toggle

AAPL Stock: 502.21 ( + 4.54 )

MacNN News

MacBook Air hacked within two minutes at expo

updated 11:55 am EDT, Fri March 28, 2008

Two-minute MB Air hack

The defenses of MacBook Air were hacked within moments in a recent security expo contest, reports say. During the CanSecWest conference's "PWN 2 OWN" competition, participants were expected to hack into one of three notebooks, and read the contents of a file using only an original zero-day attack. An award of $10,000 plus an Air is said to have gone to Charlie Miller, who broke into the computer within two minutes. This was accomplished by redirecting a web browser to a site with exploit code by Miller.

Under the terms of the competition, Miller cannot talk about the details of his exploit until the contest's sponsor notifies Apple, giving it a chance to rectify the problem. It is believed however that since the rules of the competition dictate relying on pre-installed software, the hack was directed through Apple's Safari software.

The speed of the hack is considered especially impressive given that last year, a break-in for the MacBook Pro required nine hours. At the end of Thursday's competition timeframe, two PC notebooks -- a Sony Vaio and Fujitsu U810 -- had yet to be cracked, according to observers.

by MacNN Staff

(43)

TAGS :

computers, security, Safari, MacBook Air

Share the Article

Facebook Twitter Delious Slash Dot Digg

toggle

Comments

Flying Meat
Fresh-Faced Recruit

Joined: Jan 2007

0

03/28, 12:04pm | report spam | close Reply |
woopsie!

Racers, start yer security software bashing engines.

t6hawk
Mac Enthusiast

Joined: Jan 2001

0

03/28, 12:13pm | report spam | close Reply |
Not entirely accurate

The supposed hack was on the second day of the challenge which isn't mentioned by MacNN. Not a single attendee entered the contest on day one, when all vulnerabilities had to reside in the machine's operating system, drivers or network stack. On day two, the attack surface was expanded to include browsers, mail applications and other common applications.

He exploited a bug in Safari. Nothing says this guy didn't find the exploit in Safari before going. Does this exploit affect firefox also?

James Katt
Fresh-Faced Recruit

Joined: Mar 2008

0

03/28, 12:20pm | report spam | close Reply |
Ah, not 2 minutes

What the article does not point out is that on the first 24-hours of the contest, the contestants were suppose to do an attack on the Mac remotely via the network alone.

No one could hack the Mac remotely via the network alone.

The second day, they relaxed the rules and allowed the contestants physical access to the Mac so that they could install an automated user to receive emails or use a browser to go to a malicious website set up by the contestant.

Duh.

It took more than 24-hours to hack the Mac. It takes days to program an automated user or develop and program a malicious website. They had to do the work even before the contest.

And it took physical access to the computer to hack it. They could not hack it over the network at all!

Thus the contest is a crock.

I doubt any user will allow a crook or stranger physical access to their personal computer. Once a person has physical access to a computer then any computer can be hacked. Through the firewire ports, any Windows computer is instantly compromised, for example.

Flying Meat
Fresh-Faced Recruit

Joined: Jan 2007

0

03/28, 12:30pm | report spam | close Reply |
I doubt

anyone would click on a malicious link?

I agree this was a bit unlikely, but people do leave their machines on and unattended. People do click on what used to be a benign link. People do (sadly) click links in unsolicited email messages, and/or allow images to be displayed in their email messages automatically,..

I smelled something fishy with this when it was pointed out that the hack was a browser redirect/malicious link dealie. Someone had to be using the machine and directed to click said link. It wasn't an "unattended" machine being hacked.

mr.mouse
Fresh-Faced Recruit

Joined: Feb 2008

0

03/28, 12:32pm | report spam | close Reply |
Any others?

Were any Windows or Linux machines hacked on Day 1? Also, on day 2, were any Windows or Linux machines hacked before the Mac?

Answers to these questions are the interesting bit.

manleycreative
Fresh-Faced Recruit

Joined: Sep 2005

0

03/28, 12:34pm | report spam | close Reply |
yeah

So...he had to use the browser to do it? Use the OS then get back to me with any serious claims of security flaws etc. with OS X.

jameshays
Fresh-Faced Recruit

Joined: Mar 2003

0

03/28, 12:38pm | report spam | close Reply |
Final Rule

So, the final rule is that if I click on a bogus link or I allow somebody on my machine to have complete access while I'm away, I'm a good candidate for a break in. Well, that's good to know....

mgpalma
Fresh-Faced Recruit

Joined: Sep 2000

0

03/28, 12:39pm | report spam | close Reply |
Social Engineering hack

More accurately. This took a user visiting a malicious or compromised site to work. Though no matter what version of Safari you are using, etc., this definitely has to be addressed by Apple, and it is. A lot of viruses, trojans, etc. are spread through socially engineered methods and so in my book are completely valid concerns. Obviously Mac OS X Leopard is much more secure than Windows at any level, but Apple really needs to be on top of releasing security patches quickly to show it's users that they take these matters seriously. ANd yeah, like te others have posted, this 'hack' did NOT take 2 minutes to craft. Execute, maybe, but not craft. There is a BIG difference.

mr.mouse
Fresh-Faced Recruit

Joined: Feb 2008

0

03/28, 12:39pm | report spam | close Reply |
Re: yeah

Was it not an Apple browser? Safari?

Security issues on modern systems are often triggered by user behaviour. Some of the more virulent attacks in the past (usually on Windows) have been links in emails, or attachment that have been opened by users.

Therefore, if all systems passed an external attack (day 1), but a boxed Mac (running OS X, Apple Safari and any other Apple bundled software) fell over before a standard Windows install (with the bundled IE, etc.) or a Linux Distro, then I would argue the the Apple kit failed RELATIVE to Windows and Linux.

This is not good news for me, as an OS X user, that my machine is less secure that my wife's Windows laptop, despite the Apple rhetoric about how secure their systems are compared to Windows. Not good at all.

designr
Fresh-Faced Recruit

Joined: Apr 2002

0

03/28, 12:39pm | report spam | close Reply |
What Version of Safari

What Version of Safari was installed?

Toyin
Mac Elite

Joined: Nov 2000

0

03/28, 12:40pm | report spam | close Reply |
Sorry

Looks legit. The other 2 machines (Vista and Ubuntu) are still running on day 3.

Am I worried? No, but it will make me a little more careful about what I do on my Mac in the future.

Clicking a link in a phishing email is something that even very experienced user might do if the email is convincing enough.

greenG4
Grizzled Veteran

Joined: Aug 2002

0

03/28, 12:42pm | report spam | close Reply |
Everyone...

...wanted the MB Air so that's what they attacked. I wouldn't bother hacking the Sony Vaio or Fujitsu U810 either if they were going to make me take them home.

simdude
Fresh-Faced Recruit

Joined: Jun 2004

0

03/28, 12:55pm | report spam | close Reply |
valid?

Until the details can be published, it's hard to say if the test was valid, but it sounds like it. Because the Safari browser is the default browser supplied by Apple, it is a valid security target. The fact that the site was designed to exploit the hole does not make this an invalid test. When you search Google, and click a link, do you know the site is legitimate before you click the link? If people used their computers that way, we wouldn't need search engines.

I think they should change the rules of the contest though. If you crack one machine, you have to pick one of the others for your prize. Of course everyone wants the Air and that's the one they targeted. The other machines are probably sitting there with no network traffic coming in. ;-)

ViktorCode
Fresh-Faced Recruit

Joined: Jan 2006

0

03/28, 01:14pm | report spam | close Reply |
real exploit

This one is not like many others reported by MacNN, it is a real exploit.

I applaud mr Miller for doing his brilliant and important work. Of course, the vulnerability had to be known in advance and you have to keep exploit script prepared and ready on your site. But reported "2 minutes" period is only relevant in view of the contest terms - the first to finish will take the prize. Nevertheless, mr Miller did a good job by demonstrating that Mac can be hacked given enough time and determination.

And if you are wondering, no, it is not a good time to buy antivirus software. It is time to change your browsing habits.

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

03/28, 01:15pm | report spam | close Reply |
flawed arguments

And it took physical access to the computer to hack it. They could not hack it over the network at all!

Thus the contest is a crock.

No, they had physical access just so they could set up an 'automated' user, a user that would do what most normal users would do. They did not NEED access to get it to work. They could have just gotten some guy to sit at his machine and perform normal daily routines to get it to work.

I smelled something fishy with this when it was pointed out that the hack was a browser redirect/malicious link dealie. Someone had to be using the machine and directed to click said link. It wasn't an "unattended" machine being hacked.

Most computers are not 'hacked' unattended anymore. They're usually gained access by social engineering means. You all always point out about the malware problem with Windows. How do you think that stuff gets around? (Hint: It's not by accessing an unattended computer).

So...he had to use the browser to do it? Use the OS then get back to me with any serious claims of security flaws etc. with OS X.

Since when is using a browser all of a sudden doesn't make it serious?

And I love how flippant so many people are about security. So, the thought that just by clicking on a link in an email (or on MacNN, even) could allow someone to read files off your computer. And it's "Talk to me when it is a 'real' threat!".

Excuse me, but since when is having a browser being able to read your files off your computer not a threat? (Besides when it occurs with Apple).

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

03/28, 01:19pm | report spam | close Reply |
Re: valid?

I think they should change the rules of the contest though. If you crack one machine, you have to pick one of the others for your prize. Of course everyone wants the Air and that's the one they targeted. The other machines are probably sitting there with no network traffic coming in. ;-)

So, then that would just mean no one was trying to crack the Air, and, as such, be just useless a test. But these contests tend to be really pointless anyway. Like anyone who knew a good zero-day exploit would waste it on this lousy prize, when you could make so much more money using it in nefarious ways.

But the prize was $10000 and the laptop. I think if people could easily, they would've just broke into the Linux or Windows machine, won the prize, ebayed the laptop, and spent $2000 of that money on a new Air.

Will53
Fresh-Faced Recruit

Joined: Jan 2006

0

03/28, 01:29pm | report spam | close Reply |
Facts

Time to wake up a little, folks.

None of the machines were hacked on day one. Attempts were made but no one could hack into the machines remotely - which is definitely good news in my book.

The bad news is that the hacked into. The others were not.

It doesnʼt matter how long it does to craft an exploit. People who make exploits for Windows donʼt do that as a whim and makes them up on the spot.

Neither does it matter whether it was by sending a user to a website. That happens. Phishing is an art under development. Bad websites donʼt advertise that they are just that, on the contrary.

What I understand, is that nothing was downloaded or installed by the user. It was enough to visit the site to get control over the Mac.

That is definitely a problem.

bdmarsh
Fresh-Faced Recruit

Joined: Feb 2006

0

03/28, 01:30pm | report spam | close Reply |
headline should be fixed

This was on the second day of the contest. On the first day none of the systems were hacked.

A perfectly legit hack that could happen to any user on any platform/browser, previously unknown bug that compromises the users computer when a web link is clicked on.

eldarkus
Fresh-Faced Recruit

Joined: Feb 2004

0

03/28, 02:17pm | report spam | close Reply |
ok

So lets say this is legit.

What would the hcaker have to do on their end? They send an email and the user clicks on the link. The sender now has complete control.

A few questions:

does it work over the internet or do they have to be on the same network?

What does control mean?? Root access? ability to install apps or just control the machine?

Does the hacker have to wait around and watch the machine 24/7 until someone clicks on the link?

MUCH more facts are needed before coming to a solid conclusion

alderplank
Fresh-Faced Recruit

Joined: Oct 2007

0

03/28, 02:38pm | report spam | close Reply |
A Few More Details

San Francisco - It may be the quickest $10,000 Charlie Miller ever earned. He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.

Show organizers offered a Sony Vaio, Fujitsu U810, and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system using a previously undisclosed "0day" attack.

Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday, the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.

Miller, best known as one of the researchers who first hacked Apple's iPhone last year, didn't take much time. Within 2 minutes, he directed the contest's organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.

He was the first contestant to attempt an attack on any of the systems.

Miller was quickly given a nondisclosure agreement to sign, and he's not allowed to discuss particulars of his bug until the contest's sponsor, TippingPoint, can notify the vendor.

Contest rules state that Miller could only take advantage of software that was preinstalled on the Mac, so the flaw he exploited must have been accessible by, or possibly inside, Apple's Safari browser.

Last year's contest winner, Dino Dai Zovi, exploited a vulnerability in QuickTime to take home the prize.

Dai Zovi, who congratulated Miller after his hack, didn't participate in this year's contest, saying it was time for someone else to win.

(Infoworld)

ender
Junior Member

Joined: Mar 1999

0

03/28, 02:55pm | report spam | close Reply |
re: ok

All very good questions. Another one is, did the user need to do anything other than just visiting the hacker's web site? They probably can't say without revealing too many details about the exploit, and I applaud them for giving Apple a chance to fix it before releasing any details about how it was done.

So I'm curious if he came up with a way to get Safari to automatically run malicious code just by browsing to a web site, or if the user must also click to download a file. Then that brings up the whole question about whether the hacker was allowed to dictate what Safari's securty settings are (automatically opening downloaded files, etc), or if the user was required to open a downloaded file (ie, a trojan buried in a quicktime movie or something).

Granted, once you have a user whose been tricked into going to a malicious web site, getting them to click on a link on that site probably is isn't that big of a stretch. But if you then require them to download and manually open a file it's really getting into user responsibility at that point.

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

03/28, 03:20pm | report spam | close Reply |
Re: ok

So I'm curious if he came up with a way to get Safari to automatically run malicious code just by browsing to a web site, or if the user must also click to download a file.

Browsing to a web site can also automatically cause a file to download.

Then that brings up the whole question about whether the hacker was allowed to dictate what Safari's securty settings are (automatically opening downloaded files, etc), or if the user was required to open a downloaded file

Well, since the rules were that they were using a machine and pre-installed software, then they wouldn't need to muck with security settings, as Apple seems to think downloading and auto-opening files is the bees-knees. Even with all the other security issues that were found with that 'feature', they still have it on by default.

Beansmaster
Fresh-Faced Recruit

Joined: Jan 2007

0

03/28, 03:51pm | report spam | close Reply |
Come on!

Seriously, what's next? Are we going to start being astounded when people get hit by busses and die when they cross the street without looking?

I remember hearing someone who had just gotten released from prison after being convicted for hacking defense department computers and he said the easiest way to infect a company with a virus had nothing to do with hacking into the machine. Simply leave a floppy disc with the words "SALARY INFORMATION" in the restroom and someone is going to put it into a computer, either the curious employee, or the HR person when the floppy disc is turned in to them.

I suppose all of the people who respond to the emails from the Nigerian oil minister's widow are going to claim that their computer was hacked and that's how all the money was drained from their bank accounts.

Peter Bonte
Fresh-Faced Recruit

Joined: Aug 2001

0

03/28, 03:59pm | report spam | close Reply |
we need more info

So the user has to click a malicious link, download a app, click OK when Safari warns its an application. Then start that application or did Safari start it?

Did osX warn the user that the app ran for the first time?

Did it have root access? If not, what is the difference with a simple Applescript clearing the user documents?

ERG
Fresh-Faced Recruit

Joined: May 2003

0

03/28, 04:02pm | report spam | close Reply |
bullshits

I'll purposedly ignore (as I promised years ago) the pointless comments from "the angry fired ex-employee" virusing these forums from years.. But I see here a lot of other pointless comment not looking at the details (not counting the propaganda surrounding all of this "headline news"):

the object was to "read the contents of a file" from another machine and the winner accomplished this by redirecting a browser to somewhere else..

Well, this is no info/news at all, Just do it by yourself on OSX) with these URLs in (almost) ANY browser: file:// or http://localhost:631/ And you have won 10K USD.. (if this news mean they were running "the exploit" locally)

Guys, get a break and enjoy your weekend..

JTh
Fresh-Faced Recruit

Joined: Sep 2007

0

03/28, 04:07pm | report spam | close Reply |
More Details

There is an extended version of the article on macworld that mentioned Apple engineers were working on a patch Thursday night. This leads me to believe that they had the MBA patched to at least Thursday. Furthermore, the extended version mentioned that a security apps rep said (in regard to Windows, at least as I interpreted it) "finding a vulnerability is one thing, creating an exploit is another". To me, that means they probably DID find a Vista vulnerability, but weren't able to create an exploit in time.

Until we know the full story and how the exploit was triggered ("visiting a malicious webpage" is still technically too vague), all we can do is speculate. I'm not losing any sleep over it.

bsnoel
Fresh-Faced Recruit

Joined: Feb 2006

0

03/28, 05:35pm | report spam | close Reply |
Don't be too smug

Don't assume you have to be tricked into clicking on a bogus link to be hacked. Hackers are becoming much more sophisticated.

In 2008, web pages are being infected with malware at the average rate of 6000 pages a day.

In 2007 80% of malware infected sites were legitimate sites presumed to be trustworthy.

For example: MSNBC.COM on 3-20-2008. http://www.itbusiness.ca/it/client/en/Home/News.asp?id=47631

Approximately 65% of unsolicited e-mails contained a link to a malicious Web site.

Infection by some new "drive-by" download attacks only requires that a user visits an infected web page using an unpatched browser. They do not need to be tricked into clicking particular links or opening particular files. Their computer becomes infected simply because they have visited a site with a vulnerable browser.

InfraredAD
Fresh-Faced Recruit

Joined: May 2001

0

03/28, 05:38pm | report spam | close Reply |
Hold Up

You need to go actually READ the article. This guy planned this for WEEKS.

Foe Hammer
Fresh-Faced Recruit

Joined: Feb 2005

0

03/28, 06:21pm | report spam | close Reply |
Eye on The Prize

"Everyone wanted the MB Air so that's what they attacked. I wouldn't bother hacking the Sony Vaio or Fujitsu U810 either if they were going to make me take them home."

- Precisely. It was like that computer programming contest from a few years ago where the first prize was a Sony Vaio and the second prize was two Sony Vaios.

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

03/28, 07:35pm | report spam | close Reply |
Re: bullshits

Well, this is no info/news at all, Just do it by yourself on OSX) with these URLs in (almost) ANY browser: file:// or http://localhost:631/ And you have won 10K USD.. (if this news mean they were running "the exploit" locally)

Sorry, that won't work, since redirecting to http://localhost would redirect to the user's machine, not the Air.

Plus, you'd have to turn on port 631 in the firewall, would you not?

Finally, if it was that easy, wouldn't you think you'd be completely concerned that clicking any link could open up all your files as simply as you say??

testudo
Fresh-Faced Recruit

Joined: Aug 2001

0

03/28, 07:42pm | report spam | close Reply |
Re: more details

There is an extended version of the article on macworld that mentioned Apple engineers were working on a patch Thursday night. This leads me to believe that they had the MBA patched to at least Thursday.

Not necessarily. It just means that whatever hole is there, it hasn't been patched yet in 10.5.2.

Furthermore, the extended version mentioned that a security apps rep said (in regard to Windows, at least as I interpreted it) "finding a vulnerability is one thing, creating an exploit is another". To me, that means they probably DID find a Vista vulnerability, but weren't able to create an exploit in time.

Or that they couldn't figure a way to exploit it. As you see often on MacNN, there are vulnerabilities found all the time in OS X. But many people have the same response: "Wake me when someone exploits it!".

Note that Friday they were easing the rules even more to allow for third-party software to be run and be attacked.

slapppy
Fresh-Faced Recruit

Joined: Mar 2008

0

03/28, 08:36pm | report spam | close Reply |
Vista not hacked yet

So far, even with relaxed restrictions, Vista is hold up. Mac OS failed miserably. Pretty laughable at this point now.

nat
Junior Member

Joined: Mar 2002

0

03/28, 10:03pm | report spam | close Reply |
jfrigginc

testudo, do you have an original thought anywhere or are you just happy letting others do the thinking so you can find a thought to piggy back on? if you have a take on it, post it, otherwise just shut the f up.

Guest
Fresh-Faced Recruit

Joined: Nov 1999

0

03/30, 12:20am | report spam | close Reply |
The REAL story!

http://www.roughlydrafted.com/2008/03/28/cansecwest-and-swiss-federal-institute-of-tech-deliver-attacks-on-the-reality-of-mac-security/

shigzeo
Fresh-Faced Recruit

Joined: Mar 2008

0

03/30, 03:22am | report spam | close Reply |
teturo

mates, how can you ask if he has an original idea? he just mentioned among the minority here that this is a problem that needs to be addressed. how can we as users be smug enough to not care if our machines are not exhibiting secure operating conditions?

who cares that it was safari or any other part. our bulletproof (as we like to tout it) osx was hacked faster than vista or linux. i don't care that someone worked for weeks to get this to run, think about it: the prize, a laptop and 10 000. would you just spend the night before hacking to be able to crack it?

if you did, you are quite the moron. i don't care if the man spent his years away at mit or some other techy school majoring in mac cracking, it was cracked before the other systems and i assume that the other crackers were also not idiots who just spend the last two hours thinking of a way to automate a crack in windows or linux.

dammit, this scares me. for me, my parents, my gf and well, think of all those links that are just passed about here on the forums... we are very vulnerable

Monde
Fresh-Faced Recruit

Joined: Jan 2004

0

03/30, 04:00am | report spam | close Reply |
Check out this-dope

Shigzeo, the link is posted above, but here it is again.

http://www.roughlydrafted.com/2008/03/28/cansecwest-and-swiss-federal-institute-of-tech-deliver-attacks-on-the-reality-of-mac-security/

This is a headline grab made by a MS sponsered contest by a security expert whose focus is on the Mac. Exploiting-likely java-on a browser(undefined)a memory buffer exploit that has been known for some time. Considering the version of the browser and the method are unknown, this really is a straw dog.

This is as much of a non-story as it was last year. Your pathetic attempt at FUD is the rant of a second rate MS troll. Oh dear-what shall I do?! Heavens to Betsy, I better get that much more secure OS-Windows. Does that sound anything like what's really happening in the computing world?

Duh. Windows is still a mess, OSX is as secure as ever and this is a sensationalized non-story.

If and when a real exploit comes-the Mac community will be ablaze, you can depend on that. Until then, I can put myself to sleep counting the interminable windows viruses. 68,736, 68,735, 68,734,....zzzzz

Guest
Fresh-Faced Recruit

Joined: Nov 1999

0

03/30, 02:58pm | report spam | close Reply |
slapppy posting....

the same drivel on every Mac-oriented site on the web. That is what is laughable at this point.

And yes, the Windows machine has also fallen. Due to a flaw in Flash.

wadesworld
Grizzled Veteran

Joined: Apr 2001

0

03/30, 07:01pm | report spam | close Reply |
MrMouse

"This is not good news for me, as an OS X user, that my machine is less secure that my wife's Windows laptop, despite the Apple rhetoric about how secure their systems are compared to Windows. Not good at all."

This person made it clear before the contest that he was going after the Mac and only the Mac. He didn't even try an exploit on Windows or Linux.

Clearly his goal was to bring Apple down a notch, oh...and to walk home with some nice hardware too.

Yes, it's a bad bug, but I'd be willing to bet a lot of money that had he set his sites on Vista, he could have achieved the same result.

Monde
Fresh-Faced Recruit

Joined: Jan 2004

0

03/30, 09:23pm | report spam | close Reply |
Uninformed

He didn't have his sights set on Vista, it was OSX all the way. Miller has gained notoriety for hacking apple products. Vista is still the snake pit it was and OSX is still safe. I can believe the exploit came via flash. AS3 is a pretty versatile-full featured programing language these days. Still, working up a home brew and being able to run it the exploit is no big woop.

Adobe really aught to be more worried about this than Apple-the exploit happened over their product. The same exploit can take down any machine with a flash plugin.

This BS ran the same gamut of bs postings last year and--guess what--OSX is still the most secure OS out there-bar none.

So if you think you're more secure with Vista, then switch. It's likely you can't though as you're already-obviously-a peecee user who spreads FUD. Get lost.

Guest
Fresh-Faced Recruit

Joined: Nov 1999

0

03/31, 12:26am | report spam | close Reply |
Apple Fanboys Burnt

HAHAHAHAHAHAHAHA.

And yet they learn nothing

bsnoel
Fresh-Faced Recruit

Joined: Feb 2006

0

03/31, 09:22am | report spam | close Reply |
Don't be too smug part 2

An important lesson to learn is that no one can assume they are too smart to ever stumble into malware infected websites. The days of "safe" websites are over, as mentioned in my previous post, hackers are after the mainstream internet now.

In my previous post I mentioned msnbc.com had been hacked and infected. Now we can add walmart USA Today, and ABC news to the list too.

http://www.networkworld.com/news/2008/032808-hackers-expand-massive-iframe-attack.html

henjin
Fresh-Faced Recruit

Joined: May 2007

0

03/31, 10:56am | report spam | close Reply |
Apple freaks freak

Really guys it doesn't matter what rules applied. Fact is the Air fell first and in only 2 minutes!!

UberFu
Fresh-Faced Recruit

Joined: Oct 2002

0

03/31, 11:12am | report spam | close Reply |
except that...

without reading about this elsewhere - MacNN doesn't mention that this exploited only happened in the 2nd day of competition_ And the prize the day before was $20,000 + the MBA_

And that the rules were relaxed as no one was able to gain access to the computer on the 1st day_

Show More Comments

Login Here

toggle

Network Headlines

02/16	Google, others said bypassing Safari...
02/16	Google now known to be patenting own...
02/16	SumOfUs criticizes FLA head, plans...
02/16	Safari 5.2, Xcode 4.4 seeds reach developers...
02/16	Mountain Lion updates to be funneled...

Show All

02/16	Google, others said bypassing Safari...
02/16	Google now known to be patenting own...
02/16	Cook sees merging of notebooks, tablets...
02/16	Apple claims backing for rights to...
02/16	Intel may push Ivy Bridge back to June...

Show All

02/16	Cook sees merging of notebooks, tablets...
02/15	Apple upgrades iBookstore with screenshots...
02/15	Congress asks Apple to answer questions...
02/14	Apple attempting to disrupt Siri hacks...
02/14	Readability iOS app delayed, Android...

Show All

02/16	Garmin nuvi 4.3-inch Portable GPS Navigator...
02/15	Monster iCarPlay Wireless FM Transmitter...
02/14	Refurb. 16GB iPhone 4, now only $259...
02/13	Refurb. Flip UltraHD Pocket Digital...
02/10	$380 off refurbished 2.8GHz Mac Pro...

Show All

toggle

MacBook Air hacked within two minutes at expo

updated 11:55 am EDT, Fri March 28, 2008

Two-minute MB Air hack

Related Articles

Recent Articles

woopsie!

Not entirely accurate

Ah, not 2 minutes

I doubt

Any others?

yeah

Final Rule

Social Engineering hack

Re: yeah

What Version of Safari

Sorry

Everyone...

valid?

real exploit

flawed arguments

Re: valid?

Facts

headline should be fixed

ok

A Few More Details

re: ok

Re: ok

Come on!

we need more info

bullshits

More Details

Don't be too smug

Hold Up

Eye on The Prize

Re: bullshits

Re: more details

Vista not hacked yet

jfrigginc

The REAL story!

teturo

Check out this-dope

slapppy posting....

MrMouse

Uninformed

Apple Fanboys Burnt

Don't be too smug part 2

Apple freaks freak

except that...

Login Here

Register for our weekly email newsletter:

Connect tools:

Subscribe

to our RSS

Follow us

on Twitter

10 Most Read

10 Most Discussed

MacNN Marketplace