Star 'Linux Ignored, Not Immune,' Says Hacker Contest Sponsor
Linked by Thom Holwerda on Thu 3rd Apr 2008 19:59 UTC, submitted by daedalus8
Privacy, Security, Encryption People shouldn't read anything into the fact that of the three laptops set up for last week's 'PWN to OWN' hack challenge, the only one left standing was running Linux, said the security expert who oversaw the contest. "There was just no interest in Ubuntu," said Terri Forslof, manager of security response at 3Com Corp.'s TippingPoint subsidiary, which put up the cash prizes awarded at the contest last week at CanSecWest. "A contest such as this is not a measure of relative security between operating systems. It's not an accurate barometer."
E-mail Print r 1   52 Comment(s) http://osne.ws/f3n
Thread beginning with comment 307961
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by anomie
by hobgoblin on Thu 3rd Apr 2008 22:27 UTC in reply to "Comment by anomie"
hobgoblin
Member since:
2005-07-06

one reason for the mac going first could be in the way the contest was set up.

day 1, only the os and base apps, with latest patches applied. only remote attacks allowed (open ports and that kind of stuff). here none got hacked.

day 2, user assisted attacks, like a email or web page being opened. here osx got hacked via safari.

day 3, popular apps and similar added to the day 2 requirements. here vista got hacked via flash.

the impression i have was that they could have taken ubuntu at day 3, but vista was a easier target. low hanging fruit and all that...

Reply Parent Bookmark Score: 6

RE[2]: Comment by anomie
by jlarocco on Fri 4th Apr 2008 01:38 in reply to "RE: Comment by anomie"
jlarocco Member since:
2005-09-14

Am I the only person who doesn't get the point of stages 2 and 3?

They seem to depend on the user doing stupid things. If you're counting on the user being stupid, it doesn't matter which OS you go for.

Reply Parent Bookmark Score: 3

RE[3]: Comment by anomie
by PlatformAgnostic on Fri 4th Apr 2008 05:49 in reply to "RE[2]: Comment by anomie"
PlatformAgnostic Member since:
2006-01-02

It's not that stupid to click on a link, or to have Flash installed. The link might come from a blog comment or an email. The SWF file might come in an advertisement or off of an innocent-looking link.

Application bugs can be real security vulnerabilities, just like OS bugs. Especially when the application is extremely widespread, like Safari or Flash.

Reply Parent Bookmark Score: 5