Macbook Air gets hacked first in 2mins

http://news.yahoo.com/s/infoworld/20080327/tc_infoworld/96676;_ylt=Aj0_OCqiqZGqDi0BtTcKB4IjtBAF

 

I'm curious... was he actually using the computer?

Or did he have to remotely hack into it? Because there is no such thing as a secure computer if you have physical access to it.

 

He put up a website, a website that he had to ask someone to visit.

 

I knew there were bits missing from that article to give the whole laydown.

While this article doesn't fill in all my blanks, it did fill in one.

The Sony is running Ubuntu linux, and the winner takes home the laptop he cracked. No wonder he targeted the Mac... who wants a Fujitsu?

 

So remember kids: don't go to websites that strange men ask you to go to

 

He had to load a webpage on the Macbook Air before he could hack into it. So, in a sense, the Macbook Air itself is very secure. It is Safari (and we don't know which version) that has the exploit, and unless you get tricked into visiting one of those sites containing malicious script, you are safe.

The import part in my opinion is:

That demonstrates how safe Operating Systems have become.

 

Not only that, but it was a zero day attack.

 

I'm not farmiliar with hacking. What is a zero day process?

 

It's when you fall for a Nigerian scam.

 

A zero day attack is using an exploit the the manufacturer doesn't know about, however, once it's found it, they're relatively easy to patch.

 

While "don't visit untrusted websites" is generally a good tip, these it isn't that effective anymore these days, since many trusted websites are serving (ad) content from 3rd party sites, which might have been hacked.

 

That's why I love AdBlock Plus.

After googling a bit, I found some info in how the exploit works, and it's pretty much Safari dependent regardless of the OS. All this guy did was take an old exploit (Which has been patched) and modified it to work around the patch.

It sounds like you have to know where the file is, and it will execute that file when it is accessed, so it's not what I'd call owning. Unless there is more to this exploit than I currently know about, all he could do was access a particular file he specified on his site (Which happened to be the file needed to win the prize).

 

Objectively, it's a sad note. This is another domino falling with the increasing popularity of the Mac OS that signals troubled waters ahead. I'm not a h8r, I really really want a MBP, but am working up the funds. You can't deny that there is more of this to come.

 

More of what? Hacking competitions? They have those all the time. Usually very smelly.

 

I use Safari on OS X like I use IE on windows: Sparingly and only when necessary. Normally I'm on Firefox with adblock and noscript. I'm sure there will be a "security update" for Safari in a few days once Apple finds and closes the hole this guy used. Once the update is pushed, the site will probably reveal the details of the exploit. This is bad news for anybody that 1) uses Safari without any kind of blocker add-on and 2) doesn't keep up on their updates. I really don't like the fact that the Mail app in OS X fetches images by default. This can provide confirmation to spammers that their crap is getting through to a real human. Ok, I found the setting "display remote images..." and unchecked it. This should have been unchecked by default. Now that I have it unchecked, there is a "load images" button on my messages and I don't have to worry about confirmation going back to spammers unless I click that button. Fat chance.

 

Your thread title kinda lead me to wonder if somone hacked the MBA apart in 2 minutes, like with an axe or something.

 

That definitely wouldn't take two minutes. I'm pretty sure I can snap one in half by looking at it a certain way.

 

I wouldn't worry to much about any dominos
This kind of contest has been going on forever and the difference here is that usually some kinds of computer users prefer denial
A system being hackable is like the saying motorcycle riders use " It's not if your going to go down but rather a matter of when "

 

I just meant with the increasing popularity of OSX there will be increasing exploits and hacks.

 

The competition in no way represents real-world situations. Give a determined hacker direct access to any computer and it'll be hacked, no matter how many firewalls or whatnot you have on there.

 

he visited a website, which compromised the laptop to external entry. That's pretty real-world.

 

Like I said, give a hacker direct access to your computer, and you could be using any OS, firewall, whatever, and it WILL be hacked. However, unless you have a hacker hiding under your bed, you're damn safe as long as you're not stupid.

 

He didn't have direct access, though. He just had them go to a website. Big difference.

 

Indeed.

From http://www.channelregister.co.uk/2008/03/28/mac_hack/

 

Honestly though, until I hear more about this exploit, it's not going to make me worry one bit about security. It's also a bit different than you are thinking, because the site hosted was on the cracker's laptop (And his laptop was essentially the router). This changes a ton of variables, in which he can then gather information while the guy uses the MacBook Air.

With the use of telnet in the exploit, anybody with a router that has no port forwarding is already going to be secure.

So, yes, it's a problem, but on a grand scale I'd be more afraid of some 90 year old lady going on a chainsaw massacre (And it has a higher probability of causing damage than this exploit ever will).

 

Choice quote:
http://www.computerworld.com/action...articleId=9072959&taxonomyId=89&intsrc=kc_top

 

I read somewhere that every team attacked the macbook air first because that was the laptop they wanted to take home. So the windows and linux boxes just sat there.
Still, I hope apple gets around to plugging all the safari and quicktime holes as that seems to be the real weak point in OS X.