Apple Presents: Gone In 120 Seconds

Security researcher Charlie Miller attended the CanSecWest Pwn2Own hacker challenge hoping to make a little money, I'm sure. But I doubt even he had any idea that he could compromise a MacBook Air laptop in two minutes flat and collect a $10,000 prize. Maybe Apple should stop using the picture of the fruit as a logo, and go with an "Easy Button" instead.

The contest, which pits security researchers against three fully patched computers—VAIO VGN-TZ37CN running Ubuntu 7.10, Fujitsu U810 running Windows Vista Ultimate SP1 and MacBook Air running OSX 10.5.2—began on Mar. 26, but after the first day, there were no attempts to use a remotely exploitable pre-auth vulnerability to claim a $20,000 prize.

On the second day, when the attack surfaces were increased to allow exploitation of default installed client-side applications (following a link through e-mail, vendor-supplied IM client or visiting a malicious Web site),  Miller pounced early and claimed the $10,000 prize.

I wonder if Steve Jobs makes $5,000 a minute? He seems pretty bright. Maybe Steve could make it over to CanSecWest today and compromise one of the Windows Vista or the Linux Ubuntu machines and make a little money. They're still uncracked.

Tags:  Apple, App, Pre, DS, eco, SEC, SEN, One, pple, appl, AP
Via:  eWeek
Show comments blog comments powered by Disqus