Linked by Thom Holwerda on Fri 28th Mar 2008 20:39 UTC, submitted by irbis
Privacy, Security, Encryption "An Apple Mac was the first victim in a hacker shoot-out to determine which operating system is the most secure. A former US National Security Agency employee has trousered USD 10000 for breaking into a MacBook Air at CanSecWest security conference's PWN 2 OWN hacking contest. The MacBook was lined up against Linux and Vista PCs - which have so far remained uncracked. Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but yesterday the rules were relaxed so that attackers could direct contest organisers using the computers to do things like visit websites or open email messages. The MacBook was the only system to be hacked by Thursday. Miller didn't need much time. He quickly directed the contest's organisers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems." There is more bad news for Apple: "If you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." Update: The contest is over. Vista got hacked using Adobe's Flash, Ubuntu was left standing.
Thread beginning with comment 307135
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Comment by apoclypse
by sbergman27 on Sat 29th Mar 2008 15:08 UTC in reply to "RE: Comment by apoclypse"
sbergman27
Member since:
2005-07-24

I don't agree. Just have a look at the release notes of the upcoming 8.04 release:


FWIW, the claims that Ubuntu is not security conscious mainly seem to be coming from the "SELinux is the one true security framework" camp.

I would be interested in seeing a contest like this conducted between various Linux distros. (Obviously, the contest would have to run a lot longer than this one that included easier targets, like MacOSX and Windows.) But I'd like to see if the claims made by the Fedora camp (which I more or less consider to be my distro if choice) are valid, or just a bunch of smoke.

On the topic of firewalls, it is true that Ubuntu does not run one by default. But it also has no services listening on any ports, by default. IIRC, while Fedora has a firewall by default, the SSH service is running, and port 22 is open by default, giving Ubuntu the security edge, overall, on that front.

Reply Parent Score: 2

RE[3]: Comment by apoclypse
by SlackerJack on Sat 29th Mar 2008 16:34 in reply to "RE[2]: Comment by apoclypse"
SlackerJack Member since:
2005-11-12

It's simply not true that Ubuntu doesn't have a firewall enabled by default, it's called IPtables. Hardy has all ports stealthed by default but I'm not sure about Gutsy. I just had all my ports scanned and they are all stealthed from 0 -1055 in a default hardy install.

Reply Parent Score: 1

RE[4]: Comment by apoclypse
by sbergman27 on Sat 29th Mar 2008 17:09 in reply to "RE[3]: Comment by apoclypse"
sbergman27 Member since:
2005-07-24

It's simply not true that Ubuntu doesn't have a firewall enabled by default, it's called IPtables.

That would be a new feature of Hardy, then. I ran a Hardy development release for a while on my laptop a couple of months ago, and didn't notice. But I believe I did an in-place upgrade.

But as I indicated, there have never been any ports listening by default on an Ubuntu install. And so, as Spock would say, a difference which makes no difference is no difference.

Edited 2008-03-29 17:15 UTC

Reply Parent Score: 3