|
|
User Controls
|
New User
|
Login
|
Edit/View My Profile
|
|
|
|
ActiveMac
|
Articles
|
Forums
|
Links
|
News
|
News Search
|
Reviews
|
|
|
|
News Centers
|
Windows/Microsoft
|
DVD
|
ActiveHardware
|
Xbox
|
MaINTosh
|
News Search
|
|
|
|
ANet Chats
|
The Lobby
|
Special Events Room
|
Developer's Lounge
|
XBox Chat
|
|
|
|
FAQ's
|
Windows 98/98 SE
|
Windows 2000
|
Windows Me
|
Windows "Whistler" XP
|
Windows CE
|
Internet Explorer 6
|
Internet Explorer 5
|
Xbox
|
DirectX
|
DVD's
|
|
|
|
TopTechTips
|
Registry Tips
|
Windows 95/98
|
Windows 2000
|
Internet Explorer 4
|
Internet Explorer 5
|
Windows NT Tips
|
Program Tips
|
Easter Eggs
|
Hardware
|
DVD
|
|
|
|
Latest Reviews
|
Applications
|
Microsoft Windows XP Professional
|
Norton SystemWorks 2002
|
|
Hardware
|
Intel Personal Audio Player
3000
|
Microsoft Wireless IntelliMouse
Explorer
|
|
|
|
Site News/Info
|
About This Site
|
Affiliates
|
ANet Forums
|
Contact Us
|
Default Home Page
|
Link To Us
|
Links
|
Member Pages
|
Site Search
|
Awards
|
|
|
|
Credits
©1997/2004, Active Network. All
Rights Reserved.
Layout & Design by
Designer Dream. Content
written by the Active Network team. Please click
here for full terms of
use and restrictions or read our
Privacy Statement.
|
|
|
|
|
|
|
|
Time:
12:45 EST/17:45 GMT | News Source:
InfoWorld |
Posted By: Jonathan Tigner |
It may be the quickest $10,000 Charlie Miller ever earned.
He took the first of three laptop computers -- and a $10,000 cash prize -- Thursday after breaking into a MacBook Air at the CanSecWest security conference's PWN 2 OWN hacking contest.
Show organizers offered a Sony Vaio, Fujitsu U810 and the MacBook as prizes, saying that they could be won by anybody at the show who could find a way to hack into each of them and read the contents of a file on the system, using a previously undisclosed "0day" attack.
Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but on Thursday the rules were relaxed so that attackers could direct contest organizers using the computers to do things like visit Web sites or open e-mail messages.
The MacBook was the only system to be hacked by Thursday, however, the word on the show floor is that the Linux and Vista systems will meet with some serious challenges on Friday.
Update: Shane Macaulay from Security Objectives has just won the Fujitsu U810 laptop running Vista Ultimate SP1 and $5,000 after it was installed with the latest version of Adobe Flash. Shane received some assistance from his friends Derek Callaway (also from Security Objectives) and Alexander Sotirov. The new Adobe Flash 0day vulnerability that Shane exploited has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Adobe who is now working on the issue.
|
|
#1 By
7754 (206.169.247.2)
at
3/28/2008 1:48:21 PM
|
And I'm sure we'll soon see this in a Microsoft "I'm a PC, I'm a Mac" commercial! Oh, wait....
|
#3 By
15406 (216.191.227.68)
at
3/28/2008 3:07:52 PM
|
Don't gloat too fast, kiddies. Both the Linux and Vista boxes will probably be hacked today.
|
#4 By
92283 (142.32.208.232)
at
3/28/2008 3:20:25 PM
|
On day 3 "any popular 3rd party application (as deemed "popular" by the judges) can now be installed on the laptops for a prize of $5,000 upon a successful compromise. "
Hmmm . Safari, quicktime and itunes spring to mind.
|
#5 By
7754 (206.169.247.2)
at
3/28/2008 3:41:27 PM
|
#3: considering that the Mac was hacked in 2 minutes (or "30 seconds," according to Miller himself) and that neither Vista nor Linux were that whole day--and we know that Macaulay spent all of Thursday trying to break into Vista--that bodes pretty well for both.
I wonder what happened today. My guess is that once you start adding things like Adobe Reader, etc., there isn't much you can do. But considering what's happened so far, this is very, very impressive for Vista in particular--what a turn-around for Windows, and Microsoft in general. People laughed at them when they said they were taking security seriously. Now there's no absolutely doubt it's paying off.
|
#6 By
8556 (12.208.163.138)
at
3/28/2008 3:56:24 PM
|
And still the general public believes that Vista is the worst of the bunch, since Mr. and Ms. General Public never heard of Linux.
|
#8 By
28801 (71.58.231.46)
at
3/28/2008 5:49:01 PM
|
Latch, your hypocrisy abounds. Had Vista been hacked first, the gloat would have been dripping off you. You can’t even find it within yourself to blast the abysmal showing of Apple at this contest. Come on Latch, it’s time to keep it real.
|
#9 By
2231 (72.5.151.4)
at
3/28/2008 11:43:04 PM
|
7:30pm PST Update - Vista Laptop compromised via an Adobe Flash 0day vulnerability.
|
#10 By
15406 (99.224.112.94)
at
3/29/2008 7:43:53 AM
|
#8: What hypocrisy? I'm telling them not to laugh too fast or their favourite will also be hacked and they'll look silly. Maybe that's why I'm not dumping on any of the three; I guessed they'd all probably be successfully hacked. At the end of the challenge, only the Ubuntu box was still standing, and I wouldn't gloat about that as it might have been hacked if they had more time. However, you know that won't stop me from tweaking parkker's nose now & then with these results ;)
|
#11 By
92283 (64.180.201.131)
at
3/29/2008 10:33:58 AM
|
#10 I trust you'll be unmerciful on Adobe from now on .... *
* no ... I don't actually believe that
|
#12 By
9589 (67.77.5.229)
at
3/30/2008 12:06:57 AM
|
Does anyone care that the Linux box gets hacked? I mean as a desktop operating system what is their installed base? Is it greater than pocket lint, yet?
|
#13 By
12071 (124.168.182.91)
at
3/30/2008 4:02:10 AM
|
#12 Good work, finally someone mentioned the most important point out of this whole competition. When it comes to security - Linux is your best choice :) The fact that both OS X and Windows got hacked should come at no surprise to anyone.
On a less flamebait mode, of course they care - don't think for a second that all the pro-Microsofties weren't doing their best to try and make Linux look bad - they would love nothing more than for the headline to read that Linux was hacked in 2 minutes! That would be enough to set Parkkker, lketchum, rxcall, yourself etc. off for god knows how long.
|
#14 By
92283 (64.180.201.131)
at
3/30/2008 11:46:28 AM
|
#13 Since when did Microsoft make Adobe Flash?
Day 1 and Day 2 of the contest were attempt to hack the default install.
My guess is that they installed Firefox or Safari and then triggered the flash vulnerability.
|
#15 By
3746 (72.12.161.38)
at
3/30/2008 12:37:49 PM
|
It sucks that they both got hacked and the end result is the same but the OS X hack looks way worse on apple then the Vista one does on MS. In the end the hacker said that the flaw is cross platform and could have worked on all platforms but he focused on Vista because he is more familiar with the product because he had worked for MS in the past. The end result is that it shows that no one should take security for granted regardless of what OS they run or how secure they think it is. It would be nice to know the details of the Vista hack though. The OS X one is pretty straight forward but I would like to know what software was needed to be loaded in order to exploit the Vista box.
|
#16 By
82766 (202.154.80.82)
at
3/30/2008 7:10:59 PM
|
@15 - The guy wasn't able to hack a default Vista SP1 until they were allowed to install extra/3rd party software... he installed Adobe Flash Player and ta da! Vista was pwned.
As the team of hackers said, its a 0day issue with the Adobe Flash Player itself (not Vista) - Adobe were advised and I assume we'll see some sort of patch/program refresh in the future.
The linux box wasn't hacked as the guys that got the Linux box didn't want to hack it!! (or selected words to that effect!) :)
|
#17 By
92283 (64.180.201.131)
at
3/30/2008 8:00:41 PM
|
For what its worth:
"IE on Vista by default runs under a low-privilege account. Basically all it can do is to access the web and write to a secluded cache on disk. It cannot read or write files anywhere else, not even from/to the logged on user who launched IE. This is called protected mode.
Now, sometimes users need to download and save files and/or upload files (photos etc). To this end Vista uses a "broker process" (called ieuser.exe in the task manager), This broker process implements a few functions such as file saving and reading. The broker process talks to the plugins, which can request its services, but they cannot control it. Even if a plugin is vulnerable to an exploit and the entire IE process is pwned, it is still limited in what it can do by this design.
Linux (Ubuntu) does not have anything akin to this. On the typical Linux Firefox executes under the logged-in users account. If FF gets pwned your userspace is owned and the process may delete/change/ftp your files away. I believe that the same is the case of OS/X.
The Vista model is clearly more secure than running the browser under your own account.
So how did this pwnage of Vista happen, you ask? Because Adobe in their wisdom decided that the standard broker process did not meet their needs. For some reason (documented in the flash "type library") the broker process can read/write/create/delete files and launch applications! (go figure). Such a broker process effectively circumvents *any* security precautions imposed by the protected mode. So, the *extra* security of IE does not help one iota when plugin developers are this stupid. When you do something like this you'd better A) absolutely limit the functionality implemented by the broker process and B) audit the living daylight out of that inherently risky code. I still cannot fathom why Flash should be able to launch applications.
But fact remains that the same APIs exists in Flash on *all platforms*. On Vista it does sits outside the plugin (to break out of the sandbox).
That is why the winner of the Vista machine was confident that he could have used it on Ubuntu or OS/X as well. It was a Flash vuln. Cross platform. He didn't gain admin rights; he just got to execute a process as the logged-on user. All the platforms are vulnerable to this.
But the same API is available.
BTW, the "broker process" on vista is called "Flash Helper" in the task manager. That's accurate, I suppose. It just leaves out that the ones it is helping are the blackhats."
http://www.theregister.co.uk/2008/03/29/ubuntu_left_standing/comments/
|
#18 By
92283 (64.180.201.131)
at
3/30/2008 9:06:36 PM
|
This is amusing:
"It seems that Miller took an advantage of a overflow bug in the PCRE regex library used by webkit's JavaScript engine.
This means that everything which uses webkit out there is affected by this bug, including Linux distributions that use KDE.
Moreover the bug is in PCRE library (http://www.pcre.org/), which is also used by Gnome (GLib), and KDE, and if the bug is also confirmed there (we'll wait and see) then basically all Linux distribution are affected by the same issue.
But the funny thing is that the Mac lost in that context because of a bug in an open source code!!!!
Think about it, particularly the linux fanboys that may think that Linux won the context, it did not...."
http://www.newmobilecomputing.com/thread?307220
|
#19 By
15406 (99.224.112.94)
at
3/31/2008 8:40:35 AM
|
#18: They won the context? Was it a special edition context or a regular one? Oh well. Too bad Vista got hacked. Good thing Linux is there to stand up for security, reliability, Mom & apple pie.
|
#20 By
28801 (65.90.202.10)
at
3/31/2008 9:39:46 AM
|
In Latch's fantasy world, he dates super models too.
|
|
|
|
|