PWN to OWN: Hack a Mac, Win a Macbook Pro and $10000

CanSecWest ConferenceLast week, US IT security corporation TippingPoint offered $10000 to the first person who would be able to hack into one of their Macbook Pro located at the CanSecWest conference. People interested in participating only had to present themselves at the conference and bust into one of the two designated laptops. Both machines, which were available via Wi-Fi or Ethernet, had all the latest updates from Apple installed.

We’ve announced that we will be having a contest “PWN to OWN” where two, pimp, loaded up, Apple Macbook Pro’s will be set up on their own AP (with security updates but otherwise default) and attendees will be able to connect to the ethernet or WiFi. The first to exploit it (there are victory conditions, and progressive rules over the three days) gets to go home with it. (Limit one per person, Can’t use the same vuln on both.) If they survive the three days in the “jungle,” they become prizes for best lightning talk and best speaker. Detailed contest rules to follow shortly (Source: CanSecWest)

Originally, TippingPoint had decided to give away one of the 2 laptops to the victor of the challenge, but finally, they chose to increase the stake by offering an additional prize of $10000 on top of the existing one.

The competition ended only 9 hours after it started when Shane Macaulay and Dino Dai Zovi, a software engineer and security researcher, were able to find and exploit a new vulnerability that took advantage of an open Safari browser window.

“A New York-based security researcher spent less than 12 hours to identify and exploit a zero-day vulnerability in Apple’s Safari browser that allowed him to remotely gain full user rights to the hacked machine. The feat came during the second and final day of the CanSecWest “pwn-2-own” contest in which participants are able to walk away with a fully-patched MacBook Pro if they are first able to hack it.

The exploit means that Dino Dai Zovi is the rightful owner of the 2.3Ghz 15-inch MacBook Pro and a $10,000 prize offered by Tipping Point, which runs the Zero Day Initiative bug bounty program. More importantly, his work effectively throws cold water on tired claims from Apple and its many lackeys that the Mac is all but immune from the kind of security attacks more regularly perpetrated against Windows-based machines.”

Yes folks, this only proves one thing: the unbeatable Mac security that Apple users have been boasting about for years has always been a myth.

(via The Register)

Advertisement





14 Responses to PWN to OWN: Hack a Mac, Win a Macbook Pro and $10000

  1. Well ..you missread the original article and forgot some important things to mention:

    1. the flaw involves a mail sent to that computer with a link to a special crafted page. From the http://www.cansecwest.com website: "There has not been a successful attack. Time to expand your attack surface. Email links to and we will visit them from the target machines using Safari."

    2. one of the biggest sponsor of the CanSecWest is, tadaa, Microflop, oops, Microsoft.

    If you really wanna discuss about Mac vs Windows security and suppose the hack could be used remember that this is 1 (one) method – I can say at least 100 (one hundred) on Windows.

    I rest my case.

    • go for it, list the 100 reasons off the top of your head right now… I've got time. No, i bet you couldn't, because it's people like you who don't actually know of any of these exploits or holes, you are yet another of the sheep that jump on the lets hate MS bandwagon and leech off of the over-hyped and over-played "It's got more holes than swiss-cheese"

      Now i'm not saying windows is a good OS by any means, i use linux almost 100% of the time nowadays… but still

      dave

  2. Well ..you missread the original article and forgot some important things to mention:

    1. the flaw involves a mail sent to that computer with a link to a special crafted page. From the http://www.cansecwest.com website: "There has not been a successful attack. Time to expand your attack surface. Email links to and we will visit them from the target machines using Safari."

    2. one of the biggest sponsor of the CanSecWest is, tadaa, Microflop, oops, Microsoft.

    If you really wanna discuss about Mac vs Windows security and suppose the hack could be used remember that this is 1 (one) method – I can say at least 100 (one hundred) on Windows.

    I rest my case.

    • go for it, list the 100 reasons off the top of your head right now… I’ve got time. No, i bet you couldn’t, because it’s people like you who don’t actually know of any of these exploits or holes, you are yet another of the sheep that jump on the lets hate MS bandwagon and leech off of the over-hyped and over-played “It’s got more holes than swiss-cheese”

      Now i’m not saying windows is a good OS by any means, i use linux almost 100% of the time nowadays… but still

      dave

  3. Sheep? Come on now Dave …

    1. The article is wrong. Period. You read only the title of the CanSecWest article or you're stoned. I hope you're stoned. It says clear enough: there hasn't been found a hack and they expanded the attack surface to Safari. Simple enough. Even a sheep would understand it …

    2. If you really want to start hacking Windows send me a mail and I'll point you to some websites that teach you how to do it.

    I wonder what made you use Linux in the first place? The super-nice GUI? Or maybe the apps? Or …

    Let's not make a war out of this. You use Linux and you're happy, I use Mac OS X and I'm happy, Bill Gates uses Windows and he's happy. Get the point?

  4. Sheep? Come on now Dave …

    1. The article is wrong. Period. You read only the title of the CanSecWest article or you’re stoned. I hope you’re stoned. It says clear enough: there hasn’t been found a hack and they expanded the attack surface to Safari. Simple enough. Even a sheep would understand it …

    2. If you really want to start hacking Windows send me a mail and I’ll point you to some websites that teach you how to do it.

    I wonder what made you use Linux in the first place? The super-nice GUI? Or maybe the apps? Or …

    Let’s not make a war out of this. You use Linux and you’re happy, I use Mac OS X and I’m happy, Bill Gates uses Windows and he’s happy. Get the point?

  5. Simply both apple and microsoft are big businesses looking to earn as much profit as they can. Both companies have many intelligent software designers and architects working constantly on keeping there systems working well. However there is one difference, microsoft doesn't have the same ideals. If they did, they would design there software to last long instead of having built in obsolescence, as I hope everyone can admit. If they put ideals as close as they did to profits the software would be tested to no end and be more open to the public. However that would compromise the monopoly of their unique establishment pirates of silicon valley (it's not totally serious, but is to some extent true) "You don't get it Steve, it doesn't matter who's stuff is better, it doesn't matter".

    They are all thieves and pirates, some are just more obsessed with integration into lifestyle and design. and some are simply concerned about getting their software out to as many people as possible. Even though they are entirely different by method and nature, no one is completely incapable of serving a purpose to people, and as such persist for better or worse.

  6. Simply both apple and microsoft are big businesses looking to earn as much profit as they can. Both companies have many intelligent software designers and architects working constantly on keeping there systems working well. However there is one difference, microsoft doesn’t have the same ideals. If they did, they would design there software to last long instead of having built in obsolescence, as I hope everyone can admit. If they put ideals as close as they did to profits the software would be tested to no end and be more open to the public. However that would compromise the monopoly of their unique establishment pirates of silicon valley (it’s not totally serious, but is to some extent true) “You don’t get it Steve, it doesn’t matter who’s stuff is better, it doesn’t matter”.

    They are all thieves and pirates, some are just more obsessed with integration into lifestyle and design. and some are simply concerned about getting their software out to as many people as possible. Even though they are entirely different by method and nature, no one is completely incapable of serving a purpose to people, and as such persist for better or worse.

  7. Never mind all this super geekery! The point is that I've had a mac for four years now, I haven't been shy about the sites I visit or the downloads I make and in all that time I have had one virus on my system. It was a windows virus that just sat there, very cutely looking for a registry or something. In all that time I haven't had to re-install my operating system or even open up my box (except to pop in a big HD).

    Nuff said.

  8. Never mind all this super geekery! The point is that I’ve had a mac for four years now, I haven’t been shy about the sites I visit or the downloads I make and in all that time I have had one virus on my system. It was a windows virus that just sat there, very cutely looking for a registry or something. In all that time I haven’t had to re-install my operating system or even open up my box (except to pop in a big HD).
    Nuff said.