Pwn2Own 2009: MacBook/Safari Hacked in Seconds

Status
Not open for further replies.

Mr_Man

Distinguished
Feb 17, 2008
202
0
18,680
He also managed to exploit Internet Explore 8 (running on a Windows 7 machine) and later turned his double win into a hat trick by felling Mozilla’s Firefox.
Don't you mean "turned his hat trick into a double win"?
This just goes to show that the majority of hacks and viruses happen because of how many people use the software/OS, not what the software/OS is.
 

duckmanx88

Distinguished
Oct 23, 2008
287
0
18,780
[citation][nom]SneakySnake[/nom]PC fanboys cometh[/citation]

so its ok for users of Macs to be smug, standing on a pedestal and mocking windows users, but if something comes along to shake your balance, and we acknowledge it, we're "fanboys"?
 
G

Guest

Guest
>This just goes to show that the majority of hacks and viruses
>happen because of how many people use the software/OS, not what
>the software/OS is.

That is true in real life, but does it also apply when professional people hack in a contest?
 

one-shot

Distinguished
Jan 13, 2006
1,369
0
19,310
A hat trick usually refers to a hockey player scoring three goals in a game. A double win plus one more amounts to three which therefore equals a hat trick.
 

SAL-e

Distinguished
Feb 4, 2009
383
0
18,780
Last year Ubuntu PC was hacked through FF and Adobe Flash. What happen this year? Is Ubuntu PC still standing? I wish TH gives better coverage.
 

SAL-e

Distinguished
Feb 4, 2009
383
0
18,780
[citation][nom]SAL-e[/nom]Last year Ubuntu PC was hacked through FF and Adobe Flash. What happen this year? Is Ubuntu PC still standing? I wish TH gives better coverage.[/citation]
OK. Looks like this year they don't have OS hacking day. So no Linux PC for hacking. They are concentrating on browsers. In the past browser was on the second day of competition. Last year no one was able to hack the OS (Win, Mac or Linux) itself on day one. So I guess the OS is not the problem that much any more, but the user and the web itself.
 

FlayerSlayer

Distinguished
Jan 21, 2009
181
0
18,680
[citation][nom]duckmanx88[/nom]so its ok for users of Macs to be smug, standing on a pedestal and mocking windows users, but if something comes along to shake your balance, and we acknowledge it, we're "fanboys"?[/citation]

Quote for truth.
 

SneakySnake

Distinguished
Jan 28, 2009
451
0
18,780
so its ok for users of Macs to be smug, standing on a pedestal and mocking windows users, but if something comes along to shake your balance, and we acknowledge it, we're "fanboys"?

I was being sarcastic. I was remembering back to last year when many mac users got this rubbed in there face. I use both, macbook for portability and homebuild for gaming and video editing. The contest result amuses me more then anything
 

norbs

Distinguished
Feb 23, 2009
229
0
18,680
[citation][nom]duckmanx88[/nom]so its ok for users of Macs to be smug, standing on a pedestal and mocking windows users, but if something comes along to shake your balance, and we acknowledge it, we're "fanboys"?[/citation]

Eh with the MS Army over here i think he knew it was comming. I am a 75% PC user and 25% mac user and people here call me a fanboy just for saying what i like about macs. It gets kinda old when a bunch of people who never took the time to use or learn an OS can have so much to say about it. MacOS is not a cure-all or miracle, but there are many things i rather do on it compared to a XP and expecially a vista PC. Besides, who uses safari on OSx anyways...

If anyone cares I have:
1 Vista machine used as a media center
3 XP machines; 2 at work 1 at home for games
1 MacOS Hackintosh (dell d620)

They all have their purpose and I don't go around calling the guy who doesn't use a mac a fanboy. Maybe it's just he uneducated people... whatever.
 

hellwig

Distinguished
May 29, 2008
1,743
0
19,860
Really, if Apple itself didn't say its computers were more secure, I wouldn't care that it could be hacked. No one cares that Windows or IE were hacked, it happens all the time. If Apple just admitted there are probably some security holes in their software (just as with any software on any platform), then maybe they'd get a little less egg on their face when their browser is hacked in 10 seconds.

I wonder what the competition entails. Obviously these guys knew the vulnerabilities they were going to exploit ahead of time. Did this guy really only take 10 seconds to create a webpage that could attack Safari, or did it take him 10 seconds to type in a URL to a webpage that took him a few hours to code-up before the competition?
 

bounty

Distinguished
Mar 23, 2006
389
0
18,780
uhhh, hellwig ???

"He also said he came to CanSecWest with the intention to hack into Safari and tested the exploit to make sure it worked first time around."
 

hellwig

Distinguished
May 29, 2008
1,743
0
19,860
Oh, thanks bounty, but I would still like to know what it took only 10 seconds to do. Type up a webscript, or just redirect to a website he alread had setup.
 

hellwig

Distinguished
May 29, 2008
1,743
0
19,860
Oh, thanks bounty, but I would still like to know what it took only 10 seconds to do. Type up a webscript, or just redirect to a website he alread had setup.
 
G

Guest

Guest
Hellwig, Apple (to my knowledge) never made the claim that their computers are unhackable, just that because their platform is less popular, fewer viruses/malware/etc. are written to attack their platform. Before anyone starts with the "fanboy" accusations, I do not use Macs.
 

jsloan

Distinguished
Sep 24, 2008
444
0
18,780
[citation][nom]Underseer[/nom]Hellwig, Apple (to my knowledge) never made the claim that their computers are unhackable, just that because their platform is less popular, fewer viruses/malware/etc. are written to attack their platform. Before anyone starts with the "fanboy" accusations, I do not use Macs.[/citation]

becareful of what you say, i said the same thing last week end got over -20 from a bunch of facist nazi's trying to shut me up... :)
 

kingssman

Distinguished
Apr 11, 2006
407
0
18,780
It terms of "apple claims" when browsing. I'm kinda glad that my mac doesn't read or open .exe files I have been led to crashing pages that would destroy my browser and open scripts on my computer but nothing terms surrendering complete control. I also notice a lack of spyware and adware on my mac which somehow phantomly installs on my PC machine. The internet is scary. I've dedicated a partition of my hardrive with a fresh windows install for gaming only and I disabled as much of the internet i could. (blocking lots of ports on my firewall including 80). No machine is unhackable, especially loops in browsers that allow installation of programs or executions of applications. Like how you can click a link and it will open iTunes
 
Status
Not open for further replies.