“The prize in the hack-a-Mac contest at the CanSecWest conference here just got bigger,” Joris Evers blogs for CNET.
Evers reports, “TippingPoint, which runs the Zero Day Initiative bug bounty program, is offering to pay $10,000 to the hacker who commandeers one of two MacBooks. The target computers are connected to a wireless access point and fully patched, including the update for 25 vulnerabilities that Apple released on Thursday.”
“CanSecWest organizers have set up the MacBooks with all security updates, but without additional security software or settings. Attendees are able to connect to the machines via the access point through Ethernet or Wi-Fi,” Evers reports.
Full article here.
The CanSecWest home page states, “Gentlemen_Start_Your_PWNing: The 2.3Ghz 15″ Macbook Pro is on 192.168.0.42 and can be yours if you follow the instructions in the home of the default user, and the 2.3Ghz 17″ Macbook pro is on 192.168.0.43 and can be yours if you follow the instructions in the filesystem root (this one will need admin compromise).”
The eighth annual CanSecWest conference is being held April 18-20 at the Mariott Renaissance Harboursider hotel in downtown Vancouver, British Columbia.
Link: http://cansecwest.com/post/2007-04-19-12:30:00.Gentlemen_Start_Your_PWNing
[Thanks to MacDailyNews Reader “Shinobi” for the heads up.]
Related MacDailyNews article:
Apple MacBooks hold strong, remain unhacked after first day of $10,000 ‘Hack a Mac’ challenge – April 20, 2007
CanSecWest to hold ‘PWN to OWN’ contest: pits Apple MacBook Pros vs. hackers – March 26, 2007
Microsoft’s oft-delayed, much-pared-down Windows Vista hacked at Black Hat – August 07, 2006
Microsoft publicity stunt asks hackers to attack Windows Vista – August 04, 2006
Apple Mac remains ‘unhacked’ as University of Wisconsin’s Mac OS X Security Challenge ends – March 08, 2006
Mac OS X ‘unhacked’ over 24 hours and counting in genuine security challenge – March 07, 2006
{crickets chirping}
*Yawn*
Anything yet?
What’s wrong MDN? No smug comments for once?
Sounds like a perfect application of the Kobyashi Maru. I mean, that is the essence of hacking now isn’t it?
no wonder, the site is being sponsored by microsoft
What…? No fake “third party wireless card” this time? Good luck hackers…! You get a free MacBook and $10,000. If this doesn’t produce any successful (and legitimate) hacks, nothing will.
Where the hell’s WiseGuy when we wanna rub his face in his BS?!
So the Mac’s not popular enough to warrant any attention from hackers, eh?
MDNMW: dead, as in I reckon WiseGuy’s argument is dead in teh water.
I can’t WAIT to see the outcome of this challenge! What a great promotion for Mac security!
They should’ve set up a Windows PC as a third machine just for comparison.
“Originally a successful hack would be rewarded with the MacBook. There had been some rumblings among event attendees that the reward was not big enough to draw interest.”-from the article
Sounds like an excuse to me. I just don’t think they want to show what wienies they are in front of their little friends.
I can’t remember where I read it, but someone say that OS X’s firewall “ain’t that great”. I’d like to know the justification behind that. A firewall either lets traffic through, or doesn’t. OS X’s firewall has more advanced features, such as Stealth mode. Not finding that on any Windows PCs sitting around here…
” width=”19″ height=”19″ alt=”smile” style=”border:0;” />
But only a few weeks ago Bill Gates was assuring us that Macs are getting taken over every day.
How come nobody is taking over these ones ? There’s the financial reward, a couple of nice new laptops and a great deal of fame to be had, so it seems very strange that people are supposedly taking over other Macs, but not bothering with these.
If nothing else, as Bill Gates knows that people are taking over Macs, he should bribe one of those people to go to Vancouver and get on with it, otherwise Bill’s assertion will be shown to be totally false.
Meanwhile, the prize for a similar “Hack a PC” contest is $20 and rapidly dropping. You are to hack an ultra-new Vista Ultimate computer that constantly runs Windows Live OneCare and has received all the latest patches. (Yes, the computer itself is new.)
One more thing.
You must do it twenty times in a row! Thus the twenty dollars.
Twenty for twenty PC’s, Ten grand for one Mac. Take that, Bill. And sorry, Bill, I don’t know where this one’s taking place.
Thank you for your lack of support, and remember that new windows still break easily.
It bothers me to see these contests where people are essentially paid to demonstrate a criminal capability. Someone will eventually break into a Mac running OSX, Bill Gates et al will do a big “I told ya so” dance, and our lives will become less safe for it. OSX has vulnerabilities and I’d just as soon not see a successful exploit of any of them. Though, you’d think the record of the past several years would be calming for me.
DLMeyer – the Voice of G.L.Horton’s Stage Page Pod Cast
> Someone will eventually break into a Mac running OSX, Bill Gates et al will do a big “I told ya so” dance, and our lives will become less safe for it.
Why? If someone hacks a Mac after so much effort, it doesn’t make Mac OS X any less safe. It will just demonstrate how much more difficult it is, compared to Windows. Bill Gates won’t say anything because it will draw more attention to how embarrassing Windows “Cancel or Allow” security is in comparison. And if no one can hack a Mac, WE Mac users can do the “I told ya so” dance. There is no downside to letting the best “criminals” give it a shot in a safe environment; if an exploit is actually demonstrated, that’s one less exploit that will appear in the real world.
keeping my fingers crossed for the result….
meanwhile …i hope my pc doesnt get hacked by that time …just hope
Any idea how many people are actually participating in this event?
Maybe Microsoft could change the name of XP to Vista Classic. That way they could still sell millions of copies of Vista.
Scott
I was just looking up their site last night. What happened to Pwn_to_Own? They were going to give out the MBP. Guess the organizer got a chance to work with the MBP and didn’t want to give it up.
I think “spectacular failure” should cover it.
Wow, $10,000 worth of pot to the winner?
I just got a contact high from the article….
Don’t forget the people at this conference are PROFESSIONAL Hackers. They are paid to discover and alert corporations of security problems on their systems. Some of the attendees are the people that find the flaws for Apple, and Microsoft.
Even if the pros were to come up with a proof of concept hack, unless they can actually make that concept work its a no go, and the Security “Myth” on Macs is going to grow significantly.
It makes me wonder how many government employees from various countries are at this conference. If they do not succesfully hack these, I forsee a potential for a huge jump in Apple sales in various Governments.
192.168.0.42 port scan commencing….
Going for the easy one first before someone else gets it. haha
Wish me luck.
” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />
I’d donate a few hundred towards a bounty to do the same experiment with Vista. I’d love to see the comparison of results in the news.
What doesn’t kill Mac OS X only makes it stronger.
The last “Hack a Mac” contest failed miserably, at least they learned a few things.
When I discovered one of the URL Handler exploits and contacted Apple about it, their security people acted very cavalier, like they wanted me to do their bug hunting for them.
Perhaps this is part of Steve’s master plan to drive interest in Mac OS X.
After all if it can’t be hacked, then what interest does it have to us geeks?
Help! I’m port scanning a “blackhole”. hehehehe
Go @wiseguy,
Your buddy Gates say these get hacked every day so you should have it already. Give us an update if you will. One every half hour would be a good timetable