X

Flash flaw leads to Vista laptop's fall

The last day of the Pwn to Own contest at the CanSecWest conference saw a Windows Vista laptop taken down by a group of hackers who exploited a newly discovered flaw in Adobe's Flash.

Tom Krazit Former Staff writer, CNET News
Tom Krazit writes about the ever-expanding world of Google, as the most prominent company on the Internet defends its search juggernaut while expanding into nearly anything it thinks possible. He has previously written about Apple, the traditional PC industry, and chip companies. E-mail Tom.
Tom Krazit

It held out as long as possible, but a Windows Vista laptop fell to a determined bunch of hackers Friday evening at the Pwn to Own contest at CanSecWest.

Since it was the third day of the contest, which saw a MacBook Air get hacked on Thursday, the TippingPoint Zero Day Initiative relaxed the rules even further. On the first day of the contest, only the operating system could be targeted, but on the second day that was expanded to include standard applications. An undisclosed Safari flaw led to the MacBook Air's downfall.

TippingPoint's Aaron Portnoy, with Shane Macauley and Alexander Sotirov (left to right) take control of a Windows Vista laptop. TippingPoint

But on Friday, hackers could target any "popular" piece of application software that you might find on a system. The Fujitsu laptop, running Vista Ultimate, was compromised by a previously undiscovered flaw in Adobe's Flash software.

Shane Macaulay, Derek Callaway and Alexander Sotirov, were able to gain control of the laptop, which also means they get to keep it. However, since the rules had been relaxed, they only get $5,000; the MacBook Air winners collected $10,000.

The contest rules stipulated that any winner sign a nondisclosure agreement immediately after a successful hack, so that the nature of the flaw could be disclosed to the vendor. Once Adobe and Apple patch their flaws, the nature of the flaw will be disclosed.

A Sony Vaio laptop running Ubuntu remained unscathed at the end of the conference.