Shane Macaulay's attempt to sell a hacked laptop complete with Windows Vista attack code did not last long.
eBay pulled the listing within hours of its appearance Monday, saying that it could have harmed users. "You can't sell anything that would do harm," said a spokeswoman for eBay's public relations agency.
The company removed the listing between 11 p.m. Monday and 12:30 a.m. Tuesday, Pacific Time, after eBay employees noticed the post. "It was the wording of the listing that caught the attention of the trust and safety experts who monitor the site," the spokeswoman said.
Macaulay won last week's PWN 2 OWN hacking contest at the CanSecWest conference in Vancouver. He had offered the laptop he broke into for sale, claiming that his exploit code could probably still be extracted from the machine.
"This laptop is a good case study for any forensics group/company/individual that wants to prove how cool they are, and a live example, not canned of what a typical incident responce sitchiation [sic] would look like," his listing stated.
Although the laptop was listed on eBay just before April 1, a traditional day of Internet pranks, Macaulay insisted it was legitimate.
Macaulay, a researcher with the Security Objectives consultancy, was one of two hackers to claim laptops and cash prizes for penetrating systems during last week's contest. Organizers offered Vista, Mac OS, and Linux-based laptops for the taking, along with prizes that varied from $5,000 to $20,000, depending on the difficulty of the exploit. By Friday, however, only the Linux laptop remained unbreached.
Though the laptop he hacked runs Vista, Macaulay claimed that his Adobe Flash Player exploit will affect 90 percent of computers worldwide. He won a $5,000 cash prize, courtesy of 3Com's TippingPoint division, and the Fujitsu U810 laptop he had hacked into for his work.
Had Macaulay been able to sell his laptop before Adobe patched the issue, he would have violated his contract with TippingPoint, said Terri Forslof, the company's manager of security response. "We would have disqualified him from the program," she said.
The laptop had not been hit with any other attack code during the course of the contest, she added. "He was the only person who tried," she said.
Get the independent advice and expertise you need to support a virtual workforce.
The increase in Linux popularity has increased the frequency and sophistication of malware attacks. Read this 2 page white paper now to learn how you can protect your Linux environment with real-time protection that is certified by all major Linux vendors.
Download now »Ensuring acceptable application delivery will become even more difficult over the next few years. As a result, IT organizations need to ensure that the approach that they take to resolving the current application delivery challenges can scale to support the emerging challenges. This handbook elaborates on the key tasks associated with planning, optimization, management and control and provides decision criteria to help IT organizations choose appropriate solutions.
Download now »A common misconception is that mid-range storage requirements are dramatically different than that of a larger enterprise. Mid-range storage users may require less capacity, but they have similar functionality and management requirements. This ESG paper examines mid-range storage needs and reviews a new solution that adjusts size while retaining value, performance and functionality.
Download now »
