Semi-Crappy IDG News Service Story on the CanSecWest Hack Contest

A lot of crap, not much more additional information in this story by Nancy Gohring:

Initially, contestants were invited to try to access one of two Macs through a wireless access point while the Macs had no programs running. No attackers managed to do so, and so conference organizers allowed participants to try to get in through the browser by sending URLs via e-mail. …

The URL opened a blank page but exposed a vulnerability in input handling in Safari, Comeau said.

My money is still on an exploit against “Open ‘Safe’ Files”, but it’s impossible to say from any of the descriptions thus far. Update: A good source says it’s not “Open ‘Safe’ Files”.

One reason Macs haven’t been much of a target for hackers is that there are fewer to attack, said Terri Forslof, manager of security response for TippingPoint. “It’s an incentive issue. The Mac is not as widely deployed of a platform as say Windows,” she said. In this case, the cash may have provided motivation.

I like the “as say Windows” part. As opposed to what other operating system other than Windows that has a larger user base than Mac OS X?

Also, Apple is “extremely litigious when people do find stuff,” noted Theo de Raadt, OpenBSD project leader and an attendee at the conference.

Yes, that’s right, find a bug in Mac OS X and Apple will sue you.

Friday, 20 April 2007