OSNews: http://www.osnews.com/story/19300/Vista_Leopard_Linux_To_Compete_in_Hack_Contest Exploring the Future of Computing en-us Copyright 2001-2009, David Adams adam+nospam@osnews.com Fri, 11 Dec 2009 01:29:19 GMT http://www.osnews.com/images/osnews.gif OSNews.com http://www.osnews.com Looks like fun http://osnews.com/thread?299923 http://osnews.com/thread?299923 It looks like fun. I wonder which OS will fare the best. These flaws fixed counts that frequently bash OSX are flawed. As well as those that bash Linux and sometimes even Windows. Often such comparison are biased to create a result that sounds surprising and catches our attention (we usually consider OSX and Linux secure and windows not).

PS. Sorry for my sleepy feeling right now. It is affecting my writing. Fri, 08 Feb 2008 02:52:00 GMT donotreply@osnews.com (sultanqasim) Comments The most interesting point is... http://osnews.com/thread?299930 http://osnews.com/thread?299930 The most interesting point is...last year they did not compete to win a new Linux laptop, or Vista machine. The prize was a MacBook Pro and $10K.

Yes, yes. I'm sure with $10K, they could have easily sold the MBP and buy nearly any rig they want, but it's all in the marketing!

:-)

-KarrickEdited 2008-02-08 04:30 UTC Fri, 08 Feb 2008 04:26:00 GMT donotreply@osnews.com (Karrick) Comments RE: Looks like fun http://osnews.com/thread?299931 http://osnews.com/thread?299931
It looks like fun. I wonder which OS will fare the best. These flaws fixed counts that frequently bash OSX are flawed. As well as those that bash Linux and sometimes even Windows. Often such comparison are biased to create a result that sounds surprising and catches our attention (we usually consider OSX and Linux secure and windows not).


I think it depends on what they actually mean by the term "hacking".

If it is classic hacking, and it just boils down to obtaining a logon via brute force attack or password guessing, the all three (Linux, OS X and Windows) would be equally vulnerable, depending only upon how strong the passwords were.

I guess I just don't get it. Fri, 08 Feb 2008 04:30:00 GMT donotreply@osnews.com (lemur2) Comments RE: The most interesting point is... http://osnews.com/thread?299932 http://osnews.com/thread?299932
The most interesting point is...last year they did not compete to win a new Linux laptop, or Vista machine. The prize was a MacBook Pro and $10K.


It is no sweat. A MacBook Pro will run Linux pretty well.

http://modular.math.washington.edu/macbook/ Fri, 08 Feb 2008 04:34:00 GMT donotreply@osnews.com (lemur2) Comments Winner - the best (human) hacker http://osnews.com/thread?299935 http://osnews.com/thread?299935
The hacking competition at CanSecWest 2008 will pit the Linux, Leopard OS X, and Vista operating systems against each other


So its the OS that will do the actual hacking then?

Seriously though, it should be interesting. Fri, 08 Feb 2008 04:44:00 GMT donotreply@osnews.com (camo) Comments Define Linux http://osnews.com/thread?299938 http://osnews.com/thread?299938 I wonder what they'll be using for the linux box. Fri, 08 Feb 2008 05:17:00 GMT donotreply@osnews.com (axel) Comments What? No BSDs? http://osnews.com/thread?299940 http://osnews.com/thread?299940 They really should include the BSDs as well.

I guess it'd make for a pretty uneven contest, though.
Good luck to anyone trying to break in to an OpenBSD system.... :-) Fri, 08 Feb 2008 05:31:00 GMT donotreply@osnews.com (obsidian) Comments RE[2]: The most interesting point is... http://osnews.com/thread?299941 http://osnews.com/thread?299941
It is no sweat. A MacBook Pro will run Linux pretty well.

http://modular.math.washington.edu/macbook/


What a waste. Pretty hardware should run pretty OS. Fri, 08 Feb 2008 05:44:00 GMT donotreply@osnews.com (Babi Asu) Comments Flavours? http://osnews.com/thread?299962 http://osnews.com/thread?299962 What will be interesting is the linux distro that is ultimately chosen. I guess a default system bought from Dell (i.e. Ubuntu) could be tested. But there are many distros which each take a different approach to security. Consider Debian systems, no root user, instead use sudo, vs. RPM type systems which have a root user with a different password to the ordinary user.

Also, you have different security apps, e.g. AppArmor, and different firewalls. Fri, 08 Feb 2008 07:52:00 GMT donotreply@osnews.com (MiliTux) Comments RE: Flavours? http://osnews.com/thread?299964 http://osnews.com/thread?299964 I agree, but also, wireless card also matters (because there can be bugs in the drivers). If they don't use the same wireless card on OSX as on the rest of them (generally they are atheros), it means it is not fair. Vista, most linux distro's and OSX pretty much support atheros out of the box. And also, if outbound connections will be permitted (ie, safari connects to a webpage).

Any hackers joining though, I know they will find OSX to be the easiest to exploit as at the moment, its programs are the least refined since their release (Vista has had 1 year to stabilise its programs, and linux, well, thats gonna be dependant, as mentioned on the distro).

But yeah, I agree with MiliTux, I hope they have a good gameplan and at least make it fair.

I hope everyone just sees it as fun though, because, I'd hate to put up with either linux, OSX,BSD,OS/2 OR windows fanboys all week bragging about how secure they are over a poorly set up contest.

But honestly, my guess, is that they may all be hacked within an hour anyway depending on the rules. Safari, firefox and Internet explorer probably all have a lot of exploits (lets face it, web browsers are getting so complex these days, you could run one in EFI, and use it as your OS, and in fact, some bios' already let you run a web browser inside them).


And there better be NX on all three... Otherwise, the whole thing is a joke Fri, 08 Feb 2008 08:20:00 GMT donotreply@osnews.com (Auzy) Comments RE: Flavours? http://osnews.com/thread?299976 http://osnews.com/thread?299976
Consider Debian systems, no root user, instead use sudo, vs. RPM type systems which have a root user with a different password to the ordinary user.


That isn't a Debian characteristic, it is strictly an "Ubuntuism".

https://help.ubuntu.com/community/RootSudo

Personally, when I am using an Ubuntu system, and I need to be root, I generally just use the command 'sudo su'.

Debian systems have a normal root user, just like most other Linux distributions do.

http://www.tonotono.net/ua/nph-.cgi/000000A/http/www.linuxdevcenter...

Also, you have different security apps, e.g. AppArmor, and different firewalls.


Fedora ships with SELinux.

http://fedoraproject.org/wiki/Security/Features

Fedora is probably the most well known desktop Linux distribution you would go for if you were after the best security out-of-the-box.Edited 2008-02-08 09:48 UTC Fri, 08 Feb 2008 09:41:00 GMT donotreply@osnews.com (lemur2) Comments RE: Flavours? http://osnews.com/thread?300016 http://osnews.com/thread?300016 "Consider Debian systems, no root user, instead use sudo"

Debian itself, it has a root user ,and is enabled by default. Some derivatives of Debian, (*Ubuntu) use sudo. But you're right, I think the choice of distro will be very interesting. Fri, 08 Feb 2008 14:01:00 GMT donotreply@osnews.com (BluenoseJake) Comments RE[2]: Looks like fun http://osnews.com/thread?300036 http://osnews.com/thread?300036
I think it depends on what they actually mean by the term "hacking".


Another method of "hacking" worth mentioning would be a way to provide a kind of spoofing attack, resembling a system prompt to get a response from a user. This could be realized via a web page or even an e-mail. "Hi there, this is your support center. Please reply with your administrator password. Thank you!" :-)

But that wouldn't be something I'd consider "hacking". It's not very innovative and depends on the reacting of a (stupid?) user. Fri, 08 Feb 2008 16:31:00 GMT donotreply@osnews.com (Doc Pain) Comments It will be interesting http://osnews.com/thread?300037 http://osnews.com/thread?300037 It will be interesting to see if they configure them in a usable configuration. Will it they all be able to play quicktime movies from the web, work with youtube, flash, shockwave etc. Last time they did this it took a while, and if the wrong 'experts' are there it may not be that easy. Will they only use attacks where the defending OS is passive (ie no surfing) or will the attackers be allowed to make a website where someone drives the OS off a cliff into it.

I'm guessing they'll start with passive, then if none get hacked, they'll start installing Adobe software and surfing the machines to crusty websites. Fri, 08 Feb 2008 16:34:00 GMT donotreply@osnews.com (Bounty) Comments Use 2 other operating systems as a baseline? http://osnews.com/thread?300044 http://osnews.com/thread?300044 How about they test 2 other operating systems as a baseline?

Say, Trusted Solaris and OpenVMS.

It would be interesting to see how older commercial grade operating systems compare aganst consumer grade systems. Fri, 08 Feb 2008 18:00:00 GMT donotreply@osnews.com (smilie) Comments RE: What? No BSDs? http://osnews.com/thread?300054 http://osnews.com/thread?300054 They really should include the BSDs as well.

I guess it'd make for a pretty uneven contest, though.
Good luck to anyone trying to break in to an OpenBSD system.... :-)

Linux guys..err... Sorry- GNU/Linux guys tend to ignore existence of superior operating systems til' their half assed servers got pwned multiple times in a row. Fri, 08 Feb 2008 19:14:00 GMT donotreply@osnews.com (antik) Comments RE[2]: Somewhat OT (was RE: Flavours?) http://osnews.com/thread?300060 http://osnews.com/thread?300060
Personally, when I am using an Ubuntu system, and I need to be root, I generally just use the command 'sudo su'.


If you want to change shells you may also do:

sudo zsh_or_other_choice -

And be the root user until you exit your shell of choice. Fri, 08 Feb 2008 20:03:00 GMT donotreply@osnews.com (glarepate) Comments