Focus on Apple
PWN to OWN at CanSecWest Mar 29 2007 12:45AM
mfossi securityfocus com (1 replies)
RE: PWN to OWN at CanSecWest Mar 29 2007 12:02PM
Don Rhodes (drhodes mail colgate edu) (1 replies)
Re: PWN to OWN at CanSecWest Mar 29 2007 04:31PM
Dave Schroeder (das doit wisc edu) (2 replies)
Re: PWN to OWN at CanSecWest Mar 29 2007 09:53PM
Dragos Ruiu (dr kyx net) (1 replies)
On Thursday 29 March 2007 08:31, Dave Schroeder wrote:
> Since this was very high profile and open to anyone on the internet
> as opposed to just one conference (and raised the ire of a lot of the
> people who think that any positive statement about Mac OS X makes you
> a "fanboy"), I doubt there are any *remote* exploits for stock Mac OS
> X systee ems. I'll acknowledge that there could be still-unknown,
> unpublished remote exploits for various services, but the real danger
> would come from a remote attack against a stock configuration, as-is,
> since that is how the vast majority of Mac OS X systems are configured.

We'll see :).

> I'll qualify that with this: they did say the rules would be
> "progressive", and I take that to mean that they'll perhaps be doing
> something like enabling more services or removing barriers as time
> goes on. Certainly there could be a vulnerability in a service that
> ships with Mac OS X. Personally, I have my eye on Bonjour, especially
> since mDNSResponder runs as root...

By "progressive" we mean:

First day you have to go in over ethernet or wifi.
On the first box default user compromise is enough. You'll
need priviledge escalation and a root compromise for the second one.
The victory conditions are to scp a specific file on the disk using the
preshared key stored there to a server,

If they last to the second day... then the second day brings browser
bugs into scope. Safari will be set up to scrape a wiki page every
five minutes or so (and to follow a changeable link there).

The last day will bring in mail.app polls and three pane preview, and
allow physical connections to the boxes... this will probably be only USB,
as Firewire is TOO easy :).

We are not going to denature any security, and make this easier, but
we will expand the attack surface by bringing in typical user activities.

We'll try to post the detailed rules in the next two weeks.

cheers,
--dr

--
World Security Pros. Cutting Edge Training, Tools, and Techniques
Vancouver, Canada April 18-20 - 2007 http://cansecwest.com
pgpkey http://dragos.com/ kyxpgp

[ reply ]
Re: PWN to OWN at CanSecWest Mar 29 2007 10:10PM
Dave Schroeder (das doit wisc edu)
Re: PWN to OWN at CanSecWest Mar 29 2007 09:40PM
matthew patton (pattonme yahoo com) (2 replies)
Re: PWN to OWN at CanSecWest Mar 30 2007 12:33PM
Jeramey Valley (ValleyJR mps k12 mi us)
Re: PWN to OWN at CanSecWest Mar 29 2007 10:49PM
Eric Hall (securityfocus darkart com) (1 replies)
Re: PWN to OWN at CanSecWest Mar 29 2007 10:00PM
John Smith (genericjohnsmith gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus