MacBook Air hacked!!

March 30, 2008

MacBook Air

A team of security researchers has won $10,000 for hacking a MacBook Air in two minutes using an undisclosed Safari vulnerability.

IDG News Service is camped out at CanSecWest in lovely Vancouver, Canada, and has chronicled the exploits  of Charlie Miller, Jake Honoroff, and Mark Daniel of Independent Security Evaluators during the Pwn to Own contest sponsored by TippingPoint. The contest includes three laptops, running the most up to date and patched installations of MacOS X Leopard, Windows Vista, and Ubuntu Linux:

  • VAIO VGN-TZ37CN running Ubuntu 7.10
  • Fujitsu U810 running Vista Ultimate SP1
  • MacBook Air running OSX 10.5.2

The main purpose of this contest is to responsibly unearth new vulnerabilities within these systems so that the affected vendor(s) can address them.The team was able to gain control of a MacBook Air on the second day of the hacking competition, which pitted the Air against Windows Vista and Ubuntu machines.

No one was able to execute code on any of the systems on Wednesday, the first day of the contest, when hacks were limited to over-the-network techniques on the operating systems themselves. But on the second day, the rules changed to allow attacks delivered by tricking someone to visit a maliciously crafted Web site, or open an e-mail. Hackers were also allowed to target “default installed client-side applications,” such as browsers.

The team had attack code already set up on a Web site, and was able to gain access to the MacBook Air and retrieve a file after judges were “tricked” into visiting the site. According to the TippingPoint DVLabs blog, a newly discovered vulnerability in Safari was used to gain control of the Air.

The contest rules stipulated that winners immediately sign a nondisclosure agreement relating to their technique, so that the vulnerability could be disclosed to the vendor, and TippingPoint said Apple has been informed of the vulnerability.

Last year’s contest was won by exploiting a QuickTime vulnerability, which was patched by Apple in less than two weeks. As of the time I posted this, no one had gained control of the Vista or Ubuntu machines, but I’ll update later as the results come in over the rest of the afternoon.

Advertisements

After reading through all the blogs this week, I was somewhat in a dilemma on what to respond to, There was very little in what interested me and the biggest news this week was Apple’s announcement of their new MacBook Air. But I think enough people have commented on this new innovation and although it seems like a great thing for Apple it appears that a lot of users will be dissappointed because of the lack of a ethernet port and no DVD drive in it. However, Seth’s blog on the shortage of digital coaches did somewhat catch my eye or at least 1 comment. He said, “Here are three things that are true:
1. Digital technology, especially computers and cell phones, can dramatically increase productivity.” Although this may be true, IMHO the use of computers and cell phones also can decrease productivity. Despite all these advances in technology and how fast we are able to achieve the results, we are still not able to process this information any faster or what to do it with all of this information. David Allen in his book Getting Things Done: The Art of Stress-Free Productivity says that”says CIOs should focus more on individual accountability and personal behavior, and less on technology.” I think that even though we have the ability to access information so quickly and almost everywhere, we still need to learn to unscramble all of this information and be able to make good decisions. Its still human nature for individuals at work to abuse the computer for their own personal use (Cyberslacking). This type of behaviour is costing businesses in the U.S. about $85 billion a year according to Websense Inc. in 2002. How much is this costing businesses today? Is this really more productive?

Tony Elliott

Macbook Air?

January 16, 2008

I don’t have a lot of time at the moment so I’m just going to do a little post because I’m intrigued. Doesn’t really have a lot to do with the course either because it’s more about a physical product, aka. its a laptop. A disgustingly thin laptop. For those of you that don’t see the difference, here’s a tip, the laptop is sitting on top of their old Macbook pro. Just scroll through the pictures. It’s like a piece of paper folded in half.

Anyway sorry if this wasted your time, but I was just really surprised at how thin it is. You know it has to be good when an ex-Microsoft employee (Scoble) is excited about it.
P.S. Hopefully my link words 🙂

Cheers.

David McKenna