Linked by Thom Holwerda on Fri 28th Mar 2008 20:39 UTC, submitted by irbis
Privacy, Security, Encryption "An Apple Mac was the first victim in a hacker shoot-out to determine which operating system is the most secure. A former US National Security Agency employee has trousered USD 10000 for breaking into a MacBook Air at CanSecWest security conference's PWN 2 OWN hacking contest. The MacBook was lined up against Linux and Vista PCs - which have so far remained uncracked. Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but yesterday the rules were relaxed so that attackers could direct contest organisers using the computers to do things like visit websites or open email messages. The MacBook was the only system to be hacked by Thursday. Miller didn't need much time. He quickly directed the contest's organisers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems." There is more bad news for Apple: "If you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." Update: The contest is over. Vista got hacked using Adobe's Flash, Ubuntu was left standing.
Thread beginning with comment 307101
To read all comments associated with this story, please click here.
Ubuntu wins
by tristan on Sat 29th Mar 2008 03:26 UTC
tristan
Member since:
2006-02-01

According to

http://dvlabs.tippingpoint.com/blog/2008/03/28/pwn-to-own-final-day...

the Vista laptop was eventually hacked after the Adobe Flash plugin was installed.

I've got to be honest, I'm surprised and *very* impressed that both Vista lasted this long, and that the eventual downfall of the Vista machine was caused by non-MS code. I'm even more impressed that Ubuntu (which doesn't run a firewall by default, and doesn't use SELinux) is still going.

Combine taht with the embarrassing result for Apple and the whole thing is really eye-opening.

Reply Score: 7

RE: Ubuntu wins
by Kokopelli on Sat 29th Mar 2008 21:53 in reply to "Ubuntu wins"
Kokopelli Member since:
2005-07-06

I've got to be honest, I'm surprised and *very* impressed that both Vista lasted this long, and that the eventual downfall of the Vista machine was caused by non-MS code.

Why are you surprised? I do not use Vista and am not particularly impressed with what I have seen of it but it has had a decent security record. Not outstanding, but quite decent, especially for Microsoft.

I'm even more impressed that Ubuntu (which doesn't run a firewall by default, and doesn't use SELinux) is still going.


Again why?
1) Ubuntu has no services listening on an external address by default. This somewhat limits the utility or need for a firewall.
2) SELinux is not a miracle cure acting as the only line of defense on a Linux system. Properly configured SELinux makes a system more secure, no argument there. But if all applications running on the system are patched and do not have known buffer overrun or privilege escalation vulnerabilities then a system without SELinux can still be quite secure. The dire security need for SELinux is predicated on there being exploitable vulnerabilities on a system and an attempt to be made to use the exploit.

The trend I have been seeing on SELinux going from being seen as a tool to increase security to people arguing that a system is not secure without it is bothersome. The absence of SElinux does not make a system inherently vulnerable to attack. SELinux makes a system which has an exploit in need of being patched less likely to be compromised. The key here is the application with the exploit should be patched in any case.

Reply Parent Score: 2

RE[2]: Ubuntu wins
by sbergman27 on Sat 29th Mar 2008 22:34 in reply to "RE: Ubuntu wins"
sbergman27 Member since:
2005-07-24

The trend I have been seeing on SELinux going from being seen as a tool to increase security to people arguing that a system is not secure without it is bothersome.


Hear! Hear!

I would have further described it as "damned irritating", as well. But you really hit the nail on the head, there.

Reply Parent Score: 2

RE: Ubuntu wins
by eggs on Mon 31st Mar 2008 05:44 in reply to "Ubuntu wins"
eggs Member since:
2006-01-23

Flash doesn't even come with Windows by default, so should that even count?

Reply Parent Score: 2