Shane Macaulay strode into the conference hall at the CanSecWest conference on Friday afternoon, balancing a MacBook Pro on his palm and making a beeline for the table displaying two more of the silver laptops.The well-known security researcher had just spent the morning testing an exploit designed to take advantage of a vulnerability in Apple's Safari browser. He set down his MacBook, connected to the network and started up a web server from which he would host the attack. A conference staff member entered a URL into the Safari browser running on the target machines and, just like that, Macaulay took control of the machine and became the first winner of the CanSecWest conference's PWN to Own contest.
With the hack, Macaulay laid claim to one of two MacBook Pros offered up as a prize to the anyone who could compromise them. While the flaw required some user interaction, the conference organisers, as well as every security researcher interviewed for this article, ranked the vulnerability as a critical flaw and a real threat.
Source: theregister.co.uk
Tags: friday | Mac | macbook | safari | Technology | Advantage | afternoon | attack | balancing | became | Browser | conference | connected | designed | displaying | entered | EXPLOIT | Flaw | gets | Hall | host | laptops | making | member | Network | palm | Researcher | running | Security | Server | Spent | Staff | started | Survives | target | testing | vulnerability | well-known | Whacked | WINNER | CanSecWest | Macaulay | beeline | strode
No comments:
Post a Comment