[ISN] Researcher cracks Mac in 10 seconds at PWN2OWN, wins $5K

From: InfoSec News <alerts_at_private>
Date: Thu, 19 Mar 2009 00:16:04 -0600 (CST)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9129978

By Gregg Keizer
March 18, 2009
Computerworld

Charlie Miller, the security researcher who hacked a Mac in two minutes 
last year at CanSecWest's PWN2OWN contest, improved his time today by 
breaking into another Mac in under 10 seconds.

Miller, a principal analyst at Independent Security Evaluators LLC, 
walked off with a $5,000 cash prize and the MacBook he hacked.

"I can't talk about the details of the vulnerability, but it was a Mac, 
fully patched, with Safari, fully patched," said Miller Wednesday not 
long after he had won the prize. "It probably took 5 or 10 seconds." He 
confirmed that he had researched and written the exploit before he 
arrived at the challenge.

The PWN2OWN rules stated that the researcher could provide a URL that 
hosted his or her exploit, replicating the common hacker tactic of 
enticing users to malicious sites where they are infected with malware. 
"I gave them the link, they clicked on it, and that was it," said 
Miller. "I did a few things to show that I had full control of the Mac."

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Wed Mar 18 2009 - 23:16:04 PDT

This archive was generated by hypermail 2.2.0 : Wed Mar 18 2009 - 23:38:08 PDT