• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

Mac owned on 2nd day of Pwn2Own hack contest

March 28, 2008

Views: 13,223

[ad]

I have been following this contest and was wondering which OS would be first to fall (if any) seen as though they were all fully patched and the latest versions. For those that don’t know Pwn2Own is a contest at CanSecWest open to anyone to hack a Windows, Linux or Mac OSX box with a varying set of conditions.

Not one person entered the first day, perhaps they don’t want to divulge those heavy exploits…or perhaps no one had any. The second day had a lot more entrants. It’ll be interesting to see what the 3rd day turns up when everything is open to attack.

A brand-new MacBook Air running a fully patched version of Leopard was the first to fall in a contest that pitted the security of machines running OS X, Vista and Linux. The exploit took less than two minutes to pull off.

Charlie Miller, who was the first security researcher to remotely exploit the iPhone, felled the Mac by tapping a security bug in Safari. The exploit involved getting an end user to click on a link, which opened up a port that he was then able to telnet into. Once connected, he was able to remotely run code of his choosing. The feat won him a $10,000 prize paid by Tipping Point, whose Zero Day Initiative pays bounties to researchers for responsibly disclosing vulnerabilities.

Interesting the exploit came in Safari, but gave full control. Still $10,000 is not bad for a days work (I’d imagine though he’s probably prepared the exploit earlier).

I was somehow expecting Mac to fall first.

At time of writing, the Windows and Linux machines were still standing.

Under contest rules, Miller was forbidden from providing specifics of his hack. He said he chose Apple over the other machines because “I thought of the three it was the easiest”. He said he didn’t test the exploit on any other platform. As a Mac user, he added, he felt an incentive to exploit the system because he believes it will help make the platform stronger.

Miller’s win came on day two of the contest, which gradually eases the rules for what constitutes as qualifying exploit. Not a single attendee entered the contest on day one, when all vulnerabilities had to reside in the machine’s operating system, drivers or network stack. Winners were eligible for a $20,000 prize.

On day two, the attack surface was expanded to include browsers, mail applications and other common applications, and the bounty was reduced to $10,000. Contestants on day three will be allowed to attack still more applications, such as Skype, QuickTime and browser plugins for a $5,000 prize.

I wonder if any of our readers are attending CanSecWest, any of you guys there? Having a go at the contest?

I think more things should be organized like this, at the end of it – it really does make all the OSes more secure. Saying that though just because no-one exploited it, doesn’t mean the vulnerability isn’t there and the bad boys aren’t already using it.

It’s been shown before, the underground is always ahead…and a vulnerability with exploit for a fully patched Windows machine is worth way more than $20,000!

Source: The Register

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Apple, Events/Cons, Exploits/Vulnerabilities Tagged With: cansecwest, hacking apple, hacking-contest, mac, pwn2own, safari, tippingpoint



Reader Interactions

Comments

  1. Garrett Gee says

    March 28, 2008 at 6:21 am

    My day 1 recap is at http://infosecevents.net/2008/03/26/cansecwest-day-1-recap/ and you can follow the twitter talk at http://www.hashtags.org/tag/cansecwest/

  2. Pantagruel says

    March 28, 2008 at 8:46 am

    Nicely done; $10,000 for 2 minutes (like Darknet says he must have prepared the exploit in advance) isn’t bad.

    Sadly I am not attending CanSecWest, I’ll be in Oxford UK this weekend for my research job. Perhaps next time or at another security meeting.

  3. zupakomputer says

    March 28, 2008 at 10:33 am

    re: day 1 rules – do they actually let you at the machines themselves, or do you have to access them through a secured or filtered network connection (like a router firewall). If the former then that’s too easy, there’s loads of ways in if you have access to the machine directly – unless they aren’t including anything at hardware level?

  4. Doey6 says

    March 28, 2008 at 1:26 pm

    i THINK on day one that they require you to do it over the network. No physical access. But I can’t verify that right now.

  5. Pantagruel says

    March 31, 2008 at 11:20 am

    @Doey 6

    small snippet from csnsecwest.com

    Once you extract your claim ticket file from a laptop (note that doing so will involve executing code on the box, simple directory traversal style bugs are inadequate), you get to keep it. You also get to participate in 3com / Tipping Point’s Zero Day Initiative, with the top award for remote, pre-auth, vulnerabilities being increased this year. Fine print and details on the cash prizes are available from Tipping Point’s DVLabs blog.

    Quick Overview:

    * Limit one laptop per contestant.
    * You can’t use the same vulnerability to claim more than one box, if it is a cross-platform issue.
    * Thirty minute attack slots given to contestants at each box.
    * Attack slots will be scheduled at the contest start by the methods selected by the judges.
    * Attacks are done via crossover cable. (attacker controls default route)
    * RF attacks are done offsite by special arrangement…
    * No physical access to the machines.
    * Major web browsers (IE, Safari, Konqueror, Firefox), widely used and deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium, Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook, Mail.app, Thunderbird, kmail) are all in scope.

    Tipping Point’s DVLabs blog:
    dvlabs.tippingpoint.com/blog/2008/03/19/cansecwest-pwn-to-own-2008

  6. zupakomputer says

    March 31, 2008 at 5:08 pm

    Still unclear on the rules after reading that – would the OSs be set up with a passworded user account (ie – so you have to get by that for any desktop access) ?

    Also, why are the comments on the final day page out of order? It’s descending for part of the comments, then it’s ascending?!

  7. Chris Tangora says

    March 31, 2008 at 7:57 pm

    Don’t forget the other rule. No exploits or vulnerabilites that have already been documented may be used to gain access. This was about true 0Day attacks, not the security as a whole.

  8. Mike Touch says

    April 7, 2008 at 5:28 pm

    The reason people say MAC is safer is because hackers code for windows due to the market share windows has. With more machines operating windows hackers have a greater reach so their viruses are much more effective!

  9. Pantagruel says

    April 8, 2008 at 2:18 pm

    @Mike Touch

    The effectiveness of a virus isn’t dependent on the user base but of the speed with which the hole it uses is plugged or anti viral software is updated making it possible to remove the infection.
    However the amount of infected machine does matter when you need a lot of clients for a dDoS attack. The chance of getting a nice herd of bots will be bigger if you target a well spread OS which suffers security flaws like Windows.
    The is no security in obscurity and the vulnerability of Apple’s OS will increase with increasing market penetration (allowing for a bigger basket of Apple’s ;) ) getting more attention from hackers/crackers and alikes.

  10. zupakomputer says

    April 8, 2008 at 5:14 pm

    Mike, would I really get a free Macbook Air at your link?

  11. Mike Touch says

    April 8, 2008 at 5:44 pm

    Pantragruel, that’s what I was getting at but you explained it a lot better. Thing is that isn’t what most MAC users realise. They like to walk around on their high horse saying how much more secure it is when really they’re just a susceptible :)

    zupakomputer, of course you will get one as long as you follow the rules. I’ve received over

  12. fever says

    April 8, 2008 at 6:37 pm

    $10,000 for two minutes of work, now that is my kind of a pay scale.
    you would only have to work like 10 minutes a year at that rate. just spend the rest of your time vacationing.

  13. Mike Touch says

    April 8, 2008 at 9:29 pm

    By a few minutes I mean I had to make a website, market a website and keep it up to date. I’m not going to say it’s easy as I’d be lying!

  14. zupakomputer says

    April 9, 2008 at 6:18 pm

    How does that work exactly? You set up a site that’s only for people to visit to get a free macbook, so they can also set up a site that is only for people to visit to get a free macbook….how can anyone make money from anyone just visiting sites; do they suppose that x amount of them will visit the adverts, then also buy something they find at the advert sites?

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Falco - Real-Time Threat Detection for Linux and Containers

Falco – Real-Time Threat Detection for Linux and Containers

Views: 292

Security visibility inside containers, Kubernetes, and cloud workloads remains among the hardest … ...More about Falco – Real-Time Threat Detection for Linux and Containers

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Views: 587

As threat surfaces grow and attack sophistication increases, many security teams face the same … ...More about Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 555

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 589

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 449

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 675

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (235)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,297,466)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,102)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,637)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,691)
  • Password List Download Best Word List – Most Common Passwords (933,520)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,168)
  • Hack Tools/Exploits (673,297)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,182)

Search

Recent Posts

  • Falco – Real-Time Threat Detection for Linux and Containers May 19, 2025
  • Wazuh – Open Source Security Platform for Threat Detection, Visibility & Compliance May 16, 2025
  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy