ARN

EBay yanks sale of laptop with Vista attack code

EBay has yanked a listing offering a Vista laptop, complete with 0day attack code.

Shane Macaulay's attempt to sell a hacked laptop complete with Windows Vista attack code did not last long.

EBay pulled the listing within hours of its appearance Monday, saying that it could have harmed users. "You can't sell anything that would do harm," said a spokeswoman for eBay's public relations agency.

The company removed the listing between 11 p.m. Monday and 12:30 a.m. Tuesday, Pacific Time, after eBay employees noticed the post. "It was the wording of the listing that caught the attention of the trust and safety experts who monitor the site," the spokeswoman said.

Macaulay won last week's PWN 2 OWN hacking contest at the CanSecWest conference in Vancouver. He had offered the laptop he broke into for sale, claiming that his exploit code could probably still be extracted from the machine.

"This laptop is a good case study for any forensics group/company/individual that wants to prove how cool they are, and a live example, not canned of what a typical incident responce sitchiation [sic] would look like," his listing stated.

Although the laptop was listed on eBay just before April 1, a traditional day of Internet pranks, Macaulay insisted it was legitimate.

Macaulay, a researcher with the Security Objectives consultancy, was one of two hackers to claim laptops and cash prizes for penetrating systems during last week's contest. Organizers offered Vista, Mac OS and Linux-based laptops for the taking, along with prizes that varied from US$5,000 to US$20,000, depending on the difficulty of the exploit. By Friday, however, only the Linux laptop remained unbreached.

Though the laptop he hacked runs Vista, Macaulay claimed that his Adobe Flash Player exploit will affect 90 percent of computers worldwide. He won a US$5,000 cash prize, courtesy of 3Com's TippingPoint division, and the Fujitsu U810 laptop he had hacked into for his work.

Had Macaulay been able to sell his laptop before Adobe patched the issue, he would have violated his contract with TippingPoint, said Terri Forslof, the company's manager of security response. "We would have disqualified him from the program," she said.

The laptop had not been hit with any other attack code during the course of the contest, she added. "He was the only person who tried," she said.

Come socialise with us! Facebook | LinkedIn

More about: 3Com, 3Com, Adobe, eBay, Fujitsu, Linux, TippingPoint, TippingPoint
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
ARN Directory | Distributors relevant to this article
ACA Pacific , Annuity Systems , ASI Solutions , Bluechip Infotech , Distribution Central , Express Data , Express Online , Firewall Systems , Leader Computers , Multimedia Technology , Scholastic , T Data , Topstar Computer International , Proscan Australia
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/transition-systems-australia/2010-12-09_354_polycom
Transition Systems Australia

Polycom

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.