3Mac OS X would still lose.
  • melat0nin, on 03/29/2008, -0/+2When I have a good income the last thing I'll be buying is a Mac.
  • terminalcode, on 07/31/2008, -1/+3I don't know if we are gonna see Angelina, there but definitely something going on in the hacking scene.... altho, if a Angelina look alike shows up the more the merrier... ;-0
  • inactive, on 08/11/2008, -0/+1>I can only assume that blind unjustified hatred for an inanimate product must stem from jealousy.
    Right, there's NO POSSIBLE WAY that me, as a programming, IT, and hardware enthusiast, could POSSIBLY hate a computer for *any other reason* than jealousy.

    >Take a moment and realize that what I wrote was simply a jabbing remark aimed at someone who takes a story about a mac security vulnerability and defines his life by the failing of something he doesn't even own
    I "define my life" by my hatred for Macs? That doesn't even make sense.

    >You people on here are just as big of fanboys as the mac ones
    Yeah, I guess I'm a fanboy to every operating system EXCEPT a Mac

    >@10gunsalute, learn to not take everything so literally, occasionally people use sarcasm and hyperbole on this site, it's done to be funny or make a point.
    Yeah, I realize you were trying to be funny; note the -7 Diggs, no one's laughing
  • melat0nin, on 03/31/2008, -0/+1@DanMiller

    "occasionally people use sarcasm and hyperbole on this site, it's done to be funny or make a point"

    Unfortunately you managed neither particularly successfully.
  • terminalcode, on 07/31/2008, -2/+3Oh, Since last yeah Dino Dai Zovi was great at the 07 challenge..
    I thought I would put in a podcast that was done with him,
    http://media.libsyn.com/media/sploitcast/sploitcas ...
    The newest member of the crew Matt Hillman from SploitCast interviews Dino Dai Zovi, discussing the fascinating topic of VM rootkits, OS X security, how to trick wifi clients, disclosure issues, and Microsoft security.
  • jakem1, on 03/29/2008, -0/+1All the teams had code preprepared to try out. For instance one team was trying a new hack on a known vista vulnerability but still failed to get through. At one point a hacker even raced home to pick up some files he'd forgotten to bring with him - when he finally got back to the contest he still couldn't get into Vista.

    Nobody expected the teams to write their code during the contest. That's like arguing that an F1 team would turn up at the Grand Prix and start building a car when the race starts.
  • grumpyrain, on 03/29/2008, -0/+1Fair enough argument. Still, even if my favorite laptop was won by someone else, I would still go for one of the others. Why did Vista and Ubuntu both last the rest of the day without a successful attack?
  • jakem1, on 03/29/2008, -0/+1@Tenoq, Miller was the first to try hacking the Mac. However, there were other teams working on the Vista and Linux boxes at the same time. Of course, it's possible that the other teams hadn't even had a chance to sit down before the Mac was hacked considering how quickly Miller got in.

    Perhaps you should do a bit of research before telling other people they're ignorant.
  • jakem1, on 03/29/2008, -0/+1@DanMiller, the other thing you are ignoring is that none of the OSs was hacked without user interaction so in this respect the Mac is no better or worse than Vista or Linux. The point is that the Mac was hacked in 2 minutes once the user was directed to an exploit while this sort of attack failed with Vista and Linux. It is generally recognised that computers are most vulnerable to this type of attack in 2008 so it's pretty damned poor that Safari failed so badly and in so little time.
  • redfox2600, on 03/29/2008, -0/+1I think I understand what you might be saying. That with Apple you don't have to worry about Anti viruses and firewalls. But that like saying you chose to have sex with only white chicks because they have a lower probability of STDs. We're in the information age now and unfortunately everyone has AIDS so you're going to have to use a condom sooner or later. Just sleeping with one OS/ethnicity won't keep you safe anymore.

    Also if you read the article the way OSX fell was because the end user was "tricked" into clicking on a site that had the exploit. That same tactic didn't work with either Ubuntu or Windows.

    The whole point of the second day was to see if you can "phish" your way into a machine so the end user wasn't actively allowing someone to get in they probably were just doing every day stuff. The attacker wasn't directly saying they had to do this and this he probably just spoof a webpage like youtube or something. And maybe in the interest of time said "you should check your bank account/youtube/email" or something of that sort. So unfortunately your knowledge is incorrect.

    Also from a personal stand point I know a lot of Windows user who had experienced spyware and bs like that so they are a lot more careful when doing things.
  • redfox2600, on 03/29/2008, -0/+1@DanMiller by your logic my win 95 box is secure so long as I don't use it. Also even with user interaction both Windows and Ubuntu still where standing after that.
  • 4DFX, on 03/29/2008, -0/+1Latest news: http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn ...
    Vista got pwnd.
  • inactive, on 03/28/2008, -0/+1That's IF they are using VMWARE and the user uses that computer under VM, AND that issue was already fixed.

    So lets get back to the issue rather then avoiding it with old news!
  • maexus, on 03/29/2008, -1/+2The vulnerability was with Safari and the same exploit was used to crack the iphone. If I use Firefox, oddly enough, that exploit stops working. It has nothing to do with the hardware.
  • adammharvey, on 03/29/2008, -0/+1your mother got owned, by me.
  • jakem1, on 03/29/2008, -0/+1I'm afraid you're wrong. All three computers were being hacked at the same time. It's just that Miller was the first to have a go at the Mac and hacked it instantly. At the end of the day neither the Vista nor the Linux machines were hacked. So people did bother with the other two boxes. Various teams tried to break into them but nobody was able to. It had nothing to do with people trying harder to get the "cooler" computer first. The Mac went down first because it was the least secure - pure and simple.
    Also, the 24 hour thing is irrelevant. Apparently nobody went near any of the machines on the first day because the test was considered too hard. When the next day began with a new set of rules the Mac fell within 2 minutes.
  • OmegaNine, on 03/29/2008, -0/+1....Well DiggLive, you called it.
  • missito, on 03/30/2008, -0/+0So hackers prefer Macs, what else :-)
  • Fetching more discussions...
    Show 51 - 86 of 86 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.