Average Rating: Rate this article:

MacBook Air Hacked -- But It Was the Browser's Fault By Jennifer LeClaire March 28, 2008 10:56AM     Hacker Charlie Miller nets $10,000 and a laptop for hacking Apple, Inc.'s MacBook Air in two minutes. But analysts say it could just as well have been a Windows PC since Miller was using Apple's flawed Safari browser at the CanSecWest conference. Apple has been notified of the new, undisclosed vulnerability in Apple's Safari browser.   Related Topics Apple Safari MacBook Air Security Latest News Plasma-TV Ban Could Be Costly Barnes & Noble Nook Is Delayed Flat PC Shipments Hurt Dell's Stock Ballmer Says Windows 7 Sales Good New Pogoplug 'Cloud' Gets Social First he hacked Apple's iPhone. Now he's hacked Apple's MacBook Air. But some analysts are warning not to be quick to judge security based on Charlie Miller's work. Miller, a researcher at Independent Security Evaluators, won $10,000 and a laptop Thursday at the CanSecWest security conference's Pwn 2 Own hacking contest. He did it by hacking the MacBook Air -- and it took him all of two minutes. CanSecWest organizers offered a Sony Vaio, Fujitsu U810 and a MacBook as booty for hackers who could find a way to breach security and gain access to the contents of system files using a previously undisclosed zero-day attack. A zero-day attack is the exploitation of unpatched software vulnerabilities. Picking on Apple The first day of the contest, hackers were only allowed to hack into the computers over a network. No one was able to claim the prizes. On the second day, the rules changed. Contestants were allowed to use the machines to visit Web sites and open e-mail messages. The new rules were a game-changer for Miller, who almost immediately found a way in. Miller is familiar with Apple's architecture. He is perhaps best known as one of the first researchers to hack Apple's iPhone. This time around, he hacked the MacBook Air by visiting a Web site with exploit code he created. That code allowed him to take control of the computer as onlookers enjoyed the show. Jake Honoroff and Mark Daniel were on the Miller team from Independent Security Evaluators. "They were able to exploit a brand-new zero-day vulnerability in Apple's Safari Web browser. Coincidentally, Apple has just started to ship Safari to some Windows machines through its iTunes update service. The vulnerability has been acquired by the Zero-Day Initiative, and has been responsibly disclosed to Apple, who is now working on the issue," according to the TippingPoint DVLabs blog. TippingPoint sponsored the contest. Until Apple releases a patch for this issue, TippingPoint said neither the company nor the contestants will offer additional information about the vulnerability. Apple could not immediately be reached for comment. Missing the Security Point? "Contest results like these are not indicative of how generally secure any of these devices or their respective browsers are," said Mike Haro, a senior security analyst at Sophos, referring to Windows Vista and Ubuntu machines that were also part of the contest. "Anyone looking to draw conclusions about the inherent security of Apple's MacBook Air based on this contest is missing the point." The point is that browsers continue to be a major security issue. Browsers are the vector through which attackers lure victims to Web sites that contain malicious code. And the Safari browser is coming up with dangerous flaws lately -- for both Mac and Windows. Indeed, Miller's hack into a MacBook Air could have just as easily have been a PC running Windows and Safari. Just this week, Argentinian hacker Juan Pablo Lopez Yacubian discovered two critical flaws in Apple's Safari 3.1 browser for Windows.   Advertisement  Hardware 1.   IBM Steps Toward Thinking Machines 2.   U.S. Supercomputer Fastest in World 3.   Dell Makes Green Move with Bamboo 4.   Cisco, Logitech Target Mainstream 5.   After AMD: Intel's Next Big Battle IBM Steps Toward Thinking Machines They simulated a cat's cerebral cortex. Average Rating: U.S. Supercomputer Fastest in World Devoted to solving scientific questions. Average Rating: Cisco, Logitech Target Mainstream Videoconferencing for everyday use. Average Rating:

Product Information and Resources for Technology You Can Use To Boost Your Business CRM Systems   Experience CRM—and Business—Success today with Salesforce.com. Contact Centers   Run Your Entire Contact Center in the Cloud with LiveOps Enterprise Hardware   Go Green with IBM Blade Center    Enterprise I.T.    Rackspace: It makes a difference when you focus on support.   Go Green with IBM Blade Center   APC introduces server room in a box solutions!   Tell us what you think. Take a survey.   Find out how much you can save with the SQL Server value tool.   See how AT&T can help protect your network. Enterprise Software   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Microsoft/Windows   Rackspace: It makes a difference when you focus on support   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Network Security   See how AT&T can help protect your network.

Network Security Spotlight

House Lawmakers Push Ban on Peer-to-Peer Software Stung by an embarrassing electronic leak revealing ethics investigations into dozens of lawmakers, Congress moved to prohibit federal employees from using the file-sharing software blamed for the disclosure.   GAO: Los Alamos Computer Security Has Weaknesses Security weaknesses uncovered in Los Alamos National Laboratory's computer network increase the risk of a classified-information breach, says the Government Accountability Office.   Computer Security Firm Fortinet Plans IPO This Week Fortinet plans to go public in an initial public offering, giving investors a chance to tap a network security provider with sales that are expected to grow. The IPO could be valued at $137.5 million or more.

Enterprise Hardware Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   New Pogoplug 'Personal Cloud' Does Social Networking Cloud Engines has released its newest version of the Pogoplug, a small "multimedia sharing device" that connects hard drives to the Internet and allows a user to access the files remotely.   Apple Tablet Rumored Delayed as Publisher Gears Up There have been so many rumors of an Apple tablet that it has taken on legendary status. But now the legend is being revised with reports of a delay and that a major publisher is getting ready.

Enterprise Technology Spotlight

Flat Shipments Hurt Dell Despite Increased Earnings Dell's earnings are up and expectations are solid, but the company's stock still took a hit after analysts signaled the company isn't playing a key role in the PC market recovery.   Smartphones: A Bigger Target for Security Threats Smartphones are increasingly prevalent and adept at handling more tasks, including trading stocks, paying bills, and buying stuff online. That makes them attractive to thieves and hackers.   FBI Says Hackers Targeting Law Firms, PR Companies Hackers are targeting law firms and public relations companies with a sophisticated e-mail scheme that breaks into their computer networks to steal sensitive data, often linked to large corporate clients.

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | Free Whitepapers | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2009 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.