Tall Mike

As you surely know by now, the CanSecWest conference was the stage for a contest, PWN to OWN. Three laptops were set up; laptops running Windows Vista, Ubuntu Linux, and Mac OS X. The goal was to hack the computer and read the contents of a file located on each of the machines, using a 0day code execution vulnerability.

During the first day, you can only attack the machine over the network, without physical access. On the second day, user interaction comes into play (visiting a website, opening an email). On the third and final day, third-party applications are added to the mix. Each machine had the same cash prize on its head.

As you all know, the Mac was hacked first, on day two. The user only had to visit a website, and the Mac was hacked. Vista got hacked on the third day using a security hole in Adobe’s Flash, and the Ubuntu machine did not get hacked at all.

when the hacking contest was on its second day. The second day consisted of stock configurations along with browsers and some mail applications. That’s when the MacBook Air laptop was hacked in in about 2 minutes utilizing a Safari vulnerability that Apple has now been notified of.

Technically it wasn’t really Microsoft’s fault that the machine was hacked since Adobe is the one who creates Flash. The MacBook Air vulnerability, on the other hand, was in the Safari browser which ships on all Apple computers.