Linked by Thom Holwerda on Sun 30th Mar 2008 20:35 UTC
As you surely know by now, the CanSecWest conference was the stage for a contest, PWN to OWN. Three laptops were set up; laptops running Windows Vista, Ubuntu Linux, and Mac OS X. The goal was to hack the computer and read the contents of a file located on each of the machines, using a 0day code execution vulnerability. During the first day, you can only attack the machine over the network, without physical access. On the second day, user interaction comes into play (visiting a website, opening an email). On the third and final day, third-party applications are added to the mix. Each machine had the same cash prize on its head. As you all know, the Mac was hacked first, on day two. The user only had to visit a website, and the Mac was hacked. Vista got hacked on the third day using a security hole in Adobe's Flash, and the Ubuntu machine did not get hacked at all. Update: Roughly Drafted responds.
Permalink for comment 307267
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-02-12
O.K. First things first. I was not supposed to use a computer this weekend, But I got an call that required an email. And while I was here...
The most effective and pure *simple* technique to secure OS X, is to not be logged in as an admin, or even any member of the 'admin group'. I own my Mac, I use the BSD Style 'ladmin' account and then a complex password. And then I avoid using that account for just about anything.
The Behavior is EXACTLY the same as when I need 'admin' access I type up both my admin name and password.
It is not common practice on a Mac, but I sincerely hope that we in the Mac community start to act right. It is hard to imagine a day when we are as bad off on OS X as we are 'generally' in Win XP but that doen not mean that I need to be logged in for admin purposes