Sunday, March 22, 2009

Safari hole exploited in seconds at security conference

Read this on CNET the other day: Safari hole exploited in seconds at security conference.

This fellow, Charlie Miller, hacked a new, fully patched MacBook at the CanSecWest security conference called "Pwn2Own," which is hacker slang for gaining control of a computer. The contest was held in Vancouver.

Took him 10 seconds this year. Last year he did it under 2 minutes. So much for improved Apple security I guess. Actually it was a browser (Safari) exploit.

He can't tell us how he did it under the rules but he told Apple beforehand. He is quoted as saying they were happy to learn about the exploit. Somehow I am a little doubtful about how gleeful they were.

I think he won the computer, too.

Apple wasn't lonely for long though because later another guy hacked a Sony Vaio using exploits he had discovered in IE8, Safari, and Firefox. He won $15,000 and the computer.

I have IE8 installed by the way. It is good. I particularly like the scrolling and the speed. However, it did lock up once. My Firefox does that regularly though.


Lori1955 said...

It kind of scary how vulnerable we are. I doubt there will ever be security that someone can't crack.

~Betsy said...

All I can say is Wow.

rilera said...

As long as there is software someone will always try to break into it.

My firefox locks up all the time too but IE takes so long to start up!