« Shocker: Internet Advertisers Hate Privacy Laws | Main | Vista Compromised to Get at a Nice Laptop »
March 28, 2008
MacBook Air Cracked First in Security Derby
Rich Mogull on a MacBook Air going down first in the annual Pwn2Own contest:
“Although we need to take contests like these with a grain of salt, we can’t dismiss the results. Since it took Charlie Miller only 2 minutes to compromise the MacBook Air, it’s clear that he walked in the door with a complete exploit ready to go. That’s far different from creating one on the spot. Still, it’s concerning that Mac OS X was the first victim to succumb to attack since the contest rules don’t favor any particular platform. According to Macworld, one researcher may have discovered a vulnerability in Windows Vista but was unable to exploit it within the available time. This is likely an indication that the new anti-exploitation security features of Vista are effective at making it more secure than Windows XP, and more secure than it would have been without these changes. Although Apple added similar features to Mac OS X in Leopard, such as library randomization, discussions with security researchers indicate that these defenses are not yet fully implemented, and thus provide little additional security.”
As of this morning, the Ubuntu and Vista boxes were still uncompromised.
Comment of the day from an Engadget commenter, where the, er, remedial version of this discussion is taking place:
“I’d like to see him hack it when it has a firmware password set and File Vault encrypted.”
That’d teach him!
Oh … wait … from Macworld’s coverage:
“Within 2 minutes, [Miller] directed the contest’s organizers to visit a Web site that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on.”
Not that the Macworld comments are any better than Engadget’s.
(Link)
Posted by mhall at 6:43 PM | Add Comment
Leave a comment