Linked by Thom Holwerda on Fri 28th Mar 2008 20:39 UTC, submitted by irbis
Privacy, Security, Encryption "An Apple Mac was the first victim in a hacker shoot-out to determine which operating system is the most secure. A former US National Security Agency employee has trousered USD 10000 for breaking into a MacBook Air at CanSecWest security conference's PWN 2 OWN hacking contest. The MacBook was lined up against Linux and Vista PCs - which have so far remained uncracked. Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but yesterday the rules were relaxed so that attackers could direct contest organisers using the computers to do things like visit websites or open email messages. The MacBook was the only system to be hacked by Thursday. Miller didn't need much time. He quickly directed the contest's organisers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems." There is more bad news for Apple: "If you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." Update: The contest is over. Vista got hacked using Adobe's Flash, Ubuntu was left standing.
Thread beginning with comment 307091
To read all comments associated with this story, please click here.
OS X security
by mind!dagger on Sat 29th Mar 2008 01:31 UTC
mind!dagger
Member since:
2007-06-26

Hurrah! OS X has achieved what Windows did many years ago.

My 13-year old son did the same thing last weekend while testing XP via VMWare on Linux. The Windows system was totally hosed within an hour via Internet Explorer.

I've known some, a very small group, of users who've ran their Windows boxes without being breeched. The same is for Linux, BSD and OS X users who are safe online.

Reply Score: 1

RE: OS X security
by werpu on Sat 29th Mar 2008 10:27 in reply to "OS X security"
werpu Member since:
2006-01-18

Your comment just shows a total misunderstanding of the article and the state of security in modern desktop operating systems.
XP can be hosed within seconds by simply exploiting its default security holes and open ports.
No wonder your kid hosed your machine, it was simply by letting it onto the net.

Whereas the article stated that none of the machines was compromised remotely, the first one being compromised over the net was the mac due to an unpatched safari security hole.

I agree with others that Vistas approach makes the most sense, they simply sandbox the browser which is probably the best approach you can do, every application which goes into the internet should be sandboxed, period!

Reply Parent Score: 2

RE[2]: OS X security
by mind!dagger on Sat 29th Mar 2008 16:42 in reply to "RE: OS X security"
mind!dagger Member since:
2007-06-26

Actually, my son wanted to validate what fellow Linux users were telling him about Windows security.

He followed the instructions at UbuntuGeek on setting up a VMWare server. Then he installed the original Win XP install CD that came with his Alienware box.

I suggested he go to a game emulator site. Sure enough, within minutes, his virtual XP instance was being set up to be remotely controlled.

After powering off and deleting the contaminated Windows container we booted up a clean-and-pristine backup and I showed him how to harden a Windows system.

He's been running Linux for well over a year now after learning how to install it on his own at 12. He was less than impressed with the POS called Windows XP.

Since I religiously monitor my internal network I can say that under normal Internet activities our Linux and OS X systems are rock solid. Even our lowly XP system has yet to be compromised due to extensive hardening and teaching the users to be safe.

Reply Parent Score: 2