Mac “hacked” at security con - well, sort of!
A zero day flaw has been found in Apple’s
Safari web browser. Whoop-de-doo!
The net was abuzz over the weekend with news that a zero day
flaw had been found in Apple’s Safari web browser. The flaw was discovered
as part of the CanSecWest conference whose organizers offered a simple
challenge: successfully hack a Macbook and win it as a
prize.
However, one thing that seems to have been overlooked in most of the coverage is that the organizers had to change the contest rules in order for the Macbook to be successfully hacked.
The original rules said that the attack must required no action on the part of the user. After security firm Tipping Point offered to throw in a $10,000 bounty, the rules were changed so that exploits could include malicious websites and other user-initiated actions.
In fact, the “hack” required opening Safari on the Mac, entering a url and navigating to a “website” which was created a few minutes earlier just to attack this machine.
There is no patch for stupidity. Or intellectual dishonesty.
However, one thing that seems to have been overlooked in most of the coverage is that the organizers had to change the contest rules in order for the Macbook to be successfully hacked.
The original rules said that the attack must required no action on the part of the user. After security firm Tipping Point offered to throw in a $10,000 bounty, the rules were changed so that exploits could include malicious websites and other user-initiated actions.
In fact, the “hack” required opening Safari on the Mac, entering a url and navigating to a “website” which was created a few minutes earlier just to attack this machine.
There is no patch for stupidity. Or intellectual dishonesty.
Posted: Mon - April 23, 2007 at 09:56 AM