“The prize in the hack-a-Mac contest at the CanSecWest conference here just got bigger,” Joris Evers blogs for CNET.
Evers reports, “TippingPoint, which runs the Zero Day Initiative bug bounty program, is offering to pay $10,000 to the hacker who commandeers one of two MacBooks. The target computers are connected to a wireless access point and fully patched, including the update for 25 vulnerabilities that Apple released on Thursday.”
“CanSecWest organizers have set up the MacBooks with all security updates, but without additional security software or settings. Attendees are able to connect to the machines via the access point through Ethernet or Wi-Fi,” Evers reports.
Full article here.
The CanSecWest home page states, “Gentlemen_Start_Your_PWNing: The 2.3Ghz 15″ Macbook Pro is on 192.168.0.42 and can be yours if you follow the instructions in the home of the default user, and the 2.3Ghz 17″ Macbook pro is on 192.168.0.43 and can be yours if you follow the instructions in the filesystem root (this one will need admin compromise).”
The eighth annual CanSecWest conference is being held April 18-20 at the Mariott Renaissance Harboursider hotel in downtown Vancouver, British Columbia.
Link: http://cansecwest.com/post/2007-04-19-12:30:00.Gentlemen_Start_Your_PWNing
[Thanks to MacDailyNews Reader “Shinobi” for the heads up.]
Related MacDailyNews article:
Apple MacBooks hold strong, remain unhacked after first day of $10,000 ‘Hack a Mac’ challenge – April 20, 2007
CanSecWest to hold ‘PWN to OWN’ contest: pits Apple MacBook Pros vs. hackers – March 26, 2007
Microsoft’s oft-delayed, much-pared-down Windows Vista hacked at Black Hat – August 07, 2006
Microsoft publicity stunt asks hackers to attack Windows Vista – August 04, 2006
Apple Mac remains ‘unhacked’ as University of Wisconsin’s Mac OS X Security Challenge ends – March 08, 2006
Mac OS X ‘unhacked’ over 24 hours and counting in genuine security challenge – March 07, 2006
@wiseguy
Were you able to do port scan? I tried to ping both machines but was not able too.
TCP port 21 ftp is open on 192.168.0.42
more to come….
@Shinobi
Telling by your name it’s possible they are shutting out foreign IP’s.
Thre are plenty of good reasons for this obviously.
For general information, this contest is being held on an open wifi network, and is not accessible on the general internet. The 192.168.0.0 IP block is a block that is NOT passed by internet routers, and is therefor limited to local, private networks. The contest is limited to attendees of the conference and is not a general, public contest.
If the two above clowns are truly scanning for those two MacBooks, they MUST be in attendance, and within wifi distance of the router they are attached to.
So the comment about foreign IP’s being blocked tells me that they are trolling…
There will be no winner and they know it.
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
ohhh DL Meyer is back with his link to his dumbass website !
go away spammer !
Cisco routers are swiss cheese.
@WiseGuy
What, pray tell, is that comment about Cisco routers supposed to mean, and what does it have to do with this thread?
Hey Wise Guy, let us know when you get that 192.168.0.42 address hacked, and then realize you’ve broken into your own Windows box inside your private NATd home network.
First Mac PWND!
Heres there article (and I’m NOT kidding):
http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow
^^^ Oh, it was a SAFARI exploit. Seriously, I’m not joking about this.
^^^(keep forgetting stuff)
And please people, be realistic about this. Don’t blow it off and say “They didn’t get root, etc. etc.”. They got a SHELL with user level privileges. That is NOT good not matter how much you may want to minimize it. And the fact that it was done via the web and not a local user hack is troublesome.
I run Camino, so I’m not sure if the exploit applies – all they mention is Safari. Yikes.
Actually, the most troublesome thing about this is that they were completely updated and patched. So this is a zero day exploit, and one that is NOT patched.
That said, I would like to know, is this a previously unknown vulnerability, or is it one that was previously publicized but not yet patched?
Either way, time for Apple to get their butts in gear and get this fixed!
The GOOD news is, the 17 incher that requires root access has NOT been hacked yet.
MW: away, as in WiseGuy seems to be away hacking his own box!
Didn’t they do this like 6 months ago and offer $20,000? They had it for Windows, Linux, and Mac. If I remember correctly, Windows and Mac got hacked while nobody managed to hack the Linux box, right?
–Wolfenstein Enemy Territory Hacks