Search This Blog
Saturday, March 29, 2008
Security :MacBook Air Hacked In Minutes
Mac OS X's reputation for security was tarnished Thursday when a team of researchers from Independent Security Evaluators (ISE) managed to hack a MacBook Air in two minutes using a zero-day vulnerability in Apple's Safari 3.1 Web browser.
The ISE security researchers -- Charlie Miller, Jake Honoroff, and Mark Daniel -- were participating in the "PWN to OWN" competition at the CanSecWest security conference, which began Wednesday in Vancouver, British Columbia.
"Pwn" is computer gaming slang for "own," as in conquer. The "p" typo serves to heighten the humiliation of defeat by emphasizing that the loss came at the hands of a youth who can't even spell or type correctly. The term has also come to be used in security circles.
Contest participants had their choice of trying to hack an Apple MacBook Air running OS X 10.5.2, a Sony Vaio VGN-TZ37CN running Ubuntu 7.10, or a Fujitsu U810 running Vista Ultimate SP1. During the first day, when attacks were limited to network attacks on the operating system, no one managed to compromise any of the systems.
That changed Thursday when attacks on default client-side applications -- Web browser, e-mail, IM -- were allowed. The ISE team won $10,000 from security firm TippingPoint Technologies for compromising the MacBook Air.
The undisclosed vulnerability in Safari 3.1 has been shown to Apple and no further information about it will be revealed until Apple can issue an update, TippingPoint said.
In a blog post on Friday, TippingPoint said, "[S]ince the Vista and Ubuntu laptops are still standing unscathed, we are now opening up the scope of the targets beyond just default installed applications on those laptops; any popular third-party application (as deemed 'popular' by the judges) can now be installed on the laptops for a prize of $5,000 upon a successful compromise."
MacBook Air, the easiest one of the three
That's right; Mac OS are the easiest to hack, according to Charlie Miller, analyst – ISE (Independent Security Evaluators). Charlie not only proved by hacking the MacBook running the OS X, 10.5.2 version, in less than two minutes, but also won $10k and a new laptop.
Sponsorors had put up three laptops with different operating system and each patched up with the latest updates. They were made available to any one who could hack into the system. The three day hacking contest was organized at CanSecWest conference, Mariott Renaissance, Vancouver, British Columbia. A USD 20k cash prize would have been paid for successful applicants on day one, USD 10k on day two and USD 5K on the last day.
No one was successful on the 1st day, but on the 2nd day Charlie Miller breached into the MacBook OS, in just about less than two minutes. Charlie Miller did not share the vulnerability as he was bonded by the nondisclosure agreement. Miller however pointed out a bug in Safari browser 3.1.
The co-winner of last years hacking content, Macaulay was able to breach into the vista operating system running service pack 1. It took him two days but was finally successful hacking into vista on the last day.
Overall threre were three winner, Charlie who hacked MacBook, Macaulay who breached the Vista, and linux operating system Ubuntu 7.10 installed in one of the system that remained unconquered.
3G iPhone , predictions "too conservative"
Further fueling talk of a 3G-capable iPhone this spring, a research note from Bank of America claims knowledge of next-generation Apple handset production beginning in May, and warns that past sales predictions have been timid.
In his message to investors, financial analyst Scott Craig points to channel investigations which show an iPhone capable of faster, third-generation cellular Internet access produced in small numbers in May, with a larger number surfacing in June as Apple prepares a formal rollout for the new device.
"This likely implies a launch announcement in [the second calendar quarter]," Craig says.
Apple is also likely to significantly increase its iPhone production compared to its most recent full quarter. While iPhone production during the holidays totaled 2.3 million, the Bank of America researcher estimates about three million 2G and 3G iPhones made during the spring quarter and a much larger eight or more million during the summer. Each additional million units sold could add about $400 million to Apple's bottom line, Craig notes.
Simultaneous reports on Friday supported the analyst's statements., with the Taiwanese Commercial Times paper alleging that bidding is underway for 3G iPhone manufacturing while Dow Jones ventured so far as to claim that Hon Hai had already won a contract for production of an advanced model.
The investigations of the supply chain have been enough to warrant a significant rethink of longer-term predictions for 2008. As Apple may now produce the same eight million iPhones in one quarter that analysts have been predicting for the entire year, previous estimates are now "starting to look too conservative," according to Craig.
The expert maintained existing forecasts for the rest of Apple's lineup. iPod shipments are estimated to drop by several percentage points year over year for the first quarter, dipping below 10 million units, while a combination of the MacBook Air and refreshes to existing portables is tagged as a likely upside for computer sales.
More
3G iPhone Update; Rumors Of 10 Million Orders May Not Be True
Taiwan's Hon Hai Precision, which also goes by the name of Foxconn, has secured an exclusive contract with Apple (NSDQ: AAPL) to assemble a new iPhone, an unnamed person familiar with the situation told Dow Jones Newswires today. The report comes a couple days after a Gartner analyst had reportedly heard that Apple had placed an order for 10 million 3G iPhones, but coincidentally, reports today are now saying those statements were misunderstood.
Dow Jones (NYSE: NWS) reported that a Hon Hai official, who declined to be named, told them that the company was in talks with Apple for the supply of a "more advanced version" of the current iPhone, but provided no further details. The more advanced version of the iPhone is likely one that comes with the faster 3G chip inside, which some analysts speculate could come out as early as May.
This week, the iPod Observer reported that Gartner analyst Ken Dulaney heard Apple may have ordered 10 million iPhones that support 3G networks. InfoWorld reported today the comments were misinterpreted Dulaney's boss, Bob Hafner, said. To clarify, Hafner said they do believe the next version of the phone will be 3G, but "we have not got confirmation that an order had been placed."
Dell Introduces Sub-$1000 Blu-ray Laptop
Noticing the Changing environment of technology Market Dell has announced that they have added a Blu-ray drive (with reading capability for Blu-ray Discs, and read/write capability for DVDs and CDs) to their award-winning Inspiron line of laptops. More impressive, the Inspiron 1525 with Blu-ray drive will only set consumers back a mere $879. The computer features a 15.4" 720p screen and HDMI output.
Blu-ray disc decoding will be accomplished via a dedicated Broadcom decoder located in the laptops mini-card slot. And for those consumers who want to watch Blu-ray movies on-the-go, Dell has available a slim travel power adapter and IR remote control for quick access to Blu-ray menus.
These laptops are available today directly from their website, and come in a variety of colors and configurations to match any Blu-ray fan's needs.
Comcast's P2P Conversion
Comcast announced a deal yesterday with BitTorrent Inc., in which the cable giant agreed to stop throttling the performance of heavy P2P users during peak times, and instead pledged to invest in the bandwidth and technologies to be able to handle that traffic. After months of accusations, denials and foot stomping on the part of users, cable giant Comcast and the peer-to-peer file sharing company BitTorrent have reached an agreement that supports file exchanges on the Comcast broadband network.
The issue surfaced last summer when Comcast subscribers began to notice a degradation in their BitTorrent uploads. Further investigations by individuals were later confirmed by the Associated Press: Comcast was sending out signals to disrupt the uploads of BitTorrent transfers.
The controversy expanded as Lotus Notes users realized they were also being throttled back, and other Internet service providers (ISPs) admitted that they too throttled excessive traffic use. The FCC even held hearings, and Comcast became the whipping boy among net neutrality advocates.
Behind the scenes, the two companies worked out the issues facing them, resulting in today's announcement. Instead of picking on specific applications, Comcast will focus on which users are being particular bandwidth hogs during peak usage hours.
It is expected that may well be true—somewhere down the line. For now, it’s pretty clear that this conversion is more about solving a nasty PR problem, than in truly working with P2P providers to better handle the rising tide of online video traffic. Clearly, Comcast needs to calm down critics—including at the FCC—who’ve had a field day since the Associated Press revealed last Fall that Comcast was throttling the bandwidth to heavy P2P users during peak times. And BitTorrent was the most convenient partner through which to make such a move. “Comcast has been caught with its hand in the cookie jar, and they’re trying to quickly close the book on the issue,” says Gilles BianRosa, CEO of P2P rival Vuze Inc., which filed a complaint with the FCC last year seeking new rules on how ISPs can manage traffic over their networks. “Just putting out a press release doesn’t push the envelope too much.” Om Malik was similarly suspicious. And FCC chairman Kevin Martin says he’s watching to make sure words are followed by action.
The issue surfaced last summer when Comcast subscribers began to notice a degradation in their BitTorrent uploads. Further investigations by individuals were later confirmed by the Associated Press: Comcast was sending out signals to disrupt the uploads of BitTorrent transfers.
The controversy expanded as Lotus Notes users realized they were also being throttled back, and other Internet service providers (ISPs) admitted that they too throttled excessive traffic use. The FCC even held hearings, and Comcast became the whipping boy among net neutrality advocates.
Behind the scenes, the two companies worked out the issues facing them, resulting in today's announcement. Instead of picking on specific applications, Comcast will focus on which users are being particular bandwidth hogs during peak usage hours.
It is expected that may well be true—somewhere down the line. For now, it’s pretty clear that this conversion is more about solving a nasty PR problem, than in truly working with P2P providers to better handle the rising tide of online video traffic. Clearly, Comcast needs to calm down critics—including at the FCC—who’ve had a field day since the Associated Press revealed last Fall that Comcast was throttling the bandwidth to heavy P2P users during peak times. And BitTorrent was the most convenient partner through which to make such a move. “Comcast has been caught with its hand in the cookie jar, and they’re trying to quickly close the book on the issue,” says Gilles BianRosa, CEO of P2P rival Vuze Inc., which filed a complaint with the FCC last year seeking new rules on how ISPs can manage traffic over their networks. “Just putting out a press release doesn’t push the envelope too much.” Om Malik was similarly suspicious. And FCC chairman Kevin Martin says he’s watching to make sure words are followed by action.
Subscribe to:
Posts (Atom)