Shane Macaulay's attempt to sell a hacked laptop complete with Windows Vista attack code did not last long.
eBay pulled the listing within hours of its appearance Monday, saying that it could have harmed users. "You can't sell anything that would do harm," said a spokeswoman for eBay's public relations agency.
The company removed the listing between 11 p.m. Monday and 12:30 a.m. Tuesday, Pacific Time, after eBay employees noticed the post. "It was the wording of the listing that caught the attention of the trust and safety experts who monitor the site," the spokeswoman said.
Macaulay won last week's PWN 2 OWN hacking contest at the CanSecWest conference in Vancouver. He had offered the laptop he broke into for sale, claiming that his exploit code could probably still be extracted from the machine.
"This laptop is a good case study for any forensics group/company/individual that wants to prove how cool they are, and a live example, not canned of what a typical incident responce sitchiation [sic] would look like," his listing stated.
Although the laptop was listed on eBay just before April 1, a traditional day of Internet pranks, Macaulay insisted it was legitimate.
Macaulay, a researcher with the Security Objectives consultancy, was one of two hackers to claim laptops and cash prizes for penetrating systems during last week's contest. Organizers offered Vista, Mac OS, and Linux-based laptops for the taking, along with prizes that varied from $5,000 to $20,000, depending on the difficulty of the exploit. By Friday, however, only the Linux laptop remained unbreached.
Though the laptop he hacked runs Vista, Macaulay claimed that his Adobe Flash Player exploit will affect 90 percent of computers worldwide. He won a $5,000 cash prize, courtesy of 3Com's TippingPoint division, and the Fujitsu U810 laptop he had hacked into for his work.
Had Macaulay been able to sell his laptop before Adobe patched the issue, he would have violated his contract with TippingPoint, said Terri Forslof, the company's manager of security response. "We would have disqualified him from the program," she said.
The laptop had not been hit with any other attack code during the course of the contest, she added. "He was the only person who tried," she said.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Platforms Resource Alerts
Recommend This
