Back to Mobile View

Skip to Content

TUAW Deals

Tag: CanSecWest

20 zero-day security holes in Mac OS X to be revealed

Charles Miller, a computer security researcher who's worked with the NSA, is planning to reveal 20 zero-day security holes in Mac OS X at CanSecWest, a digital security conference, in Vancouver BC next week. A zero-day security hole is a weakness in software that neither the makers of the software...

Continue Reading

There's a hole in Safari, dear Liza

Update: Thanks as well to everyone who pointed out that we got our sources mixed up! The article linked is the 2007 CanSecWest, and we apologize for the confusion. The winner of the 2009 competition was Charlie Miller (sorry Charlie), and you can read more about this year's competition here -- IE8...

Continue Reading

MacBook Air knocked out quickly in CanSecWest contest

Once the second-day rules went into effect for the PWN2OWN competition, allowing browser or email exploits to be used, it didn't take more than a few minutes for Charlie Miller, Jake Honoroff and Mark Daniel from ISE to get their 0day vulnerability to work on the target MacBook Air; they walk away...

Continue Reading

CanSecWest offers another Mac hacking challenge

If you fondly remember last year's CanSecWest hacking challenge -- won by researcher Dino Dai Zovi with a Java/QuickTime exploit that allowed him to take over the target MacBook Pro, thereby claiming it as his own -- you'll want to keep your ears open for results of the current challenge, now...

Continue Reading

Gruber interviews CanSecWest winner

Over at Daring Fireball John Gruber interviews Dino Dai Zovi, who won the CanSecWest security contest we mentioned last week by successfully exploiting a MacBook Pro through a flaw in QuickTime's implementation of Java. Dai Zovi explains the sort of thing he did (though obviously without giving...

Continue Reading

More on the CanSecWest exploit and Java

According to Matasano (home base for security researcher Dino Dai Zovi), the announced-but-unreleased web browser exploit that was used to win the CanSecWest MacBook Pro challenge involves browser support for Java. Turn off Java for Safari (or Firefox, or Camino) and your machine is immune. Let's...

Continue Reading

One Mac hack bounty claimed, one to go

No sooner said... the first half of the CanSecWest MacBook Pro hack challenge has been won, with an exploit that uses a malicious webpage to gain a user-level shell via Safari. The second challenge, requiring root access on the target machine, has yet to be won (and requires the use of a different...

Continue Reading

© 2014 AOL Inc. All Rights Reserved.