The ninth annual CanSecWest conference held, at the Mariott Renaissance Harbourside hotel in downtown Vancouver, British Columbia kicked off on March 26, offering a $10,000 reward for anyone hacking the new macbook air with an original zeroday attack. The Prize (put up by TippingPoint, the security division of networking giant 3Com) did not stand for long, being claimed within the first 2 minutes of the conference opening.
Well known security researcher Shane Macaulay claimed the prize, but it is believed Dino Dai Zovi was the real creater of the attack, and that he and Macaulay had some sort of deal over the competition entry. Dino Dai Zovi, has a strong track record with exposing flaws in Apple, Windows and other Networking software, having previously and somewhat famously exposed flaws in Safari and Quicktime.
While neither Shane Macaulay, Dino Dai Zovi made any statements about whether mac or pc were more secure (and both are users of both Macbooks and pc’s) they have previously been on record as saying that Mac are not as immune to attacks as many of their users may like to believe.
The 2 other note books, a sony vaio and a Fujitsu U810 were not successfully hacked during the expo and remained unclaimed.
A zero day attack is defined as an computer threat that tries to exploit unknown, undisclosed or unpatched vulnerabilities in a computer application.
The flaw in Safari, that was exploited during the expo was actually in the way QuickTime handles Java. This threatens everyone running the Mac OS X and may even expose pc users running Safari and quicktime. It is expected that a patch to protect users from this flaw will be released soon.