Pwn2Own a hacking contest at the CanSecWest security conference in Vancouver, British Columbia.
Charlie Miller, an analyst at Independent Security Evaluators in Baltimore,who hacked a Macintosh in two minutes last year at CanSecWest's PWN2OWN contest and this time he hacked Safari in just 10 seconds, then used a remote-execution exploit to take over the up-to-date MacBook and walked off with a $5,000 cash prize and the MacBook he hacked from Zero Day Initiative.
PWN2OWN's sponsor, 3Com Corp.'s TippingPoint unit, paid Miller $5,000 for the rights to the vulnerability he exploited and the exploit code he used.
"I can't talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched," said Miller on Wednesday, after he had won the prize. "It probably took five or 10 seconds,I gave them the link, they clicked on it, and that was it," said Miller. "I did a few things to show that I had full control of the Mac."
He confirmed that he had researched and written the exploit before he arrived at the challenge.
Miller added "If it wasn't for the competition, there'd still be these two bugs from this year and last year".
"Apple gets free bugs, I get money and people's computers get fixed".
And The champion of the day was "Nils" just Nils a master's student from the University of Oldenburg , who made hacking all three browsers look very easy
Nils said: "It's not as easy as a few years ago.
"Still, browsers have a lot of problems. It's really a lot of codes that are exposed to the internet".
He ran a sleek exploit against IE8, defying Microsoft’s latest built in protection technologies- DEP (Data Execution Prevention) as well as ASLR (Address Space Layout Randomization) to take home the Sony Vaio and $5,000 from ZDI and then Nils pulled a Safari exploit quickly taking down Apple’s browser for another $5,000 and then mozilla firefox totalling 15k
This year's PWN2OWN also features a mobile operating system contest that will award a $10,000 cash prize for every vulnerability successfully exploited in five smartphone operating systems: Windows Mobile, Google's Android, Symbian, and the operating systems used by the iPhone and BlackBerry.The first person to crack any of the mobile devices will also get to keep that device along with a one year phone contract.
The full set of rules for this contest are posted here.
Source
The Register
Computer World
Tipping point
pocket-lint
No comments:
Post a Comment