{"id":908,"date":"2008-03-30T18:30:52","date_gmt":"2008-03-31T01:30:52","guid":{"rendered":"http:\/\/www.macnightowl.com\/?p=908"},"modified":"2008-03-31T09:13:49","modified_gmt":"2008-03-31T16:13:49","slug":"newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud","status":"publish","type":"post","link":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/","title":{"rendered":"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud"},"content":{"rendered":"

If you take those published reports at face value, the vaunted security of the Mac OS is just an illusion. During the annual Pwn2Own hacking contest this past week, someone easily exploited a supposedly unknown vulnerability in Apple’s Safari on a MacBook Air within a mere two minutes, earning a ten thousand dollar paycheck for his efforts.<\/p>\n

Now, because of a nondisclosure agreement, we don’t know just what vulnerability was present in Safari that was handled so easily, but it sounds to me like a put up job. If you believe the claim, the security flaw was so blatant that it was easily discovered, and that’s extremely unlikely.<\/p>\n

Consider that, on the first day of the contest, nobody could attack any of the test computers, running the Mac OS, Windows Vista, and Ubuntu Linux, remotely. Thus the original $20,000 prize went unclaimed. On day number two, the terms were relaxed, so the participants could actually work directly on the computers to locate and exploit possible vulnerabilities.<\/p>\n

Now that severely lessens the seriousness of the flaws, because it means that you are granted direct access to the computer you’re going to infect. That severely lessens the danger. No direct access, no exploit, at least under the terms of this contest.<\/p>\n

Although he’s not talking, I really doubt that security researcher Charlie Miller had a sudden flash of inspiration from upon high to access a hostile site in Safari and win his ten grand. No way could that possibly happen in a mere two minutes except by a divine or paranormal event. Instead, it’s clear to me that he had previously investigated possible flaws in Mac OS X and had discovered a security leak he could exploit on the spot when the time arrived.<\/p>\n

So call it a good sense of timing.<\/p>\n

Story continued in this week’s Tech Night Owl Newsletter.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

If you take those published reports at face value, the vaunted security of the Mac OS is just an illusion. During the annual Pwn2Own hacking contest this past week, someone easily exploited a supposedly unknown vulnerability in Apple’s Safari on a MacBook Air within a mere two minutes, earning a ten thousand dollar paycheck for […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1600,2697,156,176,2902,25,7639,6262,5816,8015],"class_list":["post-908","post","type-post","status-publish","format-standard","hentry","category-news","tag-face-value","tag-good-sense","tag-mac-os-windows","tag-mac-os-x","tag-mac-security","tag-night-owl","tag-nondisclosure-agreement","tag-security-leak","tag-test-computers","tag-ubuntu"],"yoast_head":"\nNewsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud - Gene Steinberg's Tech Night Owl<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud - Gene Steinberg's Tech Night Owl\" \/>\n<meta property=\"og:description\" content=\"If you take those published reports at face value, the vaunted security of the Mac OS is just an illusion. During the annual Pwn2Own hacking contest this past week, someone easily exploited a supposedly unknown vulnerability in Apple’s Safari on a MacBook Air within a mere two minutes, earning a ten thousand dollar paycheck for […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/\" \/>\n<meta property=\"og:site_name\" content=\"Gene Steinberg's Tech Night Owl\" \/>\n<meta property=\"article:published_time\" content=\"2008-03-31T01:30:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2008-03-31T16:13:49+00:00\" \/>\n<meta name=\"author\" content=\"Gene Steinberg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@technightowl\" \/>\n<meta name=\"twitter:site\" content=\"@technightowl\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Gene Steinberg\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/2008\\\/03\\\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/2008\\\/03\\\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\\\/\"},\"author\":{\"name\":\"Gene Steinberg\",\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/#\\\/schema\\\/person\\\/0fe9df12a34fed15d45e05db1c205e2a\"},\"headline\":\"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud\",\"datePublished\":\"2008-03-31T01:30:52+00:00\",\"dateModified\":\"2008-03-31T16:13:49+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/2008\\\/03\\\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\\\/\"},\"wordCount\":327,\"commentCount\":7,\"keywords\":[\"Face Value\",\"Good Sense\",\"Mac Os Windows\",\"Mac Os X\",\"Mac Security\",\"Night Owl\",\"Nondisclosure Agreement\",\"Security Leak\",\"Test Computers\",\"Ubuntu\"],\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/2008\\\/03\\\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/2008\\\/03\\\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\\\/\",\"url\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/2008\\\/03\\\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\\\/\",\"name\":\"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud - Gene Steinberg's Tech Night Owl\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/#website\"},\"datePublished\":\"2008-03-31T01:30:52+00:00\",\"dateModified\":\"2008-03-31T16:13:49+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/#\\\/schema\\\/person\\\/0fe9df12a34fed15d45e05db1c205e2a\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/2008\\\/03\\\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/2008\\\/03\\\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/2008\\\/03\\\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/\",\"name\":\"Gene Steinberg's Mac Radio Tech Blog\",\"description\":\"Tech Commentaries From Best-Selllng Author Gene Steinberg\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.technightowl.live\\\/blog\\\/#\\\/schema\\\/person\\\/0fe9df12a34fed15d45e05db1c205e2a\",\"name\":\"Gene Steinberg\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/24fa8d75c69c3030b03da85850df6d736f514f8393b61cc4ac158168b192df2e?s=96&r=r\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/24fa8d75c69c3030b03da85850df6d736f514f8393b61cc4ac158168b192df2e?s=96&r=r\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/24fa8d75c69c3030b03da85850df6d736f514f8393b61cc4ac158168b192df2e?s=96&r=r\",\"caption\":\"Gene Steinberg\"},\"sameAs\":[\"https:\\\/\\\/www.technightowl.live\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud - Gene Steinberg's Tech Night Owl","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/","og_locale":"en_US","og_type":"article","og_title":"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud - Gene Steinberg's Tech Night Owl","og_description":"If you take those published reports at face value, the vaunted security of the Mac OS is just an illusion. During the annual Pwn2Own hacking contest this past week, someone easily exploited a supposedly unknown vulnerability in Apple’s Safari on a MacBook Air within a mere two minutes, earning a ten thousand dollar paycheck for […]","og_url":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/","og_site_name":"Gene Steinberg's Tech Night Owl","article_published_time":"2008-03-31T01:30:52+00:00","article_modified_time":"2008-03-31T16:13:49+00:00","author":"Gene Steinberg","twitter_card":"summary_large_image","twitter_creator":"@technightowl","twitter_site":"@technightowl","twitter_misc":{"Written by":"Gene Steinberg","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/#article","isPartOf":{"@id":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/"},"author":{"name":"Gene Steinberg","@id":"https:\/\/www.technightowl.live\/blog\/#\/schema\/person\/0fe9df12a34fed15d45e05db1c205e2a"},"headline":"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud","datePublished":"2008-03-31T01:30:52+00:00","dateModified":"2008-03-31T16:13:49+00:00","mainEntityOfPage":{"@id":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/"},"wordCount":327,"commentCount":7,"keywords":["Face Value","Good Sense","Mac Os Windows","Mac Os X","Mac Security","Night Owl","Nondisclosure Agreement","Security Leak","Test Computers","Ubuntu"],"articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/","url":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/","name":"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud - Gene Steinberg's Tech Night Owl","isPartOf":{"@id":"https:\/\/www.technightowl.live\/blog\/#website"},"datePublished":"2008-03-31T01:30:52+00:00","dateModified":"2008-03-31T16:13:49+00:00","author":{"@id":"https:\/\/www.technightowl.live\/blog\/#\/schema\/person\/0fe9df12a34fed15d45e05db1c205e2a"},"breadcrumb":{"@id":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.technightowl.live\/blog\/2008\/03\/newsletter-435-preview-the-night-owl-examines-the-great-mac-security-fraud\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.technightowl.live\/blog\/"},{"@type":"ListItem","position":2,"name":"Newsletter #435 Preview: The Night Owl Examines the Great Mac Security Fraud"}]},{"@type":"WebSite","@id":"https:\/\/www.technightowl.live\/blog\/#website","url":"https:\/\/www.technightowl.live\/blog\/","name":"Gene Steinberg's Mac Radio Tech Blog","description":"Tech Commentaries From Best-Selllng Author Gene Steinberg","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.technightowl.live\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.technightowl.live\/blog\/#\/schema\/person\/0fe9df12a34fed15d45e05db1c205e2a","name":"Gene Steinberg","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/24fa8d75c69c3030b03da85850df6d736f514f8393b61cc4ac158168b192df2e?s=96&r=r","url":"https:\/\/secure.gravatar.com\/avatar\/24fa8d75c69c3030b03da85850df6d736f514f8393b61cc4ac158168b192df2e?s=96&r=r","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/24fa8d75c69c3030b03da85850df6d736f514f8393b61cc4ac158168b192df2e?s=96&r=r","caption":"Gene Steinberg"},"sameAs":["https:\/\/www.technightowl.live"]}]}},"_links":{"self":[{"href":"https:\/\/www.technightowl.live\/blog\/wp-json\/wp\/v2\/posts\/908","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.technightowl.live\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.technightowl.live\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.technightowl.live\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.technightowl.live\/blog\/wp-json\/wp\/v2\/comments?post=908"}],"version-history":[{"count":0,"href":"https:\/\/www.technightowl.live\/blog\/wp-json\/wp\/v2\/posts\/908\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.technightowl.live\/blog\/wp-json\/wp\/v2\/media?parent=908"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.technightowl.live\/blog\/wp-json\/wp\/v2\/categories?post=908"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.technightowl.live\/blog\/wp-json\/wp\/v2\/tags?post=908"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}