Filed under: Security
$10,000 Mac hack bounty not yet claimed
Update: One of the two targets has been compromised.How do you spice up a security conference in lovely Vancouver, BC with a sense of risk, reward and fun? If you're the organizers of CanSecWest, you offer a prize to anyone who can work an exploit on two MacBook Pro machines; said prize, originally just the laptops themselves, is now a cool $10,000 thanks to sponsor & security appliance vendor TippingPoint. Both machines are freshly patched with Thursday's security updates.
As of earlier today, ZDnet blogger Ryan Naraine reports that nobody has claimed the bounty, and conference organizers have moved to the scheduled phase II plan; challengers, who originally had to attack the machine remotely over the network, now may send URLs to the judges and have them opened in Safari. Happy hunting!
graphic: Sebastiaan de With
[via MacDailyNews]
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 1)
Daniel said 5:35PM on 4-20-2007
So take that Mr. Gates!
http://www.tuaw.com/2007/02/02/bill-gates-security-guys-break-the-mac-every-single-day/
Reply
Alex said 6:22PM on 4-20-2007
Whoops! Looks cracked now:
http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/
Reply
matt said 6:22PM on 4-20-2007
oops, make that $10,000 claimed.
http://www.matasano.com/log/806/hot-off-the-matasano-sms-queue-cansec-macbook-challenge-won/
Reply
derek said 6:50PM on 4-20-2007
that "crack" is not a crack, just a malicious web page
Reply
matt said 6:54PM on 4-20-2007
just a malicious web page? you've got to be kidding. a crack is a crack. i'm sure you'll agree the first time you get rooted by some mere malicious web page.
Reply
ant said 6:58PM on 4-20-2007
@4:
"clientside exploit to bind a remotely-accessible shell on the fully-patched"
Hmm remoteley accessible shelll. id say thats pretty vulnerable assuming hes got admin level rights which i assume he does givent that was part of the parmaters of the contest.
The question i have is was this an exploit that requires Safari to open known files upon download or something that cant be circumvented by a simple preference change.
Reply