the "hackers" would get the machine they hacked, so is it any wonder that the guy went after the macbook air??
IF the machines roughly worth the same amount of money, then it does not matter one bit.
What do we know:
3) All of the computers were completely pawned by the end of the competition.
IIRC, the Linux-machine was not exploited.
What we don't know:
1) How any of the computers were hacked.
We have the rough idea, but not the details.
2) In what way the rules were relaxed before the Mac was hacked.
Um, yes we do.
3) Whether the Mac is vulnerable to the security issues that took down the Vista machine and the Ubuntu machine.
Like I said, Ubuntu-machine was still standing at the end of the competition.
This doesn't show that the Mac was the weakest link. As one contributor said
everything was prepared
Yes, the attacks on the OS X-machine were prepared. But so were the attacks on Vista and Linux.
and I'm sure the guys were pro's who came in with security attacks.
And so are the black-hat hackers.
I think it's most likely a Webkit flaw and is likely related to the new features that Apple recently added (which if you remember, also made Safari by far the fastest browser out there).
It seems that they also made Safari the fastest browser to be 0wned.... I would rather have a slightly slower but secure browser, as opposed to speed-demon that is unsecure.
I'm yet to see a Mac hacked without the rules of the competition being relaxed.
So?
Also, how can we prove that Apple's slow to respond to exposed vulnerabilities? Seems like they've had less than 12 hours to fix this one
The piece of news about Apple being slow at fixing holes was not directly related to this hacking-competition.
hypothetical
but is it a real concern if my computer can be hacked
IF I run some malicious code and enter my root password (assuming the root user is enabled), while some dodgy looking guy with a hacking program on his UNIX box has his machine plugged into mine using a USB cable, an ethernet cable and a firewire cable. I'll then give him 2 days to keep doing his work, and perform weird things on my computer when he tells me to do them (including installing weird .kext's and other 3rd party software that I would usually never delve with).
If that leads to my computer being hacked, then does Apple really need to fix the "bug"?
Strawman-argument. In this case, all it took for the Mac to be exploited, was for the user to visit a website.
You're playing with semantics.
No I'm not. Physical access means that the hacker has.... physical access to the machine. That is, he can plug devices in to it, he can reach the power-button etc. etc. THAT is "physical access". Simply creating a website that will "0wn" the computer is NOT the same as "physical access". And that's what happened here.
When I say the hackers were given access, I mean they were allowed to direct user activity going on for the given machine.
And that's how many real-life exploits take place. You get an email from your friend that says "check this cool video!", you click on the link.... and your machine gets exploited.
There's an old rule about computer security which states that as soon as someone has access to the machine, nothing is secure anymore.
I'm well aware of that rule. And that rule is about the hacker standing right next to the computer! It's about hackers who can pull the powercord or plug in extra devices to the machine. And none of that applies here.
How exactly could you stop a denial of service-attack if the hacker is standing next to the machine with a sledgehammer? You don't.
When the contest allowed the contestants to direct specific actions on the machine, that was giving them access, regardless of whether it was their fingers doing it.
What they were allowed to do was to send mail to the machine and ask the user to go to some website, that's all. That does NOT equal "physical access" no matter how much you try to spin it.
And once you can control what's happening on the machine, you're open to all kinds of crazy stuff.
Their control was limited to sending email and asking the user to go to a website, that's all.
It basically becomes a Trojan horse at that point, getting the user to launch something or click something that carries a payload. Any platform is vulnerable to that. I just don't get the point.
But that's not what happened here. The hacker created a malicious website and asked the user to visit it. When he did, his machine was exploited. he did NOT launch some strange installation-packages or something. He launched Safari and visited a website.
According to MacWorld, ONLY the Macs were attacked first. Only after the Mac was exploited did anyone attack the PCs. Apparently, no one wanted the PC or Linux prizes?
Anyway, that fact alone makes the "Mac Hacked First" headline completely phony.
The correct title should be "Hackers Love to Win Macs First over PCs!"
That's ********. ALL machine were attacked right from the start. I think you are confused by this part of the article:
The MacBook was the only system to be hacked by Thursday, however, the word on the show floor is that the Linux and Vista systems will meet with some serious challenges on Friday.
That simply means that only the Mac was exploited by thursday, while Vista and Ubuntu were still unexploited.
EDIT: it should also be noted that OS X was first to be hacked in last years contest as well.
Not ............................ It is still MUCH easier to hack the Vista OS as an OS than it is to hack the Unix OS X as an OS. If it weren't for this one incident, OS X would likely be sitting side-by-side with it's sibling Linux. This ought be be a good incentive, however, for Apple to step-up production of security patches for apps which run on OS X.
Just because some OS is "UNIX" does not mean that it's bulletproof. And not all UNIXes are just as secure. It's widely accepted that OpenBSD is the most secure OS out there (excluding some really niche OSes), with maybe Solaris being second.
It's dumb in the extreme to think that "This is UNIX, therefore it has excellent security". Being (or not being) UNIX says very little about the security of the OS.