Macs and the Pwn2Own contest
Posted by pcidss on March 28, 2008
To counter a post by someone I respect is hard, but given the subject I thought it best to throw in my hat. The recent CanSecWest conference has a contest where security experts are given monetary incentive to break into three separate systems – Linux, Vista, OS X. Now the rules are to use a non-published vulnerability. The MacBook air was the first one down, using an already published Safari bug. So, in my remote mind (and not actually at the conference) the hack was not pure or new.
Beyond general denial, I thought it important to point out that EVERYONE of the attackers (at least in the picture) are running Macbooks! So, while there may exist a vulnerability… if it is good enough for the Leet it should be good enough for the common people.
Just a thought…
JJD on Mac | Security Balance said
[...] few minutes after I posted about the Pwn2Own contest and its results (Mac Air Book compromised), JJD posted in his blog his point of view about Mac security. Well, even after reading his post I still keep with my [...]
Seth said
Where did you hear he used a published vulnerability? It would have to be a new bug to qualify and from the sound of it, there were others there with different findings that would have qualified even if that one had not (someone just demo’ed a QT 0day during a lightning talk I read), so I doubt they’d let a published bug win when it wasn’t allowed.