Linked by Thom Holwerda on Fri 28th Mar 2008 20:39 UTC, submitted by irbis
Privacy, Security, Encryption "An Apple Mac was the first victim in a hacker shoot-out to determine which operating system is the most secure. A former US National Security Agency employee has trousered USD 10000 for breaking into a MacBook Air at CanSecWest security conference's PWN 2 OWN hacking contest. The MacBook was lined up against Linux and Vista PCs - which have so far remained uncracked. Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but yesterday the rules were relaxed so that attackers could direct contest organisers using the computers to do things like visit websites or open email messages. The MacBook was the only system to be hacked by Thursday. Miller didn't need much time. He quickly directed the contest's organisers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems." There is more bad news for Apple: "If you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." Update: The contest is over. Vista got hacked using Adobe's Flash, Ubuntu was left standing.
Thread beginning with comment 307072
To read all comments associated with this story, please click here.
Comment by hhas
by hhas on Fri 28th Mar 2008 22:58 UTC
hhas
Member since:
2006-11-28

Unfortunately, this sort of thing is going to continue until consumer OSes approach system security the same way as they treat stability, and enforce it at the per-process - or even per-object - level.

The current 'fortress wall' security model may be fine for server OSes, where experienced sysadmins are expected to earn their pay constantly manning the outer defences against any hostile intrusion. It's utterly inadequate for end-user systems, however, where (like it or not) most anything goes. Compromised processes are inevitable in such uncontrolled environments; the only question is whether or not they take the rest of the system down when they go.

Apple and Microsoft dealt with the inherent stability problems of OS9 and Win98 by introducing true per-process memory protection. It's about time they applied the same approach to security as well.

Reply Score: 2

RE: Comment by hhas
by hobgoblin on Sun 30th Mar 2008 00:08 in reply to "Comment by hhas"
hobgoblin Member since:
2005-07-06

i suspect it needs to go deep, hardware deep...

Reply Parent Score: 2