MacDailyNews - Where Mac news comes first

@MDN:
That's so funny!!!
ROTFL

"Organizers say they have seen 'some activity' on the network set up with the two new MacBooks [...]"

It seems there is not much interest...

Wow - first post without trying!
Cool

So each day they're going to "lower the barrier" until the final story coming out of the conference is "Macbook hijacked!"

Great take MDN, this is why i come here

MW "lost" - As in all is lost when any form of windows is installed on a mac!! lol

hahahaha @ MDN

that's prob what they will end up doing!!!

its just sad they have to 'lower the barriers' so they can actually hijack the macbook (pro, since its a 15'' and 17''). Yea i can't wait for the headlines 'Macbook hijacked!!' cause everyone in the windows world won't take the time to read how they 'lowered the barriers' to even get the job done. Friggin idiots.

I agree. Why are they lowering the barriers? Not very realistic, and in the end whatever non-mac-enthusiast press that picks it up will do their typical half-assed job of fact finding. Waiting for it...

The stunt is sponsored by M$. Bill Gates is pissed because everyone is laughing at him for saying Macs are compromised every day.

The rigged rules drop the Mac's defences until an attack is successful. Then Gates can say, "Neener, neener. I was right."

Does it count if they literally hijack and physically steal the thing?

How far down must the defenses go before the Mac can be hijacked?
Anyone have an idea?

It seems there is not much interest...

Yeah, there's rarely interest in $10,000. If there's any lack of interest, it's because hackers already know it's futile.

Hell no! And they won't get hacked into!
To Hell with Bill Gates and that fat monkey boy anyway.

Let's see if anyone can actually hack them without cheating. So far everyone who has put up a challenge like this has gotten a winner but only because they cheated and had physical access to the Mac.

If this is legit than there will be no winner unless they reboot into Bootcamp and Windows like MDN said.

Naraine reports, "On the second day, the barrier will be lowered a bit and the attackers will be allowed to put exploit code on a special wiki and launch drive-by exploits on the Mac's built-in Safari browser. If the machines survive this level, the attacker will be allowed to connect to over USB or Bluetooth."

Ok, that just seems wrong. It was too tough, so we'll let you gain physical access to it? Baah

@ Matrix3

Way to go man.... first post without even trying.... you be da MAN!

Common sense would tell you not to lower the barriers. It sounds like the public schools. The students can't pass the test so you just make the tests easier. This makes dumber students and an incompetent workforce.

What will they end up doing, giving the person hands-on access complete with admin password?

That is the funniest MDTake i have read in many years.

Cheers!

Whee! I'm gonna do the Smug Dance now! Smug smug smuggy smug, I'm so smug! Woo-hoo! Eat it, Windows-lovers!

Every time someone tries to engineer a publicity stunt to show folks like me how "insecure" our Macs are, it always backfires and demonstrates just how ridiculously safe Mac OS X really is!

Smugness level at 9 and climbing!

Meanwhile, back in Redmond, the security team is burning the midnight oil....

Kind of hard to say you "hijacked" the MacBooks when they'll basically end up giving the "hackers" the keys to the ride.

The sponsors and whoever in the end claims they "jacked" the Mac should feel pretty stupid.

Where is the VISTA $10,000 hack challenge?

At the fourth day tbarrier will not only lowered, but removed and hackers will be allowed to install Windows Vista on the Macbook.

I wonder if by "lower the barrier" they mean give out the administrator password. This contest would have been a lot more interesting if they had a Vista PC along with the Macs for hacking.

However, If I were to put myself in the hacker's shoes, I might find that this "contest" only proves that Macs are so much harder to get into and are far more secure. Having this demonstrated by an unsuccessful live hacking, why would I continue to use a PC? I wonder how many hackers will leave this conference convinced that Macs are inferior to PCs and how many will be visiting an Apple store soon.

To make things more interesting, they should have put a pc with XP and a pc with Vista in the contest.

Then we would have seen the huge contrast.

Yeah, it's pretty lame to lower the barrier. It's like leaving your front door unlocked or open, depending on how they lower the barrier, and then asking if the house can be burglarized. Hehehe.

Windows users will only want to hear a hijacked Mac, IF IT HAPPENS, and not how it was hijacked.

@MDN, can somebody please fix the link? Thanks.

Another article on this, with some different facts:

http://www.securityfocus.com/news/11460

So M.X.N.T.4.1, someone is actually sitting there watching the hardware, and has a third computer monitoring the other two.

Question for you readers in the know: Apple issued a Sec update yesterday. Assuming it is not applied to the MacBook pros used in this contest can hackers use the breaches the patch fixes and to gain control of the machines?

Gee, to hear them talk, Bill Gates and George Ou should have strolled in there and taken the MacBooks by now.

[B]Not a true contest, conditions rigged

Under normal conditiions the Mac would on the internet 24/7.

Put those two bitches online, they would be pwned in a day guarranteed.

So put that fanboism back in the can right now.

Frank:

Yesterday's Security Update was applied to the machines, and then they were put online.

Wiseguy is smokin' that funny weed again.

The first phase of "lowering the barriers" is entirely realistic! The second phase, direct connect, is not. Quite a number of the exploits hitting the Windows crowd are Web-based, so there's little reason to deny them the chance to take advantage of that option. USB or Bluetooth? You are not getting that close to my workstation ... not without an escort.

Oh, and Wiseguy? What's with the bogus attempt to open BOLD text without a "close" statement? Sounds like something a troll would do.

DLMeyer - the Voice of G.L.Horton's Stage Page Pod-Cast

Hey WiseGuy, isn't this a competition only for those at the conference? So the Macs are open to only them on the network. That's the point of the whole thing.

@ Wiseguy. "Put those two bitches online, they would be pwned in a day guarranteed [sp]." I don't know how you would get the idea that these macs are not connected to the internet. Let me spell it out for you, these Macbooks are connected to the internet, Hackers are connecting remotely from their computers and trying to hack it to gain access to files on it. How would the contest work if the mac were not networked? Did you think the hackers were physically sitting in front of the laptop?

About people complaining about "lowering the barriers": I think that's an excellent idea, and the conditions are fair. On the second day, the mac will visit a wiki page in Safari that hackers will be using to attempt drive-by exploits. This is fair because in the wild, a user might run into a website specifically engineered to perform an exploit. I know a couple URLs like that, that will instantly fuck up a Windows computer on Internet Explorer. It's only fair to test the mac under these conditions, since computers are often hacked through malicious websites.

On the third day, hackers will be connecting directly through USB and Bluetooth. Again, this is fair, because users might be subjected to this type of thing in the wild. I've accidentally infected a Windows computer over USB before.

This will be a tough challenge, and I for one want to know the results. I have confidence that Mac OS X under default settings will once again emerge itself impervious. If it is possible to hack into Mac OS X, I want to know the truth. I don't want to be coddled like some half-retarded fanboy. If someone can hack into one of these Macbooks, I can handle the news, and have great interest in knowing the truth of the matter.

CHEAT PEOPLE!!!!

CHEAT!!!!

THAT'S THE FOUNDATION OF HACKING!!! DON'T JUST TRY TO HACK THE COMPUTER!!! HACK THE CONTEST!!!

Jeeze. Do I have to do everything?

@ Drunk Cheney
Where is the VISTA $10,000 hack challenge?

At $20 right now. (See my last post.)

@ theloniousMac
CHEAT PEOPLE!!!!

CHEAT!!!!

THAT'S THE FOUNDATION OF HACKING!!! DON'T JUST TRY TO HACK THE COMPUTER!!! HACK THE CONTEST!!!

Yeah, that's right! Go right to the contest location and manually use the machine. If the MacBook won't let you, then you know what they say…

IF YOU CAN'T HACK IT, WHACK IT!!!!

Thank you for your lack of support, and remember that the "Hack a PC" contest reward has just dropped from a $20 bill to a $18.96 bill.

today is last day of the contest.

Seems those $10k were as safe as if in a bank.

I'm certainly not going to be "lowering any barriers" to make it easier for a hacker/cracker to get into my machine, and I'm surrounded by PCs at work, so why should they? Realistic or not, doing that seems to me to be changing the terms of the contest in mid-stream. Lessens the impact of success, and will surely be fodder for FUD in the mainstream press if someone manages to do something with the "lesser" barrier, let alone the absolutely crazy notion of giving physical access.

My take is that if nobody could PWN the machines under the original parameters, then no one gets to OWN - and the $10k does not change hands.

> How far down must the defenses go before the Mac can be hijacked?

Not until someone sticks a Post-It note on the edge of the display with the user name and password (an all too common practice).

Bill Gates says Macs are hacked everyday.

Not yesterday!

BuriedCaesar: "I'm certainly not going to be "lowering any barriers" to make it easier for a hacker/cracker to get into my machine, and I'm surrounded by PCs at work, so why should they? Realistic or not, doing that seems to me to be changing the terms of the contest in mid-stream. Lessens the impact of success, and will surely be fodder for FUD in the mainstream press if someone manages to do something with the "lesser" barrier, let alone the absolutely crazy notion of giving physical access."

I think lowering the barrier is a good idea of a measure at how hard it is to hack into something. If you stick only with the original condition, all you know is no one hacked into it at that condition and did not investigate other vectors of attack based on easier conditions which are just as realistic (i.e. if you browse a suspicious website or if someone has a physical access to your computer). It is one way of finding that lowest level of the barrier and try to raise it from that level. This is a security conference and not a PR job. They probably couldn't care less about what journalists think.

@../.

Good point, and I agree with you in principle about those parameters in that respect, but we can also be absolutely sure there are some "journalists" out there who are lurking around, hoping beyond hope that something DOES happen, and they're going to get their hands on this news one way or another, especially if there IS a successful crack, and they certainly won't care at what "level" that occurred, and they certainly won't attempt to explain it to the masses in any way that makes sense.

If there's no successful "attack", then it becomes non-news. A non-event. And sadly, it will be much, much less likely to get reported, because those same media sharks won't smell any blood.

Hey WiseGuy, isn't this a competition only for those at the conference? So the Macs are open to only them on the (local) network. That's the point of the whole thing.

Well that's why I said it's rigged.

Put those bitches on the internet instead and they would be pwned.

It's not a matter of lowering the conditions, but making the challenge more realistic to actual conditions that all our Mac's face.

Let's hope the Admin password is not steve or jobs or apple or something equally as obvious.

Physical access is physical access. Every previous proof of concept exploit used physical access.

Of course, every previous exploiter, with their proof of concept exploit, also had the admin password. Anyone can hack their own computer.

There is no Airport Extreme wireless card in either machine, that's why no one has hacked 'em. Fooled ya!

One Macbook Pro down. An exploitable safari flaw, triggered by a malicious webpage.

I love Apple, I use Apple. But I've NEVER understood the total smugness on the part of the fanboys-review all of the early comments, particularly MDN's. Apple is safer by far than Doze, but I hope this is a wakeup. A serious in the wild compromise WILL happen, it's just a matter of time.

@t0mb0, do you have a link about this? I can't find coverage to confirm or deny that.

Link below:

http://www.macworld.com/news/2007/04/20/hacker/index.php

I'm sceptical. How come this was'nt done before ? And if it's real, maybe security through obscurity was true, after all.