Latest in Challenge

Image credit:

John Gruber issues open challenge to MacBook Wi-Fi hackers

David Chartier
September 2, 2006
Share
Tweet
Share

Sponsored Links

Oh it's on now: criticism of the MacBook Wi-Fi hack has been mounting against the original hackers (David Maynor and Jon Ellch) and SecureWorks, while they have remained mostly silent. At least one passionate blogger has been defending the hack and the original statements, but John Gruber has issued an open challenge for Maynor and Elich to prove this hack once and for all: "If you can hijack a brand-new MacBook out of the box, it's yours to keep."

From my understanding of the hack as it was originally explained and pseudo-demonstrated, Gruber's criteria and the actual nature of the challenge sound reasonable: he will meet Maynor and/or Elich at an agreed-upon Apple Store or Mac reseller, and he will purchase a brand new MacBook (but the true question is: traditional white, or $150-premium black? Update: he's already laid down a $1099 price; the base configuration). After taking the machine through a default setup with one administrator account, he will enable Wi-Fi (if it isn't turned on out of the box), but will refuse to join any open networks (since Mac OS X is designed to deny this by default, and the attack - understandably - can't be based on a user blindly joining just any open networks, especially one that might be created specifically by an attacking machine). John will then create a basic file on the desktop, with the default permissions assigned by Mac OS X (read/write by user, read-only by Group and the World).

Maynor and/or Elich are then free to attack, and if the file disappears from the desktop - they win a (very slightly used, recently attacked) MacBook. If the file stands its ground, the hackers owe John the price of the MacBook. If the dynamic duo manage to only crash the machine or the current login session, John will call the challenge a tie, whereas he will keep the MacBook, and the duo don't have to whip out their checkbooks.

I am admittedly no security expert, nor am I a 1337 h4x0r, but the challenge seems sound. Any readers who have been following this saga spot any holes? Feel free to sound off - and stay tuned: the challenge must be accepted by Friday, September 8th, and as John already deduced: the most likely outcome is that they'll only take the challenge if the know they can win.







All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share

Popular on Engadget

Presenting the Best of CES 2021 winners!

Presenting the Best of CES 2021 winners!

View
Donald Trump pardons ex-Waymo, Uber engineer Anthony Levandowski

Donald Trump pardons ex-Waymo, Uber engineer Anthony Levandowski

View
Synthetic cornea helped a legally blind man regain his sight

Synthetic cornea helped a legally blind man regain his sight

View
Korg teases Drumlogue, a hybrid analog / digital groovebox

Korg teases Drumlogue, a hybrid analog / digital groovebox

View
Paramount+ will replace CBS All Access on March 4th

Paramount+ will replace CBS All Access on March 4th

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr