http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/ Engadget Comments for Major smartphone platforms emerge unscathed from Pwn2Own http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 11:32AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
Bullshit. Put up or shut up.]]>Mar 25th 2009 11:55AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
It's supply and demand. Demand is high because it's popular, supply is low because it's secure. All that means Ca-Ching! If you've got an exploit.]]>Mar 25th 2009 12:07PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
So, I'm no math wiz but it appears that he could have had something and now he has NOTHING. Yeah, that worked in his favor.]]>Mar 25th 2009 12:09PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 12:12PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 12:37PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 2:56PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 11:34AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 11:40AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 1:21PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 11:35AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 11:44AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 11:55AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
Jailbreaking involves creating an unsecured OS image from your computer, and exploiting something in the way iTunes uploads the images to make the iPhone think it's the real OS. I don't know if they exploit something in the system that Apple use or if they actually do exploit a bug. Whatever they do, it doesn't mean jack to anybody walking around with an un-jailbroken iPhone. The exploit doesn't apply.]]>Mar 25th 2009 12:04PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
If I recall correctly, the contestants in the competition aren't really allowed to touch the computer they're hacking; they have to do it all remotely (except for navigating to a malicious site on the computer to-be-hacked).]]>Mar 25th 2009 12:10PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
http://www.engadget.com/2007/07/23/safari-exploit-gives-hackers-full-control-of-your-iphone/]]>Mar 25th 2009 12:12PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 12:15PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
You do realize nobody has ever been able to hack into an OS X Mac remotely, right? That's what the first day of the contest is for. Nobody could do it. Let's not be stupid about this, please. Social engineering is not "hacking". And I guess since mr. "I want $10k" doesn't feel like proving himself correct, there's no point in assuming anything about his alleged "hack" on the iPhone.]]>Mar 25th 2009 12:28PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
http://news.cnet.com/2100-1002_3-6046197.html

]]>Mar 25th 2009 12:39PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
"Participants were given local client access to the target computer and invited to try their luck."

LOCAL CLIENT ACCESS. Do you know what that means? It means that there was somebody sitting in front of the Mac, admin password in hand, waiting to click on a link in an email. Which is exactly what I said above. It's like this every year they run this contest, and every year, gaggles of morons like to spew bullshit about how the Mac was "hacked".

OS X is 8 years old, and in those 8 years, there hasn't been ONE virus, and nobody has EVER been able to hack a Mac remotely.

PERIOD.]]>Mar 25th 2009 12:47PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
http://forums.macrumors.com/showthread.php?t=186475]]>Mar 25th 2009 12:50PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 1:17PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
That link that you provided to the "remote hacking" attempt is hardly on the same level as a worm or trojan on a Windows machine. First of all, the guys running his firewall under DMZ (i.e., all of his ports are open to public access). His computer was running with root access, and the person who "hacked" the system was using iTunes and a torrent program to download TV shows? Keep in mind that remotely logging into a system by guessing a password is hardly hacking (especially when the fool left himself wide open for an attack).

I suppose the correct phrasing for Zak is that a Mac has never been remotely compromised through a malicious program (a.k.a. virus/trojan). You're on your own, though, if you run an open VNC and SSH server and make your root password "tits" or "god". Same as with any Unix-based system.]]>Mar 25th 2009 1:54PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
Who cares? It's still funny.]]>Mar 25th 2009 2:37PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
Local client access doesn't directly imply admin access. ]]>Mar 25th 2009 3:27PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
Jailbreaking involves creating an unsecured OS image from your computer, and exploiting something in the way iTunes uploads the images to make the iPhone think it's the real OS. I don't know if they exploit something in the system that Apple use or if they actually do exploit a bug. Whatever they do, it doesn't mean jack to anybody walking around with an un-jailbroken iPhone. The exploit doesn't apply."

Actually, iphones were jailbroken via a simple webpage in an earlier OS version (1.1.1 maybe?) due to a known safari .tif exploit ;) The guy who figured it out also patched the hole for apple after jailbreaking your phone for you.

http://www.tuaw.com/2007/10/29/confirmed-jailbreak-appsnapp-fixes-tiff-exploit-hole-in-iphone/]]>Mar 26th 2009 8:17AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/>Who cares? It's still funny.

Actually, it's funnier watching the veins in Zak's head bulge.]]>Mar 25th 2009 5:13PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
A very good point, sir.]]>Mar 25th 2009 7:09PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 11:44AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/

Are you serious? Pay up or you ain't telling?

I hope you paid a hefty amount and someone exploits your browser and gets your bank account number and takes it all away. ]]>Mar 25th 2009 11:45AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 11:53AMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 12:11PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 12:29PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 12:13PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 1:09PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 12:53PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/
http://blogs.zdnet.com/security/?p=2941

Hmm I wonder why this was not on the front page?]]>Mar 25th 2009 1:11PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 1:48PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/Mar 25th 2009 3:47PMhttp://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/http://www.engadget.com/2009/03/25/major-smartphone-platforms-emerge-unscathed-from-pwn2own/"Why Safari?
It’s really simple. Safari on the Mac is easier to exploit. The things that Windows do to make it harder (for an exploit to work), Macs don’t do. Hacking into Macs is so much easier. You don’t have to jump through hoops and deal with all the anti-exploit mitigations you’d find in Windows.

It’s more about the operating system than the (target) program. Firefox on Mac is pretty easy too. The underlying OS doesn’t have anti-exploit stuff built into it."
And perhaps:
"On a scale of 1-10, how impressive was the Nils’ sweep of exploiting all three main browsers?

I was surprised. For IE 8, I’d give him a 9 out of 10. For Safari, maybe a 2. It’s just too easy to pop Safari. For Firefox on Windows, I give him a 10. That was the most impressive of the three. It’s really hard to exploit Firefox on Windows."

So yeah, that IS news (which wasn't reported here btw).
Cheers!]]>Mar 25th 2009 4:29PM