“Two tricked-out MacBook laptops have survived the first day of a ‘PWN to OWN’ contest that dared hackers to take control of default Mac OS X installations,” Ryan Naraine blogs for ZDNet.
“The contest started around midday Thursday, the second day of the CanSecWest conference here and triggered interest from hackers in attendance… Organizers say they have seen ‘some activity’ on the network set up with the two new MacBooks — a 17″ and a 15″ — but details remained scarce when the day ended,” Naraine reports. “To win, the attacker must commandeer the machine and find a file with instructions on how to SSH to a server to authenticate the hijack.”
Naraine reports, “On the second day, the barrier will be lowered a bit and the attackers will be allowed to put exploit code on a special wiki and launch drive-by exploits on the Mac’s built-in Safari browser. If the machines survive this level, the attacker will be allowed to connect to over USB or Bluetooth.”
Full article here.
If they really want to give away the MacBooks and the $10,00 prize, on the third day they ought to install Boot Camp and Windows on them. It would probably take about 10 minutes to find a winner.
Related articles:
CanSecWest sweetens ‘Hack a Mac’ contest pot to $10,000 – April 20, 2007
CanSecWest to hold ‘PWN to OWN’ contest: pits Apple MacBook Pros vs. hackers – March 26, 2007
Microsoft’s oft-delayed, much-pared-down Windows Vista hacked at Black Hat – August 07, 2006
Microsoft publicity stunt asks hackers to attack Windows Vista – August 04, 2006
Apple Mac remains ‘unhacked’ as University of Wisconsin’s Mac OS X Security Challenge ends – March 08, 2006
Mac OS X ‘unhacked’ over 24 hours and counting in genuine security challenge – March 07, 2006
@MDN:
That’s so funny!!!
ROTFL
“Organizers say they have seen ‘some activity’ on the network set up with the two new MacBooks […]”
It seems there is not much interest…
Wow – first post without trying!
Cool
So each day they’re going to “lower the barrier” until the final story coming out of the conference is “Macbook hijacked!”
Great take MDN, this is why i come here
MW “lost” – As in all is lost when any form of windows is installed on a mac!! lol
hahahaha @ MDN
that’s prob what they will end up doing!!!
its just sad they have to ‘lower the barriers’ so they can actually hijack the macbook (pro, since its a 15” and 17”). Yea i can’t wait for the headlines ‘Macbook hijacked!!’ cause everyone in the windows world won’t take the time to read how they ‘lowered the barriers’ to even get the job done. Friggin idiots.
I agree. Why are they lowering the barriers? Not very realistic, and in the end whatever non-mac-enthusiast press that picks it up will do their typical half-assed job of fact finding. Waiting for it…
The stunt is sponsored by M$. Bill Gates is pissed because everyone is laughing at him for saying Macs are compromised every day.
The rigged rules drop the Mac’s defences until an attack is successful. Then Gates can say, “Neener, neener. I was right.”
Does it count if they literally hijack and physically steal the thing?
How far down must the defenses go before the Mac can be hijacked?
Anyone have an idea?
It seems there is not much interest…
Yeah, there’s rarely interest in $10,000. If there’s any lack of interest, it’s because hackers already know it’s futile.
Hell no! And they won’t get hacked into!
To Hell with Bill Gates and that fat monkey boy anyway.
Let’s see if anyone can actually hack them without cheating. So far everyone who has put up a challenge like this has gotten a winner but only because they cheated and had physical access to the Mac.
If this is legit than there will be no winner unless they reboot into Bootcamp and Windows like MDN said.
Naraine reports, “On the second day, the barrier will be lowered a bit and the attackers will be allowed to put exploit code on a special wiki and launch drive-by exploits on the Mac’s built-in Safari browser. If the machines survive this level, the attacker will be allowed to connect to over USB or Bluetooth.”
Ok, that just seems wrong. It was too tough, so we’ll let you gain physical access to it? Baah
@ Matrix3
Way to go man…. first post without even trying…. you be da MAN!
Common sense would tell you not to lower the barriers. It sounds like the public schools. The students can’t pass the test so you just make the tests easier. This makes dumber students and an incompetent workforce.
What will they end up doing, giving the person hands-on access complete with admin password?
That is the funniest MDTake i have read in many years.
Cheers!
Whee! I’m gonna do the Smug Dance now! Smug smug smuggy smug, I’m so smug! Woo-hoo! Eat it, Windows-lovers!
Every time someone tries to engineer a publicity stunt to show folks like me how “insecure” our Macs are, it always backfires and demonstrates just how ridiculously safe Mac OS X really is!
Smugness level at 9 and climbing!
Meanwhile, back in Redmond, the security team is burning the midnight oil….
Kind of hard to say you “hijacked” the MacBooks when they’ll basically end up giving the “hackers” the keys to the ride.
The sponsors and whoever in the end claims they “jacked” the Mac should feel pretty stupid.
Where is the VISTA $10,000 hack challenge?
At the fourth day tbarrier will not only lowered, but removed and hackers will be allowed to install Windows Vista on the Macbook.
I wonder if by “lower the barrier” they mean give out the administrator password. This contest would have been a lot more interesting if they had a Vista PC along with the Macs for hacking.
However, If I were to put myself in the hacker’s shoes, I might find that this “contest” only proves that Macs are so much harder to get into and are far more secure. Having this demonstrated by an unsuccessful live hacking, why would I continue to use a PC? I wonder how many hackers will leave this conference convinced that Macs are inferior to PCs and how many will be visiting an Apple store soon.
To make things more interesting, they should have put a pc with XP and a pc with Vista in the contest.
Then we would have seen the huge contrast.