Subscribe to
Computerworld Laptop, complete with Vista attack code, listed on eBay
Pre-hacked machine a violation of PWN to OWN rules? Ebay's? April 1's?
Active Comments
 The Security Zone
With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones
|
April 1, 2008 (IDG News Service) The winner of a recent hacking contest is offering the computer he broke into for sale on eBay, possibly with the Microsoft Vista attack code he used intact.
In a Monday listing, Shane Macaulay is selling the Fujitsu U810 laptop he won last Friday during the CanSecWest PWN 2 OWN contest. His listing claims that exploit code could probably still be extracted from the machine. Although he make no guarantees, he wrote, "My successfull [sic] exploitation of Vista SP1 remotely, is most likely still present."
"This laptop is a good case study for any forensics group/company/individual that wants to prove how cool they are, and a live example, not canned of what a typical incident responce sitchiation [sic] would look like."
Starting bid? $0.01.
Macaulay, a researcher with the Security Objectives consultancy, claims that his Adobe Flash exploit will affect 90 percent of computers worldwide.
He was one of two hackers to claim laptops and cash prizes for penetrating systems during last week's contest. Organizers offered Vista, Mac OS, and Linux-based laptops for the taking, along with prizes that varied from $5,000 to $20,000, depending on the difficulty of the exploit. By Friday, however, only the Linux laptop remained unbreached.
Although he listed his laptop just hours before April 1, a date that is usually met with widespread Internet pranking, Macaulay said the listing is no joke. According to him, he's simply looking to see what an unpatched exploit might fetch in the open market."I figure this is a good way to see... [what] an exploit for something that only a limited amount of people know about, is worth," he said in an e-mail interview.
"The system was delivered to me as my prize. I'm free to use it as I see fit," he added.
One hacker who knows Macaulay said that the April 1 listing is "a bit coincidental," but that he may not be worried about forfeiting the $5,000 in prize money TippingPoint paid him for his hack. "He makes good money," said Marc Maiffret, an independent security researcher, in an instant message interview. "It's all just funny to him."
If he's not playing an April Fool's joke, Macaulay may be running afoul of both the PWN 2 OWN contest rules, which prohibit disclosure of bug information prior to a patch. He may also be violating eBay's user agreement, which say that users may not "distribute viruses or any other technologies that may harm eBay, or the interests or property of eBay users."
Macaulay had some funny answers when asked about these issues.
On the eBay terms of service problem, he said that he knew "some highups," at the company and was "confident, when I speak with eBay they will grant me a waiver."
And does TippingPoint know about what he's doing? "I believe at some level," he answered. "I'm sure things might change as the word percolates to the executives. Maybe I shouldn't have sold the [TippingPoint] bag with the laptop!!"
Reprinted with permission from
IDG.netStory copyright 2008 International Data Group. All rights reserved.
Today's Top Stories
Resource Alerts
Webcasts
Web Threats Don't Discriminate
The Secure Web Gateway. Mission Critical For Business
Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare
Editor's Picks
Clues point to Jan. 13 release of Windows 7 beta
Microsoft releases Vista SP2 beta
Obama's DHS pick may find support for raising H-1B cap at confirmation hearing
IBM wants info from Apple execs in Papermaster case
License server glitch exposes SonicWall users to e-mail security threats
Report: Former AOL chief exec tries to raise funds to buy Yahoo
 Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.New baits 
|
|
 |
|
Patrick Thibodeau: Satellite images of U.S military bases Which is more important? Helping terrorists or protecting military bases? Answer: protecting Web 2.0 ... [more] |
|
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
|
||||||
|
