By Robert McMillan
IDG News Service
Two well-known Mac hackers are updating a widely used hacking toolkit,
making it easier to take control of a Macintosh computer.
Over the past few days, the researchers have been quietly adding new
software to the Metasploit toolkit, used by security researchers and
criminals alike. Metasploit already supported Mac attacks, but until
recently the Mac code hadn't been as good as Metasploit's Windows and
Linux tools, said Dino Dai Zovi, an independent security researcher who
talked about the new tools with his collaborator Charlie Miller at the
CanSecWest conference Friday. "Our goal was to make Mac OS X a
first-class target for Metasploit."
Metasploit is an open-source toolkit that makes it easy for hackers to
launch a barrage of attacks against a computer system.
Miller and Dai Zovi earned fame in previous years for hacking Macintosh
computers at CanSecWest's annual Pwn2Own hacking contest. On Wednesday,
Miller, a researcher with Independent Security Evaluators, won US$5,000
and a Mac laptop by using a previously unknown Safari vulnerability to
hack into a Mac system.
The hack was done before contest organizers. In an interview, Miller
said he had hoped to demonstrate it before an audience at CanSecWest,
but was prevented from doing so because of Pwn2Own contest rules, which
prohibit public discussion of bugs exploited in the contest.
Best Selling Security Books and More!