Mac Hacker Wins $10,000

A security researcher won $10,000 for hacking a MacBook Air in just two minutes. Rubbing salt in the wound, he said Apple's operating system was the easiest of targets.

The competition, held at Vancouver security conference CanSecWest, challenged entrants to break into one of three laptops: a MacBook Air running the latest version of Macintosh's Operating System, a Fujitsu running the latest edition of Windows Vista, and a Sony Vaio running Ubuntu, an operating system based on the open-source Linux system. All three machines were protected with the latest security patches offered by the manufacturers.

Initially, the contest offered $20,000 to anyone who could carry out a zero-day attack; that's when hackers exploit a flaw in a program that hasn't yet been fixed by the makers. The rules also required the hacker to take control from another machine (via a network) without accessing the laptop. Only one person attempted this task, unsuccessfully.

Organizers then halved the prize money and allowed the hackers to pretend they'd tricked a user into visiting an infected website (for example, by including a bogus link in an email). They were allowed to go after any programme that comes ready installed with the operating system they chose.

The winner, a security adviser named Charlie Miller, took advantage of a flaw in the latest edition of Apple's Safari browser. Once his chosen website address was typed into the laptop, he had remote control of the machine within minutes.

The rules of the contest ban him from going into specific details about the way he hacked the MacBook (though organizers have informed Apple about the flaw). Miller says it only took about a week to find the flaw and work out a way to exploit it. He says a web browser is the easiest software to hack: "There's a million things it has to do. It has to handle images and video and audio and.... That's where the danger is these days." (Source: computerworld.com)

It's not a great surprise Miller won the contest; last summer he was among the first people to hack the iPhone. And yet, overall Miller thinks Apple's security is no worse than Microsoft's. In any case, his hack would have worked just the same on a Windows PC running Safari. (Source: newsfactor.com)

The contest is badly timed coming in the week Apple launched a major push to get Windows users to try the Safari browser. But regardless of the software you use, the main lesson is to take great care visiting links provided by sources you don't know or trust.