Linked by Thom Holwerda on Sun 30th Mar 2008 20:35 UTC
As you surely know by now, the CanSecWest conference was the stage for a contest, PWN to OWN. Three laptops were set up; laptops running Windows Vista, Ubuntu Linux, and Mac OS X. The goal was to hack the computer and read the contents of a file located on each of the machines, using a 0day code execution vulnerability. During the first day, you can only attack the machine over the network, without physical access. On the second day, user interaction comes into play (visiting a website, opening an email). On the third and final day, third-party applications are added to the mix. Each machine had the same cash prize on its head. As you all know, the Mac was hacked first, on day two. The user only had to visit a website, and the Mac was hacked. Vista got hacked on the third day using a security hole in Adobe's Flash, and the Ubuntu machine did not get hacked at all. Update: Roughly Drafted responds.
Thread beginning with comment 307288
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: A competition is not a study.
by Kokopelli on Sun 30th Mar 2008 22:56
in reply to "A competition is not a study."
Member since:2005-07-06
This was a competition. It does not show which OS is more secure and I do not think CanSecWest ever implied that this was the case. The purpose of the competition was to get some exploits reported and fixed.
All it means is that someone had a flaw ready for Safari and Adobe Flash but not for anything on the default install of Ubuntu. No more, no less.
RE: A competition is not a study.
by google_ninja on Sun 30th Mar 2008 23:15
in reply to "A competition is not a study."
Member since:2006-02-05
Member since:
2005-07-01
The problem with this whole contest is in the way it gets reported. I'm not sure what it's designed to achieve, but all it should do is highlight the importance of security. It is by no means guaranteed to accurately reflect the state of security in each of the three OSs.
The order of victories is certainly interesting and reflects a factor of computer security. Trouble is, the press report it like it's the definition of security. And if they don't, the fanboys will. Cue blogwar.
I still say no article with "Top X" (for any value of X), in the title is of any importance and the people who read them only have themselves to blame.