Latest in Challenge

Image credit:

John Gruber issues open challenge to MacBook Wi-Fi hackers

David Chartier
09.02.06
Share
Tweet
Share
Save

Sponsored Links

Oh it's on now: criticism of the MacBook Wi-Fi hack has been mounting against the original hackers (David Maynor and Jon Ellch) and SecureWorks, while they have remained mostly silent. At least one passionate blogger has been defending the hack and the original statements, but John Gruber has issued an open challenge for Maynor and Elich to prove this hack once and for all: "If you can hijack a brand-new MacBook out of the box, it's yours to keep."

From my understanding of the hack as it was originally explained and pseudo-demonstrated, Gruber's criteria and the actual nature of the challenge sound reasonable: he will meet Maynor and/or Elich at an agreed-upon Apple Store or Mac reseller, and he will purchase a brand new MacBook (but the true question is: traditional white, or $150-premium black? Update: he's already laid down a $1099 price; the base configuration). After taking the machine through a default setup with one administrator account, he will enable Wi-Fi (if it isn't turned on out of the box), but will refuse to join any open networks (since Mac OS X is designed to deny this by default, and the attack - understandably - can't be based on a user blindly joining just any open networks, especially one that might be created specifically by an attacking machine). John will then create a basic file on the desktop, with the default permissions assigned by Mac OS X (read/write by user, read-only by Group and the World).

Maynor and/or Elich are then free to attack, and if the file disappears from the desktop - they win a (very slightly used, recently attacked) MacBook. If the file stands its ground, the hackers owe John the price of the MacBook. If the dynamic duo manage to only crash the machine or the current login session, John will call the challenge a tie, whereas he will keep the MacBook, and the duo don't have to whip out their checkbooks.

I am admittedly no security expert, nor am I a 1337 h4x0r, but the challenge seems sound. Any readers who have been following this saga spot any holes? Feel free to sound off - and stay tuned: the challenge must be accepted by Friday, September 8th, and as John already deduced: the most likely outcome is that they'll only take the challenge if the know they can win.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
Apple may reveal its 16-inch MacBook Pro tomorrow

Apple may reveal its 16-inch MacBook Pro tomorrow

View
Federal judge rules suspicionless device searches at the border are illegal

Federal judge rules suspicionless device searches at the border are illegal

View
Elon Musk: Berlin 'gigafactory' will build Teslas starting with the Model Y

Elon Musk: Berlin 'gigafactory' will build Teslas starting with the Model Y

View
This 'O-29' hum is the sound of Ford's new hybrid SUVs

This 'O-29' hum is the sound of Ford's new hybrid SUVs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr