By Gregg Keizer
March 18, 2009
Charlie Miller, the security researcher who hacked a Mac in two minutes
last year at CanSecWest's PWN2OWN contest, improved his time today by
breaking into another Mac in under 10 seconds.
Miller, a principal analyst at Independent Security Evaluators LLC,
walked off with a $5,000 cash prize and the MacBook he hacked.
"I can't talk about the details of the vulnerability, but it was a Mac,
fully patched, with Safari, fully patched," said Miller Wednesday not
long after he had won the prize. "It probably took 5 or 10 seconds." He
confirmed that he had researched and written the exploit before he
arrived at the challenge.
The PWN2OWN rules stated that the researcher could provide a URL that
hosted his or her exploit, replicating the common hacker tactic of
enticing users to malicious sites where they are infected with malware.
"I gave them the link, they clicked on it, and that was it," said
Miller. "I did a few things to show that I had full control of the Mac."
Best Selling Security Books and More!