Go Back   MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

 
 
Thread Tools Search this Thread Display Modes
Old Apr 20, 2007, 12:33 PM   #1
MacBytes
macrumors bot
 
Join Date: Jul 2003
Hack a Mac, get $10,000




Category: Mac OS X
Link: Hack a Mac, get $10,000
Description:: none

Posted on MacBytes.com
Approved by Mudbug
MacBytes is offline   0
Old Apr 20, 2007, 12:42 PM   #2
gauchogolfer
macrumors 601
 
gauchogolfer's Avatar
 
Join Date: Jan 2005
Location: American Riviera
Send a message via AIM to gauchogolfer Send a message via Yahoo to gauchogolfer Send a message via Skype™ to gauchogolfer
From the article:

Quote:
CanSecWest organizers have set up the MacBooks with all security updates, but without additional security software or settings. Attendees are able to connect to the machines via the access point through Ethernet or Wi-Fi.
So, does this mean the firewall is turned on or off? It's normally on by default, but I'm not clear as to what they've done here.

I'm interested to see how this pans out.
__________________
Victoria Concordia Crescit
gauchogolfer is offline   0
Old Apr 20, 2007, 12:53 PM   #3
SPUY767
macrumors 68000
 
SPUY767's Avatar
 
Join Date: Jun 2003
Location: GA
I have a feeling that this will be a better conpetition than the last Hack my Mac competition which was BS. I mean, people aren't going to be throwing around 10G's lightly, unless of course it's an anti-marketing ploy by Microsoft to make it just hard enough that it takes long enough to get exposure, of course, in that case I would expect to see a side-by-side test with a vista machine.
__________________
Yo' mama's so STUPID, she went to Bangkok to get a TIE Fighter.
SPUY767 is offline   0
Old Apr 20, 2007, 01:05 PM   #4
djstarrock
macrumors 6502a
 
djstarrock's Avatar
 
Join Date: Nov 2006
Location: UK, Scotland, Glasgow
Send a message via MSN to djstarrock Send a message via Skype™ to djstarrock
Quote:
Originally Posted by gauchogolfer View Post
From the article:



So, does this mean the firewall is turned on or off? It's normally on by default, but I'm not clear as to what they've done here.

I'm interested to see how this pans out.
The firewall isn't on by default it never has been.
__________________
MacBook | 16GB iPhone 3G S⃣
Camera Gear: 30D | Tamron 17-50mm F/2.8 | Canon 55-250mm F/4.0-5.6 IS | 430EX II
My website
djstarrock is offline   0
Old Apr 20, 2007, 01:11 PM   #5
gauchogolfer
macrumors 601
 
gauchogolfer's Avatar
 
Join Date: Jan 2005
Location: American Riviera
Send a message via AIM to gauchogolfer Send a message via Yahoo to gauchogolfer Send a message via Skype™ to gauchogolfer
Quote:
Originally Posted by djstarrock View Post
The firewall isn't on by default it never has been.
Are you sure? When you go into Preferences and look at what ports are open by default, there are no boxes checked for anything. You have to manually set the Sharing preferences along with the Firewall ports to be open. At least this is how I remember setting up my machine at first.
__________________
Victoria Concordia Crescit
gauchogolfer is offline   0
Old Apr 20, 2007, 01:20 PM   #6
aranhamo
macrumors regular
 
Join Date: Oct 2004
Quote:
Originally Posted by gauchogolfer View Post
Are you sure? When you go into Preferences and look at what ports are open by default, there are no boxes checked for anything. You have to manually set the Sharing preferences along with the Firewall ports to be open. At least this is how I remember setting up my machine at first.
The services are all turned off by default, but that's not the same thing as having the firewall turned on.
aranhamo is offline   0
Old Apr 20, 2007, 01:51 PM   #7
mklos
macrumors 68000
 
mklos's Avatar
 
Join Date: Dec 2002
Location: My house!
Send a message via AIM to mklos
Quote:
Originally Posted by aranhamo View Post
The services are all turned off by default, but that's not the same thing as having the firewall turned on.
Exactly! The Firewall is its own seperate tab in the sharing system preference and its OFF by default.
__________________
2.66 GHz Quad-Core Mac Pro (Nehlem)
24" LED Cinema
Aluminum MacBook
2.0 GHz Core 2 Duo
16GB iPhone 3GS
mklos is offline   0
Old Apr 20, 2007, 01:53 PM   #8
mklos
macrumors 68000
 
mklos's Avatar
 
Join Date: Dec 2002
Location: My house!
Send a message via AIM to mklos
I like how they show MacBook Pros in the pictures of the original article and say they have MacBooks setup.

And of course the story comes from Cnet, the most anti-Mac site out there!
__________________
2.66 GHz Quad-Core Mac Pro (Nehlem)
24" LED Cinema
Aluminum MacBook
2.0 GHz Core 2 Duo
16GB iPhone 3GS
mklos is offline   0
Old Apr 20, 2007, 02:00 PM   #9
gauchogolfer
macrumors 601
 
gauchogolfer's Avatar
 
Join Date: Jan 2005
Location: American Riviera
Send a message via AIM to gauchogolfer Send a message via Yahoo to gauchogolfer Send a message via Skype™ to gauchogolfer
Quote:
Originally Posted by aranhamo View Post
The services are all turned off by default, but that's not the same thing as having the firewall turned on.
Fair enough. I guess it's been so long since I've installed OS X that I forgot how it came 'out of the box'.

Thanks.
__________________
Victoria Concordia Crescit
gauchogolfer is offline   0
Old Apr 20, 2007, 02:07 PM   #10
Diatribe
macrumors 601
 
Diatribe's Avatar
 
Join Date: Jan 2004
Location: Back in the motherland
Does anyone know whether the firewall is on by default in the Leopard beta? (If that doesn't break NDA)
__________________
Knowledge - fueled by curiosity
Mac Beginner's Guide | My Adium Xtras
Diatribe is offline   0
Old Apr 20, 2007, 02:07 PM   #11
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
I always thought it was odd that the Firewall was off, since it seems harmless to have it on. But I know people with broadband already have a firewall in their router/modem anyway--protection that this contest doesn't seem to give the targets.

Note that a human expert sitting down and spending time hacking into one particular Mac is MUCH easier (assuming it's possible) than making malware that does so automatically and spreads itself across the Internet, Windows-style. It's a first step, though.
nagromme is offline   0
Old Apr 20, 2007, 02:15 PM   #12
johnee
macrumors 6502a
 
johnee's Avatar
 
Join Date: Mar 2007
Location: well, i'm not from the UK, but people will like me more if I say I am.
This will be VERY interesting!

sorry folks, but I believe someone will do it. There's a reason Apple provides Security updates!
__________________
are you hypocritical?
"Jesus..said..sell all thou has,and give to the poor.. hardly shall they who have riches enter the kingdom of God"
i'm atheist
johnee is offline   0
Old Apr 20, 2007, 02:17 PM   #13
SPUY767
macrumors 68000
 
SPUY767's Avatar
 
Join Date: Jun 2003
Location: GA
Simple fact is, this hack only applies if you're using on the same network with the hacker considering how it's set up. The last Mac Hack BS was set up on a static IP without a firewall of any sort. Fact is, most ISP's don't let your computer receive anonymous packets anyway in order to prevent people from hosting a website or the like. In addition, most home networks are going to be behind 2 firewalls, the one in the DSL/Cable modem and the one in the router that they are likely using. So unless the hack takes a half hour or so, it's pretty much irrelavent because most of the time you're not going to be on a public network for all that long.
__________________
Yo' mama's so STUPID, she went to Bangkok to get a TIE Fighter.
SPUY767 is offline   0
Old Apr 20, 2007, 02:21 PM   #14
johnee
macrumors 6502a
 
johnee's Avatar
 
Join Date: Mar 2007
Location: well, i'm not from the UK, but people will like me more if I say I am.
Quote:
Originally Posted by SPUY767 View Post
Simple fact is, this hack only applies if you're using on the same network with the hacker considering how it's set up. The last Mac Hack BS was set up on a static IP without a firewall of any sort. Fact is, most ISP's don't let your computer receive anonymous packets anyway in order to prevent people from hosting a website or the like. In addition, most home networks are going to be behind 2 firewalls, the one in the DSL/Cable modem and the one in the router that they are likely using. So unless the hack takes a half hour or so, it's pretty much irrelavent because most of the time you're not going to be on a public network for all that long.
You do make an excellent point. I think this competition is only open for 2 days, and it was announced in late march, so not sure if that's enough time, but we'll see!
__________________
are you hypocritical?
"Jesus..said..sell all thou has,and give to the poor.. hardly shall they who have riches enter the kingdom of God"
i'm atheist
johnee is offline   0
Old Apr 20, 2007, 02:25 PM   #15
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
Regardless of whether any hacks would work in the REAL world or not, if they reveal some previously unknown bug that Apple can then fix, then the contest is good in my book! (And if nobody succeeds, that's cool in a different way )

What exactly IS the timeframe? The only info I see online (which doesn't mention $10k) is:
http://cansecwest.com/post/2007-04-1...rt_Your_PWNing
nagromme is offline   0
Old Apr 20, 2007, 02:54 PM   #16
winmacguy
macrumors 68020
 
winmacguy's Avatar
 
Join Date: Nov 2003
Location: New Zealand
Here is an update article

MacBooks survive day one in hacker jungle
VANCOUVER, BC Two tricked-out MacBook laptops have survived the first day of a 'PWN to OWN' contest that dared hackers to take control of default Mac OS X installations.
The contest started around midday Friday Thursday, the second day of the CanSecWest conference here and triggered interest from hackers in attendance but it was not immediately clear just how many attempts were being made to break into the machines.

Organizers say they have seen "some activity" on the network set up with the two new MacBooks a 17" and a 15" but details remained scarce when the day ended. According to a report, Tipping Point's Zero Day Initiative has added a $10,000 bounty to the first hacker who launches a successful attack with a new, yet-to-be-patched vulnerability.
http://blogs.zdnet.com/security/?p=173
__________________
With Windows iWork, with Apple iCreate
winmacguy is offline   0
Old Apr 20, 2007, 02:55 PM   #17
johnee
macrumors 6502a
 
johnee's Avatar
 
Join Date: Mar 2007
Location: well, i'm not from the UK, but people will like me more if I say I am.
Quote:
Originally Posted by nagromme View Post
Regardless of whether any hacks would work in the REAL world or not, if they reveal some previously unknown bug that Apple can then fix, then the contest is good in my book! (And if nobody succeeds, that's cool in a different way )

What exactly IS the timeframe? The only info I see online (which doesn't mention $10k) is:
http://cansecwest.com/post/2007-04-1...rt_Your_PWNing
Yeah, that's where they announced the challenge, and I think the conf. was April 18 - 20, so today is the last day! There's two possibilities at the close of the challenge: no/little news of no successes or news all over the place of a success.
__________________
are you hypocritical?
"Jesus..said..sell all thou has,and give to the poor.. hardly shall they who have riches enter the kingdom of God"
i'm atheist
johnee is offline   0
Old Apr 20, 2007, 03:34 PM   #18
winmacguy
macrumors 68020
 
winmacguy's Avatar
 
Join Date: Nov 2003
Location: New Zealand
According to the second article, they are going to lower the barriers to hacking the Macs on the second day if no one makes any progress. Sounds kinda lame if you ask me.
__________________
With Windows iWork, with Apple iCreate
winmacguy is offline   0
Old Apr 20, 2007, 03:55 PM   #19
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
They left these machines intentionally "vulnerable" in some ways, which is a good experiment to make.

But it would be a better experiment if they left ONE machine vulnerable like that, and made the other one more of a common REAL world scenario--with the full $20k as prize

The second machine would not give hackers the help this contest gives them:

* Firewall off

* No router/modem/gateway

* Known IP address

* Access given freely to a local network connected to the target

* Both wired and wireless connections allowed

I'm not an expert, but it seems to me that it would be more realistic (outside of hotspots) to make one machine a target where you have to find the IP address on your own, then get through OS X's firewall and a router/gateway like any broadband user has. No access given to the LAN, and no wireless (because that would require an attacker to be nearby).
nagromme is offline   0
Old Apr 20, 2007, 04:05 PM   #20
mklos
macrumors 68000
 
mklos's Avatar
 
Join Date: Dec 2002
Location: My house!
Send a message via AIM to mklos
Quote:
Originally Posted by Diatribe View Post
Does anyone know whether the firewall is on by default in the Leopard beta? (If that doesn't break NDA)
In the Leopard beta that I have its not enabled by default. Apple is not Microsoft and doesn't turn every possible option on by default. Apple believes in choice...
__________________
2.66 GHz Quad-Core Mac Pro (Nehlem)
24" LED Cinema
Aluminum MacBook
2.0 GHz Core 2 Duo
16GB iPhone 3GS
mklos is offline   0
Old Apr 20, 2007, 04:06 PM   #21
Diatribe
macrumors 601
 
Diatribe's Avatar
 
Join Date: Jan 2004
Location: Back in the motherland
Quote:
Originally Posted by mklos View Post
In the Leopard beta that I have its not enabled by default. Apple is not Microsoft and doesn't turn every possible option on by default. Apple believes in choice...
The last sentence is the most ironic I have heard in a while.
__________________
Knowledge - fueled by curiosity
Mac Beginner's Guide | My Adium Xtras
Diatribe is offline   0
Old Apr 20, 2007, 04:12 PM   #22
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by Diatribe View Post
The last sentence is the most ironic I have heard in a while.
I'll give you a MORE ironic one: "Microsoft believes in choice."
nagromme is offline   0
Old Apr 20, 2007, 04:59 PM   #23
nagromme
macrumors G5
 
nagromme's Avatar
 
Join Date: May 2002
This link explains how they are making the contest easier over time if nobody succeeds:

http://blogs.zdnet.com/security/?p=173

"On the second day, the barrier will be lowered a bit and the attackers will be allowed to put exploit code on a special wiki and launch drive-by exploits on the Mac's built-in Safari browser. If the machines survive this level, the attacker will be allowed to connect to over USB or Bluetooth."

We're on the second day now I think. If they withstand this, then tomorrow we get attacks that require someone to be physically in the same room as the machine. Then on Sunday, I assume icepicks will be allowed

We can be pretty sure it's not just attendees whose expertise is being used in these attempts: with $10,000 at stake, you can be sure people are reaching out to hackers around the world for ideas. (I just hope they admit it's for a contest and share the prize!)

(Just imagined if they REALLY wanted to protect the file, and enabled OS X's File Vault.)
nagromme is offline   0
Old Apr 20, 2007, 05:23 PM   #24
ogee
macrumors 6502
 
Join Date: Nov 2006
Location: Earth.
Quote:
Originally Posted by SPUY767 View Post
So unless the hack takes a half hour or so, it's pretty much irrelavent because most of the time you're not going to be on a public network for all that long.
Bull.

There are a vast number of people who have DSL flat rate and remain constantly connected to the internet at home, and of course all the business users on the net.

I know of only one person who still uses dial up, (my sister who is on ISDN dial up).
ogee is offline   0
Old Apr 20, 2007, 05:31 PM   #25
gauchogolfer
macrumors 601
 
gauchogolfer's Avatar
 
Join Date: Jan 2005
Location: American Riviera
Send a message via AIM to gauchogolfer Send a message via Yahoo to gauchogolfer Send a message via Skype™ to gauchogolfer
Quote:
Originally Posted by ogee View Post
Bull.

There are a vast number of people who have DSL flat rate and remain constantly connected to the internet at home, and of course all the business users on the net.

I know of only one person who still uses dial up, (my sister who is on ISDN dial up).
I think the key in that phrase was 'public network'. You are describing someone on a private network, where they are behind a router.
__________________
Victoria Concordia Crescit
gauchogolfer is offline   0


 
MacRumors Forums > Archive > Archives of Old Posts > MacBytes.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Anyone know how to modify/hack a Mac game? Sanchez25 Mac Programming 2 Dec 29, 2013 06:41 PM
Over 10,000,000 Galaxy Note 3s sold! rhinosrcool Alternatives to iOS and iOS Devices 23 Dec 18, 2013 05:08 PM
Obama orders federal pay freeze lifted, $1,000,000,000 in increases next year thewitt Politics, Religion, Social Issues 40 Dec 31, 2012 03:03 PM
iTunes Match 25,000 limit/Amazon Cloud Player 250,000 limit kingledley Mac Applications and Mac App Store 1 Jul 31, 2012 05:03 PM

Forum Jump

All times are GMT -5. The time now is 04:41 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC