Linked by Thom Holwerda on Fri 28th Mar 2008 20:39 UTC, submitted by irbis
"An Apple Mac was the first victim in a hacker shoot-out to determine which operating system is the most secure. A former US National Security Agency employee has trousered USD 10000 for breaking into a MacBook Air at CanSecWest security conference's PWN 2 OWN hacking contest. The MacBook was lined up against Linux and Vista PCs - which have so far remained uncracked. Nobody was able to hack into the systems on the first day of the contest when contestants were only allowed to attack the computers over the network, but yesterday the rules were relaxed so that attackers could direct contest organisers using the computers to do things like visit websites or open email messages. The MacBook was the only system to be hacked by Thursday. Miller didn't need much time. He quickly directed the contest's organisers to visit a website that contained his exploit code, which then allowed him to seize control of the computer, as about 20 onlookers cheered him on. He was the first contestant to attempt an attack on any of the systems." There is more bad news for Apple: "If you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." Update: The contest is over. Vista got hacked using Adobe's Flash, Ubuntu was left standing.
Thread beginning with comment 307302
To view parent comment, click here.
To read all comments associated with this story, please click here.
To view parent comment, click here.
To read all comments associated with this story, please click here.
Recent Original Stories
Recent Comments
Headlines
Random Comments
Random Stories
Random OS Link
Member since:
2006-09-27
Uh... you are aware that if an Linux distro were so ill advised as to do this it would break many things? The idea is only root should be able to open privileged ports.
Well, I was assuming some firewall beyond iptables (something like firestarter) was present. I don't know how much safer it makes the system, but I tend to use them. It doesn't come by default in Ubuntu, though.
" Privilege escalation is an issue in Linux as well (as discussed in the "fakesudo" thread in Ubuntu forums),
This has nothing to do with privilege escalation. this is malware.
"
Right, maybe my usage of "privilege escalation" was incorrect, but "malware" is too general. What I meant is dialog spoofing and similar strategies, where you first control the user account and then get the root password from the user input. That's what the fakesudo thread was about.
It in theory will stop some privilege escalation attacks, but not all. In general setting up your system like that would be too inconvenient for most normal users (especially of OS X).
I've been using this setup for a few months in Linux.I expected OSX to have something more convenient and about as safe. I haven't heard of a better way to avoid dialog spoofing attacks, but I'm open to suggestions.