Linked by Thom Holwerda on Thu 3rd Apr 2008 19:59 UTC, submitted by daedalus8
People shouldn't read anything into the fact that of the three laptops set up for last week's 'PWN to OWN' hack challenge, the only one left standing was running Linux, said the security expert who oversaw the contest. "There was just no interest in Ubuntu," said Terri Forslof, manager of security response at 3Com Corp.'s TippingPoint subsidiary, which put up the cash prizes awarded at the contest last week at CanSecWest. "A contest such as this is not a measure of relative security between operating systems. It's not an accurate barometer."
Thread beginning with comment 307929
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:2005-07-06
one reason for the mac going first could be in the way the contest was set up.
day 1, only the os and base apps, with latest patches applied. only remote attacks allowed (open ports and that kind of stuff). here none got hacked.
day 2, user assisted attacks, like a email or web page being opened. here osx got hacked via safari.
day 3, popular apps and similar added to the day 2 requirements. here vista got hacked via flash.
the impression i have was that they could have taken ubuntu at day 3, but vista was a easier target. low hanging fruit and all that...
Member since:2005-09-14
Member since:2006-01-23
""It was actually a lack of interest" on the part of the PWN to OWN contestants, Forslof said. "[Shane Macaulay's] exploit would have worked on Linux. He could have knocked it over. But [the contestants] get a lot more mileage out of attacks on the Mac or Windows," she continued.
IMO, an extension of this statement/logic is that you get the most mileage out of the most widely used OS. Therefore:
* You get the most mileage out of a Windows attack.
* You get the next most mileage out of a Mac OS X attack.
* You get the next most mileage out of an Ubuntu attack.
The results don't reflect that, though. The Mac was pwned first, and the Vista box second. Ubuntu didn't get cracked, in spite of incentives to do so ($$).
I'm not sure exactly what this means, and it's certainly possible Ubuntu could have been cracked just as easily as Vista, but the quoted "explanation" seems shaky to me. "
You may not get the most out of attacking Mac OS X first but you shock the fanatics and really upset them once you're successful. It's worth more than money.
It's likely that there was some pride involved in not attacking the Ubuntu machine.
Member since:2005-07-07
Member since:2006-06-15
You may not get the most out of attacking Mac OS X first but you shock the fanatics and really upset them once you're successful. It's worth more than money.
It's likely that there was some pride involved in not attacking the Ubuntu machine.
It's likely that there was some pride involved in not attacking the Ubuntu machine.
Since the flaws found in any of the OS would be forwarded for a fix, I'd say every Linux-loving person would want to hack the Ubuntu machine to improve the OS. Especially if at the same time you can slap Adobe in the face for endangering Linux's security with a badly coded Flash (and Flash _is_ really an eyesore for every Linux user).
I'd also say that nobody's really going to get a rep cracking Visa (right or wrong, it's Windows' reputation that even a newbie can crack it by following a few simple explanations). And you'd make more money by cracking Ubuntu, getting the cash and the pride, then selling whatever cracks you have for Vista).
And am I the only one not believing that even without the Flash crack there would be many other options to crack Windows or Ubuntu? Only thing we now it that nobody was able to crack the Ubuntu machine for the rest of the day.
Or were there only two decent hackers, and the other ones were there just for show?
Edited 2008-04-04 18:35 UTC
Member since:
2007-02-26
IMO, an extension of this statement/logic is that you get the most mileage out of the most widely used OS. Therefore:
* You get the most mileage out of a Windows attack.
* You get the next most mileage out of a Mac OS X attack.
* You get the next most mileage out of an Ubuntu attack.
The results don't reflect that, though. The Mac was pwned first, and the Vista box second. Ubuntu didn't get cracked, in spite of incentives to do so ($$).
I'm not sure exactly what this means, and it's certainly possible Ubuntu could have been cracked just as easily as Vista, but the quoted "explanation" seems shaky to me.