 |
 Stephen Withers turns his gaze on the world of Apple, with
detours into other aspects of IT and communications as they catch his
attention. |
Technology news and Jobs 
Our Blogs Core Dump Two out of three ain't bad
Our Blogs Core Dump Two out of three ain't bad | Two out of three ain't bad |
|
| by Stephen Withers | |
| Monday, 31 March 2008 | |
|
Page 2 of 3 The first computer to go was the MacBook Air, which was broken into via a Safari vulnerability. It's quite possible that the same flaw exists in the Windows version (we'll find out when Apple releases the patch), but if the winners had wanted the Fujitsu U810 rather than the Air, they would have needed to wait until the third day.Day two of the contest allowed attacks on applications installed by default, whereas third party software wasn't brought in until day three. So having identified a flaw in Safari, it made sense to exploit it on Mac OS X rather than Windows, especially as the cash prize halved each day. The second computer to be won was the Fujitsu U810 running Vista Ultimate SP1, thanks to a flaw in Adobe Flash uncovered by Shane Macaulay, Derek Callaway and Alexander Sotirov. (Macaulay helped Dino Dai Zovi to win last year's PWN2OWN contest.) As with the Safari vulnerability, the details have been reported to the vendor by the Zero Day Initiative (which is backed by contest sponsor TippingPoint). Since Flash runs on Mac OS X and Linux as well as Windows, the vulnerability could also apply to the other operating systems. Given that Vista and Ubuntu Linux were running on two very different pieces of hardware (the U810 is a palmtop with a 5.6in screen while the VAIO VGNTZ37CN is a slim and light notebook with a 11.1in screen), it's quite possible that Macaulay and company wanted the Fujitsu rather than the Sony. |
| < Next story in category | Previous story in the category > |
|---|
