Linked by Thom Holwerda on Thu 3rd Apr 2008 19:59 UTC, submitted by daedalus8
Privacy, Security, Encryption People shouldn't read anything into the fact that of the three laptops set up for last week's 'PWN to OWN' hack challenge, the only one left standing was running Linux, said the security expert who oversaw the contest. "There was just no interest in Ubuntu," said Terri Forslof, manager of security response at 3Com Corp.'s TippingPoint subsidiary, which put up the cash prizes awarded at the contest last week at CanSecWest. "A contest such as this is not a measure of relative security between operating systems. It's not an accurate barometer."
Order by: Score:
Nobody is interested in money?
by Bitterman on Thu 3rd Apr 2008 20:10 UTC
Bitterman
Member since:
2005-07-06

I thought they got paid 20k if any of the machines got cracked the first day. I guess hackers dont like money enough to crack ubuntu.

Reply Score: 20

Comment by eekee
by eekee on Thu 3rd Apr 2008 20:14 UTC
eekee
Member since:
2007-12-17

Ten thousand, and the idea that people would pass up $10k just because they couldn't be bothered to try is nuts!

Reply Score: 12

RE: Comment by eekee
by Don T. Bothers on Thu 3rd Apr 2008 20:24 UTC in reply to "Comment by eekee"
Don T. Bothers Member since:
2006-03-15

"Ten thousand, and the idea that people would pass up $10k just because they couldn't be bothered to try is nuts!"

Maybe people can only enter one competition and the full details of the exploit are not publicized until after the competition. What I got from the article was that there were tons of talented people who were working on breaking Windows and MacOS while only a few people entered to hack Ubuntu. After all, it seems that it was a Flash exploit that is already confirmed to work on Linux that took Windows down.

Reply Score: 8

RE[2]: Comment by eekee
by Shkaba on Thu 3rd Apr 2008 20:32 UTC in reply to "RE: Comment by eekee"
Shkaba Member since:
2006-06-22

Surely then one would use the same exploit to get additional $5k

Reply Score: 9

RE[3]: Comment by eekee
by mat69 on Thu 3rd Apr 2008 22:29 UTC in reply to "RE[2]: Comment by eekee"
mat69 Member since:
2006-03-29

No one wouldn't, because it is against the rules:
http://cansecwest.com/post/2008-03-20.21:33:00.CanSecWest_PWN2OWN_2...

Reply Score: 5

RE[3]: Comment by eekee - "known" clause
by jabbotts on Fri 4th Apr 2008 12:36 UTC in reply to "RE[2]: Comment by eekee"
jabbotts Member since:
2007-09-06

I think using the same exploit would be blocked by the "known" clause. You've already popped a machine through Flash demonstraiting the exploit and it is the same exploit that would be used across the platforms. You would have to find a different exploit to pop the second machine.

Reply Score: 3

Comment by anomie
by anomie on Thu 3rd Apr 2008 20:34 UTC
anomie
Member since:
2007-02-26

"It was actually a lack of interest" on the part of the PWN to OWN contestants, Forslof said. "[Shane Macaulay's] exploit would have worked on Linux. He could have knocked it over. But [the contestants] get a lot more mileage out of attacks on the Mac or Windows," she continued.


IMO, an extension of this statement/logic is that you get the most mileage out of the most widely used OS. Therefore:
* You get the most mileage out of a Windows attack.
* You get the next most mileage out of a Mac OS X attack.
* You get the next most mileage out of an Ubuntu attack.

The results don't reflect that, though. The Mac was pwned first, and the Vista box second. Ubuntu didn't get cracked, in spite of incentives to do so ($$).

I'm not sure exactly what this means, and it's certainly possible Ubuntu could have been cracked just as easily as Vista, but the quoted "explanation" seems shaky to me.

Reply Score: 10

RE: Comment by anomie
by hobgoblin on Thu 3rd Apr 2008 22:27 UTC in reply to "Comment by anomie"
hobgoblin Member since:
2005-07-06

one reason for the mac going first could be in the way the contest was set up.

day 1, only the os and base apps, with latest patches applied. only remote attacks allowed (open ports and that kind of stuff). here none got hacked.

day 2, user assisted attacks, like a email or web page being opened. here osx got hacked via safari.

day 3, popular apps and similar added to the day 2 requirements. here vista got hacked via flash.

the impression i have was that they could have taken ubuntu at day 3, but vista was a easier target. low hanging fruit and all that...

Reply Score: 6

RE[2]: Comment by anomie
by jlarocco on Fri 4th Apr 2008 01:38 UTC in reply to "RE: Comment by anomie"
jlarocco Member since:
2005-09-14

Am I the only person who doesn't get the point of stages 2 and 3?

They seem to depend on the user doing stupid things. If you're counting on the user being stupid, it doesn't matter which OS you go for.

Reply Score: 3

RE[3]: Comment by anomie
by PlatformAgnostic on Fri 4th Apr 2008 05:49 UTC in reply to "RE[2]: Comment by anomie"
PlatformAgnostic Member since:
2006-01-02

It's not that stupid to click on a link, or to have Flash installed. The link might come from a blog comment or an email. The SWF file might come in an advertisement or off of an innocent-looking link.

Application bugs can be real security vulnerabilities, just like OS bugs. Especially when the application is extremely widespread, like Safari or Flash.

Reply Score: 5

RE: Comment by anomie
by bousozoku on Thu 3rd Apr 2008 22:41 UTC in reply to "Comment by anomie"
bousozoku Member since:
2006-01-23

""It was actually a lack of interest" on the part of the PWN to OWN contestants, Forslof said. "[Shane Macaulay's] exploit would have worked on Linux. He could have knocked it over. But [the contestants] get a lot more mileage out of attacks on the Mac or Windows," she continued.


IMO, an extension of this statement/logic is that you get the most mileage out of the most widely used OS. Therefore:
* You get the most mileage out of a Windows attack.
* You get the next most mileage out of a Mac OS X attack.
* You get the next most mileage out of an Ubuntu attack.

The results don't reflect that, though. The Mac was pwned first, and the Vista box second. Ubuntu didn't get cracked, in spite of incentives to do so ($$).

I'm not sure exactly what this means, and it's certainly possible Ubuntu could have been cracked just as easily as Vista, but the quoted "explanation" seems shaky to me.
"

You may not get the most out of attacking Mac OS X first but you shock the fanatics and really upset them once you're successful. It's worth more than money.

It's likely that there was some pride involved in not attacking the Ubuntu machine.

Reply Score: 3

RE[2]: Comment by anomie
by evangs on Fri 4th Apr 2008 07:05 UTC in reply to "RE: Comment by anomie"
evangs Member since:
2005-07-07

It's not even about the money, being one of the few people who can claim to have hacked OS X does a lot to boost your acclaim.

Reply Score: 3

RE[2]: Comment by anomie
by miles on Fri 4th Apr 2008 18:34 UTC in reply to "RE: Comment by anomie"
miles Member since:
2006-06-15

You may not get the most out of attacking Mac OS X first but you shock the fanatics and really upset them once you're successful. It's worth more than money.

It's likely that there was some pride involved in not attacking the Ubuntu machine.


Since the flaws found in any of the OS would be forwarded for a fix, I'd say every Linux-loving person would want to hack the Ubuntu machine to improve the OS. Especially if at the same time you can slap Adobe in the face for endangering Linux's security with a badly coded Flash (and Flash _is_ really an eyesore for every Linux user).

I'd also say that nobody's really going to get a rep cracking Visa (right or wrong, it's Windows' reputation that even a newbie can crack it by following a few simple explanations). And you'd make more money by cracking Ubuntu, getting the cash and the pride, then selling whatever cracks you have for Vista).

And am I the only one not believing that even without the Flash crack there would be many other options to crack Windows or Ubuntu? Only thing we now it that nobody was able to crack the Ubuntu machine for the rest of the day.

Or were there only two decent hackers, and the other ones were there just for show?

Edited 2008-04-04 18:35 UTC

Reply Score: 1

Linux Advantage
by shiva on Thu 3rd Apr 2008 20:35 UTC
shiva
Member since:
2007-01-24

No interest of hackers for me it is a clear linux advantage and it is the resaon why I use linux as desktop.

Also Linux is not a main target because its users are "smarter" (in mean sense) than windows and mac users. They don't use a login with administrator privileges nor use flawed products as Internet Explorer, Outlook, ActiveX, etc.

Reply Score: 9

RE: Linux Advantage
by macUser on Fri 4th Apr 2008 00:16 UTC in reply to "Linux Advantage"
macUser Member since:
2006-12-15

No interest of hackers for me it is a clear linux advantage and it is the resaon why I use linux as desktop.

Also Linux is not a main target because its users are "smarter" (in mean sense) than windows and mac users. They don't use a login with administrator privileges nor use flawed products as Internet Explorer, Outlook, ActiveX, etc.


Whew, it's a good thing to know that I'm not a Mac user because I use a staff account rather than an admin account on all of my machines. Oh wait, I am a Mac user... What the hell am I thinking! I'm supposed to be some sort of elitist knuckle dragger.

Sorry to blow your "theory."

Reply Score: 3

RE[2]: Linux Advantage
by japh on Fri 4th Apr 2008 07:50 UTC in reply to "RE: Linux Advantage"
japh Member since:
2005-11-11

Sorry to blow your "theory."


You didn't. On average, he's right. People who use Linux often do it because of an interest in computers. That makes them "smarter" when it comes to knowing what you should and shouldn't do with computers.

It doesn't mean people who use Macs are less smart, but they probably focus less on computers than the people using Linux.

Reply Score: 3

RE[3]: Linux Advantage
by protagonist on Fri 4th Apr 2008 18:32 UTC in reply to "RE[2]: Linux Advantage"
protagonist Member since:
2005-07-06

By extending your logic I must be smarter about computers than you are because I use BSD quite a bit. :-)

I love all this snobbery about user X must be smarter about computers than user Y because Y uses such and such OS. Or the average user of one OS is more savvy than those who use another. Come on people, get over it. There are a lot of computer smart people who use Windows and OS X.

Anyway, as for the article, I have to say I doubt the explanation as to why Linux was not targeted. When money is involved you go for the easy mark first. Could it have been compromised, quite possibly but the fact that it wasn't tells me the contestants felt it would be the hardest to crack. Now if they really want to have fun at the next one why don't they throw in a BSD system?

Reply Score: 2

RE[4]: Linux Advantage
by miles on Fri 4th Apr 2008 18:38 UTC in reply to "RE[3]: Linux Advantage"
miles Member since:
2006-06-15

Now if they really want to have fun at the next one why don't they throw in a BSD system?


That would be sweet. Then there would really be some competition.

Even though I'm a Linux user, I'd love to see Linux cracked in one of those contests to boost distro's attention towards providing an iron system by default.

Reply Score: 1

RE[3]: Linux Advantage
by macUser on Fri 4th Apr 2008 19:01 UTC in reply to "RE[2]: Linux Advantage"
macUser Member since:
2006-12-15

"Sorry to blow your "theory."


You didn't. On average, he's right. People who use Linux often do it because of an interest in computers. That makes them "smarter" when it comes to knowing what you should and shouldn't do with computers.

It doesn't mean people who use Macs are less smart, but they probably focus less on computers than the people using Linux.
"
I was just really being a smart ass, but I do know quite a few Mac users that don't run as admin. You linux guys have better beware though... If linux does start to catch the interest of Mom and Pop/novice users for desktop use, you're "smartness" is going to suddenly find itself at the level of us knuckle-draggers...

Reply Score: 2

RE: Linux Advantage - obscurity
by jabbotts on Fri 4th Apr 2008 12:40 UTC in reply to "Linux Advantage"
jabbotts Member since:
2007-09-06

I wouldn't recommend not placing too much trust in obscurity or market share. It tends to be the responsiveness of the developers and the higher average user knowledge that help Posix like OS. Vulnerabilities tend to be configuring issues.

Obscurity is only of use to the attacker who has to eventually evade and escape. The defender has to be able to shine a spotlight on themself and still not be movable.

If you have something someone wants, they'll target whatever platform your using.

Reply Score: 2

CanSecWest
by Clinton on Thu 3rd Apr 2008 20:43 UTC
Clinton
Member since:
2005-07-05

If what I'm supposed to walk away with is that Vista is not worse than Linux in the security department because there just wasn't any interest in hacking Ubuntu, then can I assume that OS X is not worse than Vista or Linux in the security department either, but simply that it is the most popular OS?

OK.

Reply Score: 7

This is a very particular perspective
by Dasher42 on Thu 3rd Apr 2008 20:50 UTC
Dasher42
Member since:
2007-04-05

Linux ignored, not immune?

The kind of hacker that wants to subvert a desktop, or phish from its user, would say just this. Keep this in context. When it comes to servers, Linux is very high profile and you will not see such things stated there.

Bite-size headlines like these can be so deceiving.

Reply Score: 5

PlatformAgnostic Member since:
2006-01-02

If you want to own a linux server, you attack php or apache. I don't think that was part of the config here (otherwise it would have been a dumb contest: two desktops versus one server). I've personally seen a linux server run by a friend (who misconfigured it) get taken over and used as a remote proxy. People target linux servers all the time.

Reply Score: 3

Consider the source
by shdriesner on Thu 3rd Apr 2008 20:58 UTC
shdriesner
Member since:
2008-04-03

I'd chalk this article under FUD. Think about it: The Vista supporters can't claim they didn't get hacked, so they have to find some other way to make the winner (Ubuntu, i.e. Linux, of the cancerous GPL license, blah blah blah) look less impenetrable. They can laugh at Apple for having been hacked first, but they still have a black eye.

The results of the CanSecWest contest definitely made the major news, because my mother-in-law (who knows very little about computers, but knows I run Linux at home) heard about it over the radio and gave me a call.
In her words: "You've been saying all along that Linux is more secure, but it's interesting to have it proven out in a real contest."

Regardless of whether Ubuntu could have been hacked, it wasn't. That still means something, no matter how much FUD you throw at it.

Reply Score: 10

RE: Consider the source
by japh on Fri 4th Apr 2008 07:53 UTC in reply to "Consider the source"
japh Member since:
2005-11-11

The Vista supporters can't claim they didn't get hacked, so they have to find some other way to make the winner (Ubuntu, i.e. Linux, of the cancerous GPL license, blah blah blah) look less impenetrable.


It used to be "If Linux had the same number of users, you'd see the same amount of holes as in XP".
I always enjoyed asking them if the new security features in Vista was pointless then, because once it would be as widely used as XP, by the same logic, it should have the same problems. ;)

Reply Score: 3

Not that it matters, but...
by wannabe geek on Thu 3rd Apr 2008 21:05 UTC
wannabe geek
Member since:
2006-09-27

"Prior to joining TippingPoint, Terri was a Security Program Manager for the Microsoft Security Response Center, focused on driving the resolution of security vulnerabilities within Microsoft products."

http://dvlabs.tippingpoint.com/team/tforslof

Reply Score: 12

RE: Not that it matters, but...
by shdriesner on Thu 3rd Apr 2008 21:20 UTC in reply to "Not that it matters, but..."
shdriesner Member since:
2008-04-03

This at least explains why the vast majority of the second page is spent talking about how hard it was to hack Vista SP1. It is also interesting that there was no laptop submitted containing Windows XP with SP2/3...maybe they knew that would be too easy...

Reply Score: 5

jabbotts Member since:
2007-09-06

A security professional who worked in information security before his current job in information security? Say it isn't so!! What is this world coming too?


(hehe.. I couldn't resist)

Reply Score: 2

v So ...
by autumnlover on Thu 3rd Apr 2008 21:08 UTC
RE: So ...
by earlycj5 on Thu 3rd Apr 2008 21:33 UTC in reply to "So ..."
earlycj5 Member since:
2007-04-12

The normal firewall and Clamav. Why?

Reply Score: 3

RE: So ... - firewall is built in, AV protects guests
by jabbotts on Fri 4th Apr 2008 12:45 UTC in reply to "So ..."
jabbotts Member since:
2007-09-06

The firewall is built into the kernel and I run ClamAV to protect any Windows machines I may have to interact with.

What AV and Firewall are you running?

Reply Score: 2

RE: So ...
by WereCatf on Fri 4th Apr 2008 13:00 UTC in reply to "So ..."
WereCatf Member since:
2006-02-15

... what firewall and antivirus software are you using on your Linux boxes ? ;-)

Hmm. I am not running any firewall or antivirus software on any of my Linux boxes :O

Reply Score: 2

Egos going on the rampage
by SlackerJack on Thu 3rd Apr 2008 21:13 UTC
SlackerJack
Member since:
2005-11-12

I think the three OS's and others have steeled hackers thunder, if thats the best they can do then we are safer than ever.

It was all about egos and how to get the most media by it, gone are the days where they can course wide spread destruction. The whole we left Ubuntu alone, proves they want nothing more than to be talked about and how we should fear them in some way.

I find it sad they wouldn't hack Linux for a Sony Vaio laptop and $5,000, I'd feel stupid if I was them.

Reply Score: 3

RE: Egos going on the rampage
by PlatformAgnostic on Fri 4th Apr 2008 05:55 UTC in reply to "Egos going on the rampage"
PlatformAgnostic Member since:
2006-01-02

The exploits represent someone being able to read any file which the browser can access. This could be (on Windows) any credit-card or personal information you store in your user profile.

Reply Score: 2

(GNU?) Linux is safe
by dimosd on Thu 3rd Apr 2008 21:14 UTC
dimosd
Member since:
2006-02-10

I'm not a Linux "activist", I'm willing to point out 100 deficiencies in the Linux desktop experience, but the one thing I'm willing to argue is that Linux is "at least" as secure (and probably much more, for various reasons) than what the competition has to offer.

Reply Score: 4

Comment by airwedge1
by airwedge1 on Thu 3rd Apr 2008 21:22 UTC
airwedge1
Member since:
2006-02-22

The hackers obviously would try to figure out how the crack the system before entering into the cracking contest. Either the hackers before hand could not find a way to crack it, or figured that linux was so secure that they weren't going to be bothered. They should have done the 3 os at different times, and if a hacker could hack all three they get triple the money. It's like the hackers just choose the easiest system to hack, because it would be the most likely to deliver them cash.

Reply Score: 1

Use the source
by danieldk on Thu 3rd Apr 2008 21:24 UTC
danieldk
Member since:
2005-11-18

A contest such as this is not a measure of relative security between operating systems. It's not an accurate barometer.

Isn't it? At the very least, if the Ubuntu machine was easier to crack, it would be hard to see why there is no interest, given the possible compensation. Additionally, the source is available, making it easier to find security errors, if Ubuntu was insecure.

If there was no interest to own the Ubuntu laptop, it was possibly because the contestants judged the Ubuntu machine harder to crack. Given the expertise of the contestants, they would probably be qualified to make such judgments.

But I see someone has already followed the money trail ;) .

Reply Score: 6

More to it
by google_ninja on Thu 3rd Apr 2008 21:40 UTC
google_ninja
Member since:
2006-02-05

I think what was meant is that people spend more time and energy tryng to hack windows and apple boxes, and as such have more experience at. I'm sure Haiku or SkyOS (for example) is plenty hackable, but if you have no experience doing it, you will be spending time figuring out strategies before you start spending time employing said strategies.

I do think that it was a bit too dismissive of the fact that out of the three OSs, ubuntu was the only one that didn't go down though. Even with the fact that it is by far the most obscure, it is still an accomplishment.

Reply Score: 2

RE: More to it
by orestes on Thu 3rd Apr 2008 22:05 UTC in reply to "More to it"
orestes Member since:
2005-07-06

Obscure to end users and script kiddies maybe, but that'd hardly be the case for security professionals (regardless of which side of the fence thy happen to fall on). If anything it should be easier to formulate an attack strategy for the open source *nixes, you have more or less the entire OS freely available for your perusal.

Reply Score: 4

RE[2]: More to it
by google_ninja on Thu 3rd Apr 2008 22:59 UTC in reply to "RE: More to it"
google_ninja Member since:
2006-02-05

You are right, but that still doesn't mean that millions of lines of code can be read, understood, and analyzed in a short amount of time, especially if you are not familiar with it.

All I'm really saying is he may have a point, to a degree at any rate.

Reply Score: 2

saving face?
by gedmurphy on Thu 3rd Apr 2008 21:45 UTC
gedmurphy
Member since:
2005-12-23

Maybe most of the guys there were Linux fans and would prefer to see Windows fall than Ubuntu.

Assuming you can only use the flash hack on 1 of the 2 machines, and you're a Linux fan, you're obviously gonna use it to bring down the Windows machine.

Reply Score: 3

RE: saving face?
by glarepate on Sat 5th Apr 2008 00:19 UTC in reply to "saving face?"
glarepate Member since:
2006-01-04

Maybe most of the guys there were Linux fans and would prefer to see Windows fall than Ubuntu.

Assuming you can only use the flash hack on 1 of the 2 machines, and you're a Linux fan, you're obviously gonna use it to bring down the Windows machine.


Maybe. Linus likes Macs. Maybe that's why the hackers were running Mac laptops.

If I was a Linux fan and could take down either or any of the OSes I'd be tempted to go for the Vaio and get the vulnerability in Linux patched. Perhaps that's because I have no interest in Vista...

Reply Score: 2

I have another idea
by autumnlover on Thu 3rd Apr 2008 21:50 UTC
autumnlover
Member since:
2007-04-12

Maybe sponsors of such contests should mark certain systems considered "more secure" by substantially higher reward ?

And in case when still no one will try to crack such system, they should hire some Steve Ballmer's look-alike, dress him in that famous sweated shirt and give him a briefcase full of money and a line to say: "Hi! Im Steve Ballmer, and I come here to give you some of my last year income. Take it and spend as you like."

When still no one will be interested, then we all have a proof that hackers indeed believe in "free lunch" ;)

Reply Score: 3

reminds me
by raver31 on Thu 3rd Apr 2008 21:54 UTC
raver31
Member since:
2005-07-06

This article reminds me of the wimp who does not join in the fight because "they did not want to hurt him"...

They do not give themselves away knowing that they would loose, but they give the impression that they are still a threat.

One thing I have noticed using Linux for so long, is just how tight the system is. There is ways that someone could be coerced into compromising their own machines, but that is social engineering, not really hacking a system.

I have encountered a lot of people contacting my workplace with hosed Vista machines, one said he was hacked by remote desktop assistance hehehe, and so far only one company who said their Linux machine had been hacked. It had indeed been hacked, someone had logged in as root, deleted all log files, and set up an AT command to continually call a script to "ls -R -all"
This slowed the server down no end.... However, it was actually done by an employee who knew the root password and was sacked. Not exactly hacking. He knew the password.

In fact Linux is that hard to get applications to run on, never mind malware running covertly hehehee :p

Reply Score: 3

The Real Question would be
by drcoldfoot on Thu 3rd Apr 2008 22:21 UTC
drcoldfoot
Member since:
2006-08-25

Why Wasn't there a so-called interest in Ubuntu?

Answer:

Out of all Three, Ubuntu Posed the greatest challenge. Why would those hungry Hackers Try to attack a cold, slippery, wet penguin of an OS securitywise of the three, than Just efficiently and with less effort, Plucking an apple from the tree in the challenge for the prize? That's unthinkable.

But You did notice, OpenBSD wasn't even considered! ;)

Reply Score: 3

Your attention, please.
by sbergman27 on Thu 3rd Apr 2008 22:26 UTC
sbergman27
Member since:
2005-07-24

April 1, 2008 (Computerworld) People shouldn't read anything into the fact that...

Reply Score: 6

.......
by islander on Thu 3rd Apr 2008 23:20 UTC
islander
Member since:
2007-04-11

When the fox dont get the grapes he says they are sour.

Reply Score: 3

Good grief\
by wakeupneo on Fri 4th Apr 2008 01:45 UTC
wakeupneo
Member since:
2005-07-06

.."A contest such as this is not a measure of relative security between operating systems. It's not an accurate barometer."

Hmm....so why bother organising the thing in the first place?

More a case of 'our little scheme backfired so please don't look at the results'...

Edited 2008-04-04 01:46 UTC

Reply Score: 4

RE: Good grief\
by daedalus8 on Fri 4th Apr 2008 03:59 UTC in reply to "Good grief\"
daedalus8 Member since:
2008-03-10

I totally agree with you. Why putting 20K-10k-5k for the prizes if in the end. The organizer itself states that it does not mean anything.

Do I have to say that there might be some interests in between?

I don't really know what the reason is, but I think that saying something like that just shows how they try to put down the effort of thousands of developers out there that try to make free software usable, stable, and last but not least, SECURE.

Reply Score: 2

Stay away from x86
by 0xbadbeef on Fri 4th Apr 2008 04:47 UTC
0xbadbeef
Member since:
2005-11-12

I agree, hacking Ubuntu and any x86 Linux for that matter would be a matter of time as retrofitting the same exploit would not be that difficult. Moral of this story is if you want more security, stay the hell away from x86 processors. More serious processor architectures offered non-executable stacks out of the box for years, which foils 99.9% of all stack smashing exploits out there. If you want security, go for Power or Sparc.

Reply Score: 2

I find it funny...
by sigzero on Fri 4th Apr 2008 13:03 UTC
sigzero
Member since:
2006-01-03

That now we are on the other side. The Linux fanboys refuse to believe their OS was vulnerable but nobody wanted to try.

I am an OSX fanboy. I believe my OS is vulnerable and I am glad when responsible stuff like this happens to find bugs for my OS.

Reply Score: 0

Use all Macs
by biffuz on Sun 6th Apr 2008 09:37 UTC
biffuz
Member since:
2006-03-27

Next year, put 3 Macs, running OSX, Windows, and Linux. Something tells me that they will get owned much quickier than a Fujitsu or a Sony or whatever else...

Reply Score: 1