Thursday, March 19, 2009

Metasploit3 Update - "Tons of new Mac OS X code from Dino Dai Zovi and Charlie Miller, more to follow "

| Brett D. Arion |
Seems the Metasploit team are adding Mac OS as a true target for Metasploit. Charlie Miller and Dino Dai Zovi showed off the new code at the CanSecWest conference where they reportedly they demonstrated one tool called "pic the vic" where they can actually take a picture of the victim with thier own camera. Now if that isn't cool...can you image getting a snapshot of Steve Jobs in his jammies? Check out the changeset page to see the details. According to the README: "These payloads are from "The Mac Hacker's Handbook" by Charlie Miller and Dino Dai Zovi (Wiley 2009)."

In additon, to showing off the new parts of Metasploit, it seems that Charlie Miller got a little bonus of $5000 and the MacBook that he hacked just minutes into the PWN2OWN contest. Seems this is the second year in a row that Charlie has done this...Way To Go Charlie!!!! Unfortunately Tippingpoint, one of the CanSecWest sponsors, asks the contestants to sign an NDA keeping them from publicly disclosing any vulnerabilities used in the contest. This is so Tippingpoint can then turn the vulnerabilities over to the vendors for patching before they go public.

Happy hunting.....be sure to post any shots from "pic the vic" for all to see....

Free Security Magazines