EBay yanks sale of laptop with Vista attack code
Shane Macaulay's attempt
to sell a hacked laptop complete with Windows Vista attack code did not
last long.
EBay pulled the listing within hours of its appearance Monday, saying that
it could have harmed users. "You can't sell anything that would do harm,"
said a spokeswoman for eBay's public relations agency.
The company removed the listing between 11 p.m. Monday and 12:30 a.m. Tuesday,
Pacific Time, after eBay employees noticed the post. "It was the wording
of the listing that caught the attention of the trust and safety experts who
monitor the site," the spokeswoman said.
Macaulay won last week's PWN
2 OWN hacking contest at the CanSecWest conference in Vancouver. He had
offered the laptop he broke into for sale, claiming that his exploit code could
probably still be extracted from the machine.
"This laptop is a good case study for any forensics group/company/individual
that wants to prove how cool they are, and a live example, not canned of what
a typical incident responce sitchiation [sic] would look like," his listing
stated.
Although the laptop was listed on eBay just before April 1, a traditional day
of Internet pranks, Macaulay insisted it was legitimate.
Macaulay, a researcher with the Security Objectives consultancy, was one of
two hackers to claim laptops and cash prizes for penetrating systems during
last week's contest. Organizers offered Vista, Mac OS and Linux-based laptops
for the taking, along with prizes that varied from US$5,000 to $20,000, depending
on the difficulty of the exploit. By Friday, however, only the Linux laptop
remained unbreached.
Though the laptop he hacked runs Vista, Macaulay claimed that his Adobe Flash
Player exploit will affect 90 percent of computers worldwide. He won a $5,000
cash prize, courtesy of 3Com's TippingPoint division, and the Fujitsu U810 laptop
he had hacked into for his work.
Had Macaulay been able to sell his laptop before Adobe patched the issue, he
would have violated his contract with TippingPoint, said Terri Forslof, the
company's manager of security response. "We would have disqualified him
from the program," she said.
The laptop had not been hit with any other attack code during the course of
the contest, she added. "He was the only person who tried," she said.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
