MacBook Air hacked in under two minutes

RightIsWrong

Diamond Member
Apr 29, 2005
5,649
0
0
That was easy.

Some guys are just way too smart for their own good. Others are too arrogant. ;)

If there's one thing Apple users love to taunt Windows users about, it's security. Mac owners giddily flaunt their lack of virus scanners and lack of worries in front of their PC comrades, whose machines look comparatively bloated with virus scanners, firewalls, and daily patch updates to fix the exploit du jour. Bad news for those Mac users, then, as a recent hacking competition showed that the new MacBook Air is able to be completely compromised in under two minutes.

The hacker in question, Charlie Miller, achieved this feat as part of a hacking competition called PWN 2 OWN. Miller hosted a malicious Web page privately, accessed it from the MacBook Air, and then, within two minutes, was able to take full control of the machine remotely and make it do his bidding.The culprit here is apparently an undiscovered flaw in the Mac Web browser Safari, which has shown to be somewhat lacking in the security department on both the iPhone and on Windows.

Charlie won $10,000 for his troubles, and he got to keep the laptop, but as part of the deal, he was also required to keep secret about the details of exploit, so hopefully there's little chance of it getting into the wild and taking over Macs around the world.

Still, we'd recommend steering clear of Safari -- and perhaps not being so smug.

Another story with background info on successful hackers
 

TwiceOver

Lifer
Dec 20, 2002
13,544
44
91
When answering questions while simultaneously typing at the keyboard, he would occasionally reach over to slap a plastic "Easy!" button from Staples

ROFL
 

ForumMaster

Diamond Member
Feb 24, 2005
7,792
1
0
you do have to remember one thing though: the hacking must be done on the computer with the defualt software. this means that this was done over safari. not saying that this is an excuse, but then safari is notoriously buggy.
 

Xavier434

Lifer
Oct 14, 2002
10,373
1
0
Originally posted by: ViviTheMage
Pcs are targeted more then Macs, which is why macs do not have to deal with as much security issues.

I support this theory as well. It's tough to assess how secure certain software is when the enemy rarely even has it in their sights.
 

effowe

Diamond Member
Nov 1, 2004
6,012
18
81
I don't see why they're making a big deal that it's a Macbook Air, this could have happened on any mac running safari. It could also possibly happen on a PC as safari just got released for windows as well.
 

sdifox

No Lifer
Sep 30, 2005
99,378
17,553
126
Like ViviTheMage said, it's not big enough of a target to bother hacking.
 

loup garou

Lifer
Feb 17, 2000
35,132
1
81
Originally posted by: effowe
I don't see why they're making a big deal that it's a Macbook Air, this could have happened on any mac running safari. It could also possibly happen on a PC as safari just got released for windows as well.
Because that was the particular Mac used in the contest.
 

Xavier434

Lifer
Oct 14, 2002
10,373
1
0
Originally posted by: loup garou
Originally posted by: effowe
I don't see why they're making a big deal that it's a Macbook Air, this could have happened on any mac running safari. It could also possibly happen on a PC as safari just got released for windows as well.
Because that was the particular Mac used in the contest.

And because the Macbook Air is the new hotness in the media spotlight. It doesn't need to make much sense as long as it draws attention. Besides, the article made it clear that it was Safari related.
 

TallBill

Lifer
Apr 29, 2001
46,017
62
91
Yes, while most computer nerds wouldn't use safari, a vast majority of mac owners probably don't even realize any difference in browsers. So yes, people use safari.
 

Xavier434

Lifer
Oct 14, 2002
10,373
1
0
Originally posted by: SoundTheSurrender
The user has to accept a certificate. It's not that impressive, the user has to be involved to get hacked.

Most hacks that cause issues are not impressive. They don't need to be. People click "yes", "accept", "ok", and any other random link they get all the time. It's all about what the software does (or doesn't do) to protect the stupid user that makes this sort of thing impressive.