Overclock.net › Forums › Industry News › Software News › [ZDnet] Safari/MacBook first to fall at Pwn2Own 2011
New Posts  All Forums:Forum Nav:

[ZDnet] Safari/MacBook first to fall at Pwn2Own 2011 - Page 2

post #11 of 56
Again? Didn't this happen last year as well?
    
CPUMotherboardGraphicsRAM
Intel C2Q Q9550 @ 3.8 Asus P5K Deluxe MSI GTX460 1GB Cyclone G.Skill DDR2 - 4GB 
Hard DriveOptical DriveOSMonitor
2TB RAID0 F3, 2TB F4 (x2) DVD burner, Blu-ray reader Windows 7 Ult. (x64) Dell U3011 
KeyboardPowerCaseMouse
Filco Majestouch Linear R Corsair HX650W CM Sniper (Blk Ed.) Razer DeathAdder 
Mouse Pad
QcK cloth pad 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
Intel C2Q Q9550 @ 3.8 Asus P5K Deluxe MSI GTX460 1GB Cyclone G.Skill DDR2 - 4GB 
Hard DriveOptical DriveOSMonitor
2TB RAID0 F3, 2TB F4 (x2) DVD burner, Blu-ray reader Windows 7 Ult. (x64) Dell U3011 
KeyboardPowerCaseMouse
Filco Majestouch Linear R Corsair HX650W CM Sniper (Blk Ed.) Razer DeathAdder 
Mouse Pad
QcK cloth pad 
  hide details  
Reply
post #12 of 56
Quote:
Originally Posted by lordikon View Post
Anyone see the irony that the hackers won a MacBook as a prize for this?
Do you mean because macs have a reputation for hiding complexity under a nice interface? I wouldn't say this is ironic. One of my friends at school here is the head of the computer security club, which is involved in these types of competitions, and he uses a macbook.
X201 Tablet
(13 items)
 
  
CPUGraphicsRAMHard Drive
i7 640LM Intel Integrated 2x 2GB DDR3 1066 250GB internal, 1TB external 
OSKeyboardMouseMouse Pad
Windows 7 Professional x64 Saitek Eclipse Logitech MX518 S&S Steel 
  hide details  
Reply
X201 Tablet
(13 items)
 
  
CPUGraphicsRAMHard Drive
i7 640LM Intel Integrated 2x 2GB DDR3 1066 250GB internal, 1TB external 
OSKeyboardMouseMouse Pad
Windows 7 Professional x64 Saitek Eclipse Logitech MX518 S&S Steel 
  hide details  
Reply
post #13 of 56
Quote:
Originally Posted by DuckieHo View Post
A non-admin user being about to launch an application.... system is compromised.
i agree but it seems weak... why not install a program then run it?
Macbook Pro
(14 items)
 
  
CPUGraphicsRAMHard Drive
2.2ghz i7 ATI 6750m & Intel HD 3000 8gb ddr3 OCZ Vertex 4 
Optical DriveOptical DriveOSMonitor
superdrive External bluray  10.8 (Mountain Lion) 15.4" 1680x1050 
Case
aluminium 
  hide details  
Reply
Macbook Pro
(14 items)
 
  
CPUGraphicsRAMHard Drive
2.2ghz i7 ATI 6750m & Intel HD 3000 8gb ddr3 OCZ Vertex 4 
Optical DriveOptical DriveOSMonitor
superdrive External bluray  10.8 (Mountain Lion) 15.4" 1680x1050 
Case
aluminium 
  hide details  
Reply
post #14 of 56
Quote:
Originally Posted by oregonducks45 View Post
i agree but it seems weak... why not install a program then run it?
Whether he runs a calculator, or 500 hours of prime 95 the point is still the same:

They have full control of your system.
Sheep Prodigy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7-960 4.3 ghz Gigabyte GA-EX58-UD4P AMD HD 6970 2GB GDDR5 2x4GB DDR3 1333 mhz 
Hard DriveOptical DriveOSMonitor
Samsung Spinpoint F3 1TB DVD/DW +- RW/ Bluray W7 64 bit 21.5" e-IPS U2211H 
KeyboardPowerCaseMouse
Dynex cheapie Antec TP-550W Corsair Obsidian 650D Logitech G500 
Mouse Pad
google o.o 
  hide details  
Reply
Sheep Prodigy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7-960 4.3 ghz Gigabyte GA-EX58-UD4P AMD HD 6970 2GB GDDR5 2x4GB DDR3 1333 mhz 
Hard DriveOptical DriveOSMonitor
Samsung Spinpoint F3 1TB DVD/DW +- RW/ Bluray W7 64 bit 21.5" e-IPS U2211H 
KeyboardPowerCaseMouse
Dynex cheapie Antec TP-550W Corsair Obsidian 650D Logitech G500 
Mouse Pad
google o.o 
  hide details  
Reply
post #15 of 56
Quote:
Bekrar’s winning exploit did not even crash the browser after exploitation. Within five seconds of surfing to the rigged site, he successfully launched the calculator app and wrote a file on the disk without crashing the browser.
ok thats better...
Macbook Pro
(14 items)
 
  
CPUGraphicsRAMHard Drive
2.2ghz i7 ATI 6750m & Intel HD 3000 8gb ddr3 OCZ Vertex 4 
Optical DriveOptical DriveOSMonitor
superdrive External bluray  10.8 (Mountain Lion) 15.4" 1680x1050 
Case
aluminium 
  hide details  
Reply
Macbook Pro
(14 items)
 
  
CPUGraphicsRAMHard Drive
2.2ghz i7 ATI 6750m & Intel HD 3000 8gb ddr3 OCZ Vertex 4 
Optical DriveOptical DriveOSMonitor
superdrive External bluray  10.8 (Mountain Lion) 15.4" 1680x1050 
Case
aluminium 
  hide details  
Reply
post #16 of 56
To me, this seems rather off.

Shouldn't the winning vulnerability be one that exploits the OS, not the browser? I mean, you can have or not have the browser, its the OS that you must have.
Dynamix
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-860 Gigabyte GA-P55A-UD4P Radeon 7970 Corsair Domintor Twins + Other = 16 Gb 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Black, 500gb OCZ Solid 3 Sony Optiarc Corsair H50 
OSMonitorKeyboardPower
Windows 7 Ultimate Samsung P2570HD + Other Logitech G110 Corsair 750W HX 
CaseMouse
Antec p183 Logitech MX Revolution 
  hide details  
Reply
Dynamix
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7-860 Gigabyte GA-P55A-UD4P Radeon 7970 Corsair Domintor Twins + Other = 16 Gb 
Hard DriveHard DriveOptical DriveCooling
WD Caviar Black, 500gb OCZ Solid 3 Sony Optiarc Corsair H50 
OSMonitorKeyboardPower
Windows 7 Ultimate Samsung P2570HD + Other Logitech G110 Corsair 750W HX 
CaseMouse
Antec p183 Logitech MX Revolution 
  hide details  
Reply
post #17 of 56
Link to article about Apple's pre-conference update: http://www.zdnet.com/blog/security/p...s-patches/8348
Gunmetal Tower
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2600K ASUS P8Z68-V GEN3 Asus GTX 580 CORSAIR Vengeance 16GB 1600 
Hard DriveHard DriveOptical DriveCooling
Samsung 830 256GB Western Digital Caviar Black 640GB LG DVD Corsair H80 
OSMonitorMonitorKeyboard
Microsoft Windows 8.1 Professional 64 Bit Asus PB278Q Dell 1907FPc  Ducky 9008-G2 Browns and Reds 
PowerCaseMouseMouse Pad
ABS SL1050 1050W Antec P280 Logitech G700 Mionix Propus 380 
AudioAudioAudioAudio
HT | OMEGA Claro Halo Audio Technica ATH-A900X Audio Technica ATH-AD900 M-Audio AV 40 
OtherOtherOther
Logitech USB Desktop Microphone APC Back-UPS XS 1500 Wacom Intuos4 
  hide details  
Reply
Gunmetal Tower
(23 items)
 
  
CPUMotherboardGraphicsRAM
Intel 2600K ASUS P8Z68-V GEN3 Asus GTX 580 CORSAIR Vengeance 16GB 1600 
Hard DriveHard DriveOptical DriveCooling
Samsung 830 256GB Western Digital Caviar Black 640GB LG DVD Corsair H80 
OSMonitorMonitorKeyboard
Microsoft Windows 8.1 Professional 64 Bit Asus PB278Q Dell 1907FPc  Ducky 9008-G2 Browns and Reds 
PowerCaseMouseMouse Pad
ABS SL1050 1050W Antec P280 Logitech G700 Mionix Propus 380 
AudioAudioAudioAudio
HT | OMEGA Claro Halo Audio Technica ATH-A900X Audio Technica ATH-AD900 M-Audio AV 40 
OtherOtherOther
Logitech USB Desktop Microphone APC Back-UPS XS 1500 Wacom Intuos4 
  hide details  
Reply
post #18 of 56
Quote:
Originally Posted by Zen00 View Post
To me, this seems rather off.

Shouldn't the winning vulnerability be one that exploits the OS, not the browser? I mean, you can have or not have the browser, its the OS that you must have.
1st But you forget Macbook's ship with Safari installed, and Safari runs off OS's own services/etc.
2nd I am 100% the exploit would have worked if they had physical access to the laptop, however they are exploiting it without having to touch the laptop, all they have to do is wait for the laptop to go online to an address.
3rd the exploit it self is for the operating system, not for the browser (obviously the browser can't launch any application by itself).
Sheep Prodigy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7-960 4.3 ghz Gigabyte GA-EX58-UD4P AMD HD 6970 2GB GDDR5 2x4GB DDR3 1333 mhz 
Hard DriveOptical DriveOSMonitor
Samsung Spinpoint F3 1TB DVD/DW +- RW/ Bluray W7 64 bit 21.5" e-IPS U2211H 
KeyboardPowerCaseMouse
Dynex cheapie Antec TP-550W Corsair Obsidian 650D Logitech G500 
Mouse Pad
google o.o 
  hide details  
Reply
Sheep Prodigy
(13 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7-960 4.3 ghz Gigabyte GA-EX58-UD4P AMD HD 6970 2GB GDDR5 2x4GB DDR3 1333 mhz 
Hard DriveOptical DriveOSMonitor
Samsung Spinpoint F3 1TB DVD/DW +- RW/ Bluray W7 64 bit 21.5" e-IPS U2211H 
KeyboardPowerCaseMouse
Dynex cheapie Antec TP-550W Corsair Obsidian 650D Logitech G500 
Mouse Pad
google o.o 
  hide details  
Reply
post #19 of 56
Safari/MacBook first to fall at Pwn2Own Hacking contest

Just like in 2010, 2009, 2008 or 2007?

Wow.
Battle Station
(13 items)
 
  
CPUMotherboardGraphicsRAM
Dual Xeon E5520 Quad Core @ 2.27GHz ASUS Z8NA-D6 Aspeed AST2050 6 GB DDR3 
Hard Drive
2 x 500 GB 
  hide details  
Reply
Battle Station
(13 items)
 
  
CPUMotherboardGraphicsRAM
Dual Xeon E5520 Quad Core @ 2.27GHz ASUS Z8NA-D6 Aspeed AST2050 6 GB DDR3 
Hard Drive
2 x 500 GB 
  hide details  
Reply
post #20 of 56
Quote:
Originally Posted by Muftobration View Post
Do you mean because macs have a reputation for hiding complexity under a nice interface? I wouldn't say this is ironic. One of my friends at school here is the head of the computer security club, which is involved in these types of competitions, and he uses a macbook.
I think he means it is ironic that the prize is an easily exploitable and vulnerable laptop considering it was hacked in 5 seconds.
 
Redemption
(13 items)
 
 
CPUMotherboardGraphicsGraphics
i7 4770 @ 4.5 GHz ASRock Z87M Extreme4 XFX Radeon 290 (unlocked to 290X) XFX Radeon 290 
RAMHard DriveCoolingOS
Corsair Dominator 16GB (2 x 8GB) DDR3 1600 SAMSUNG 840 Pro Series 256GB XSPC Raystorm-based custom watercooling Windows 8.1 Pro 
MonitorKeyboardPowerCase
Dell 2714HM x 3 in Eyefinity TKFire Compact - Cherry Red Corsair 750HX Corsair 350D mATX 
Mouse
Sensei RAW 
CPUMotherboardGraphicsRAM
E6750 (G0 Core) Asus P5E Deluxe 2 x Sapphire Radeon 5830 2x2GB Gskill 
Hard DriveOptical DriveOSMonitor
60GB OCZ Vertex 2 Pioneer DVR-109 Windows 7 64Bit 22" Acer AL2216W 
PowerCaseMouse
Corsair TX750W Thermaltake Armor+ ESA Logitech MX Revolution 
  hide details  
Reply
 
Redemption
(13 items)
 
 
CPUMotherboardGraphicsGraphics
i7 4770 @ 4.5 GHz ASRock Z87M Extreme4 XFX Radeon 290 (unlocked to 290X) XFX Radeon 290 
RAMHard DriveCoolingOS
Corsair Dominator 16GB (2 x 8GB) DDR3 1600 SAMSUNG 840 Pro Series 256GB XSPC Raystorm-based custom watercooling Windows 8.1 Pro 
MonitorKeyboardPowerCase
Dell 2714HM x 3 in Eyefinity TKFire Compact - Cherry Red Corsair 750HX Corsair 350D mATX 
Mouse
Sensei RAW 
CPUMotherboardGraphicsRAM
E6750 (G0 Core) Asus P5E Deluxe 2 x Sapphire Radeon 5830 2x2GB Gskill 
Hard DriveOptical DriveOSMonitor
60GB OCZ Vertex 2 Pioneer DVR-109 Windows 7 64Bit 22" Acer AL2216W 
PowerCaseMouse
Corsair TX750W Thermaltake Armor+ ESA Logitech MX Revolution 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ZDnet] Safari/MacBook first to fall at Pwn2Own 2011