MacBook Air First To Be Compromised In Hacking Contest
April 1, 2008
From SlashDot and Liminal states: A MacBook Air was the first laptop to fall in the CanSecWest hacking contest. The successful hijacking took place only two minutes into the second day of the competition, after the rules had been relaxed to allow the visiting of websites and opening of emails.
The TippingPoint blog reveals that the vulnerability was located within Safari, but they won’t release specific details until Apple has had a chance to correct the problem.
This is not a joke, despite what the posting date or the SlashDot commentary might otherwise suggest.
Notice that the laptop was “0wn3d” (compromised) once the contest rules had been relaxed to allow website surfing and the opening of email – two activities that comprise the majority of many internet users’ daily routine.
The moral of the story for most people? The laptop would not have fallen prey to this exploit if Firefox were used (properly-tweaked) in addition to a few-select Firefox plugins.
“Why of course it wouldn’t” you might say, as the exploit was based upon a vulnerability in Safara, not Firefox. In practical terms though, the developers of Firefox do a pretty good job of updating vulnerabilities when they’re discovered. I don’t think that Apple has the same reputation for dealing with known security problems, hence my endorsement of Firefox.
The moral of the story for people who don’t mind sacrificing some of the pretty, shiney pieces of the web in exchange for a more secure computer? Dial back the quantity and type of nifty-neato multimedia thingies that Firefox (or Safari for that matter) allows by default by using the aforementioned plugins and configuration options.
