Post Thumbnail

Charles Miller, a computer security researcher who's worked with the NSA, is planning to reveal 20 zero-day security holes in Mac OS X at CanSecWest, a digital security conference, in Vancouver BC next week. A zero-day security hole is a weakness in software that neither the makers of the software n...

5 years ago 0 Comments
Post Thumbnail

Say, Charles -- it's been awhile! But we're pleased as punch to see that you're back to your old ways, poking around within OS X's mainframe just looking for ways to remotely control the system, snag credit card data and download a few interoffice love letters that are carefully stashed 15 folders d...

5 years ago 0 Comments
Post Thumbnail

Ah, the wonders of CanSecWest. The famed security conference has delivered yet again in 2009, this time bringing to light two simple sniffing schemes that could be used to decipher typed text when keyloggers are just too noticeable. Gurus from Inverse Path were on hand to explain the approaches, o...

6 years ago 0 Comments
Post Thumbnail

Update: Thanks as well to everyone who pointed out that we got our sources mixed up! The article linked is the 2007 CanSecWest, and we apologize for the confusion. The winner of the 2009 competition was Charlie Miller (sorry Charlie), and you can read more about this year's competition here -- IE8 ...

6 years ago 0 Comments
Post Thumbnail

That didn't take long. One day into the Pwn2Own hacking competition at CanSecWest and already Apple, Microsoft, and Mozilla have been sent packing to their respective labs to work on security issues in their browsers. In a repeat performance, Charlie Miller pocketed a $5,000 cash prize and a fully...

6 years ago 0 Comments
Post Thumbnail

After a week full of Red Bulls, Fruit by the Foot and dreams of In-N-Out, the mighty Sony VAIO loaded with Linux stood as the only machine unhacked by the end of the PWN 2 OWN hacking contest at CanSecWest. As you're well aware by now, the MacBook Air on display was seized in two minutes by the pr...

7 years ago 0 Comments
Post Thumbnail

Once the second-day rules went into effect for the PWN2OWN competition, allowing browser or email exploits to be used, it didn't take more than a few minutes for Charlie Miller, Jake Honoroff and Mark Daniel from ISE to get their 0day vulnerability to work on the target MacBook Air; they walk away w...

7 years ago 0 Comments
Post Thumbnail

And just think -- last year you were singing Dino Dai Zovi's praises for taking control of a MacBook Pro in nine whole hours. This year, the PWN 2 OWN hacking competition at CanSecWest was over nearly as quickly as the second day started, as famed iPhone hacker Charlie Miller showed the MacBook Ai...

7 years ago 0 Comments
Post Thumbnail

If you fondly remember last year's CanSecWest hacking challenge -- won by researcher Dino Dai Zovi with a Java/QuickTime exploit that allowed him to take over the target MacBook Pro, thereby claiming it as his own -- you'll want to keep your ears open for results of the current challenge, now underw...

7 years ago 0 Comments
Post Thumbnail

Last year's PWN 2 OWN contest at the CanSecWest security conference went over way better than expected (read: exploits were glorified), so this year, organizers have spiced things up by letting hackers have their way with three separate machines. The Linux, OS X and Vista-based rigs were all setup a...

7 years ago 0 Comments
Post Thumbnail

Over at Daring Fireball John Gruber interviews Dino Dai Zovi, who won the CanSecWest security contest we mentioned last week by successfully exploiting a MacBook Pro through a flaw in QuickTime's implementation of Java. Dai Zovi explains the sort of thing he did (though obviously without giving deta...

8 years ago 0 Comments
Post Thumbnail

According to Matasano (home base for security researcher Dino Dai Zovi), the announced-but-unreleased web browser exploit that was used to win the CanSecWest MacBook Pro challenge involves browser support for Java. Turn off Java for Safari (or Firefox, or Camino) and your machine is immune. Let's ta...

8 years ago 0 Comments
Post Thumbnail

No sooner said... the first half of the CanSecWest MacBook Pro hack challenge has been won, with an exploit that uses a malicious webpage to gain a user-level shell via Safari. The second challenge, requiring root access on the target machine, has yet to be won (and requires the use of a different e...

8 years ago 0 Comments