Three laptops, all patched. All in typical client configurations with typical user configurations.Each has a file on them and it contains the instructions and how to claim the prize.
The targets:
- VAIO VGN-TZ37CN running Ubuntu 7.10
- Fujitsu U810 running Vista Ultimate SP1
- MacBook Air running OSX 10.5.2"
Show organizers called the contest PWN 2 OWN. Pwn (which rhymes with own) is a hacker term meaning to take control of a computer.The prize? US$20,000, plus you get to keep the laptop.
The catch? Contestants had to use a brand-new 'zero day' attack that nobody has seen before.
Day 1:By late Wednesday(march 26th), nobody had even tried to hack the three laptops. This wasn't exactly a surprise to the contest's organizers because on day one attackers were only allowed to use network-based attacks that involved no user interaction. Those type of attacks are extremely rare these days.
There was a downside to waiting until Thursday, however. The prize money drops in half each day. If nobody claimed the laptops by Friday, the prize bottoms out at $5,000 and organizers would start installing non-standard software on the machines to see if they can be compromised through programs such as Skype.
Day 2:At 12:38pm local time, the team of Charlie Miller, Jake Honoroff, and Mark Daniel successfully compromised the Apple MacBook Air, winning the laptop and $10,000. They were able to exploit a brand new 0day vulnerability in Apple's Safari web browser.
Day 3:Shane Macaulay from Security Objectives won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. winning the Fujitsu laptop and $5,000.Only the Sony VAIO laptop running Ubuntu was left standing.
Both vulnerabilities have been acquired by the Zero Day Initiative, and have been 'responsibly disclosed' to both Apple and Adobe which are now working on the issue.
Thanks to Stewart Meagher,Robert McMillan and Zero day initiative.
No comments:
Post a Comment