At the recent CanSecWest conference a security expert took on the challenge of the ‘pwn to own’ contest whereby if you could hack a MacBook pro, you could win it. ZDnet covered the story of Dino Da Zovi creating a Zero-Day exploit that took advantage of a hole in Apple’s Safari browser. Dino created the webpage that Shane Macauley browsed to. Macauley won the MacBook, but Da Zovi stands to win $10,000 for using a Zero-Day exploit to hack the Mac. [For those of you unfamiliar with the term 'Zero-Day' see the Wikipedia entry here].
So Apple have another hole to plug by the looks of it. This comes only days after the recent patch to OS X which fixed some 25 security bugs. I applied this patch to my 12″ Powerbook on Thursday and it failed to reboot! So much for the ‘it just works’ mantra of Mac OS X. However, after powering off and powering on the Mac it soon came back to life.
I quite like the idea of the ‘pwn to own’ concept. It sort of reminds me of old principles of land ownership. Although it is more akin to stealing cars. If you can break into the car then it’s yours, albeit not legally. This idea has been applied to certain online games whereby the victor in a PVP battle could then take an item from the defeated player. Such ideas have been seen to be unfair though. Judging by the number of times I’ve been defeated in Star Wars Galaxies though I’d have no items left!