对David Maynor和Jon Ellch的公开挑战

当我玩扑克时,我偶尔会打赌或打电话给我预计会丢失的赌注有时这很简单彩池赔率- 这是一个数学上合理的远投注但有时候,我会因为我想看到对手的牌而丢掉赌注(当你赢得一手牌,因为其他人都已弃牌,这种情况经常发生,你不必出示你的牌。)

我的想法是,通过看到我的对手牌获得的知识比我期望输掉的赌注更有价值显然,这不是你想经常做的事情。

考虑到这一点,我向David Maynor和Jon Ellch发出以下挑战:

如果你可以开箱即用劫持全新的MacBook,那就是你的。

规定:

  1. We’ll meet at an Apple store — or other reseller of Mac hardware — convenient to youIf the location is not convenient for me, I may choose to be represented by one or more trusted readers of 万博manbetx贴吧.

  2. 我将购买一台新的MacBook。

  3. We’ll proceed to an agreed-upon location for the hijacking to take place.

  4. The hijacking will be videotaped, including the display of the MacBookThe technical details of the hijacking itself, including the network traffic, will not be examined or recorded. I.enothing will be revealed about how the hijacking is performed, only that it can be done(I offer this stipulation not because I wouldn’t want to know the details — I very much would — but because this sort of “we don’t want to reveal how it works” thinking is clearly the only possible explanation for Maynor and Ellch’s continued silence on the issue, if they in fact have discovered such an exploit.)

  5. I will open the MacBook and proceed through the initial first-run configurationThe initial administrator user account will be the only user account on the machine.

  6. I believe AirPort is turned on by default, but if it isn’t, I’ll turn it on using the system-wide AirPort menu.

  7. I will not otherwise diddle with the default network and firewall settings of the MacBook.

  8. If prompted to join an available Wi-Fi network, I will refuse. I.eAirPort will be turned on, but the attack can’t be based on the assumption that the user is willing to join an untrusted network created by the attacking machine, or that the MacBook’s Wi-Fi settings have been changed from their defaults to allow joining new networks without asking.

  9. No additional hardware or software will be installed on the machineAt no point before the contest has been decided do you, the challengers, get to physically touch the machine.

  10. 我将在MacBook的桌面上创建一个文件This file will be created with the default ownership and file permissions — read and write access for the current user, read-only access for the group and world.

  11. If you delete this file within one hour, you win the challenge, and the MacBook is yours to keep.

  12. 如果你delete the file within one hour, you pay me the full retail price of the MacBook.

  13. If you can crash the machine or crash the current login session, we’ll call it a drawI keep the MacBook, and you don’t have to pay for it.

  14. If the offer is not accepted by September 8, 2006, it will be rescinded.


至于之前对扑克的类比,我不是傻子一世期望失去这个特定的赌注 - 但我也不希望赢得它我希望被忽略我不认为Maynor和Ellch在默认的MacBook AirPort卡和驱动程序中发现了这样的漏洞,所以,如果我是对的,他们肯定不会接受这个挑战我认为他们发现的东西 - 如果他们实际上发现了任何有用的东西 - 是一个of potential Wi-Fi-based exploit, which they demonstrated on a rigged MacBook to generate publicity at the expense of the Mac’s renowned reputation for security, but that they have not found an actual exploit based on this technique that works against the MacBook’s built-in AirPort.

如果我错了,他们发现这样的漏洞,他们可能会也可能不会选择接受这一挑战但是,如果他们能赢,他们只会接受。

归结为这一点如果我错了,那么知道MacBook用户实际上有风险是值1099美元如果我是对的,有人需要打电话给Maynor和Ellch。