We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Hack-the-Mac organisers target Vista & Linux

Which platform can be exploited first?

The promoters of the controversial hack-the-Mac contest - CanSecWest – are turning their attention to Windows Vista and Linux.

The organisers of the CanSecWest security conference are talking about giving attendees to this year's event a prize for hacking the two platforms, and another shot at the Mac OS, to "see which one goes first", said Dragos Ruiu, the principal organiser of CanSecWest.

Last year, security researcher Dino Dai Zovi spent a sleepless night hacking his Mac in order to take the prize at the show's first PWN to OWN contest. Dai Zovi found a QuickTime bug that allowed him to run unauthorised software on the Mac once the computer's browser was directed to a specially crafted web page.

Dai Zovi split the contest prize with a friend at the show, Shane Macaulay, who helped him pull off his attack. Macaulay got to keep the Macbook Pro, while Dai Zovi pocketed the $10,000 put up by 3Com's TippingPoint division in exchange for technical details on the bug.

It turned out that the QuickTime bug affected the Windows operating system too, but Ruiu said that Dai Zovi's hack helped change the way the industry thinks about the Mac OS, which has a reputation for being far more secure than Windows. "We were trying to point out that there was a security issue with Mac stuff here, and everybody was trying to play ostrich."

Ruiu and Dai Zovi say that last year's contest helped kick off a flurry of Mac-related security research, but according to TippingPoint Manager of Security Response Terri Forslof, it also illustrated a security industry truism: "Given enough time and motivation, everything can be broken," she said. "When TippingPoint agreed to purchase whatever vulnerability was used to win the contest for $10,000, it added an appropriate level of motivation. That's how it works."

Shortly after last year's contest, Gartner published a research paper warning that such challenges are "risky endeavours" that could put sensitive vulnerability information out in the public domain.

That hasn't stopped CanSecWest from pressing forward with this year's event.

Ruiu isn't certain that he'll run the three-way hacking contest this year. That's because he also has a grander, top-secret hacking contest idea that may or may not pan out, he said.

Either way, he promised "an interesting spectacle".

Related articles

2008: The year of the Apple hack

For more PC security news, reviews and tutorials, see Security Advisor


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

Chromebooks: ready for the prime time (but not for everybody)

IDG UK Sites

Hands-on with Sony's latest smartglasses

IDG UK Sites

The 13 most inspirational Tim Cook quotes