Linux: Last OS Standing
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Linux: Last OS Standing

  1. #1
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246

    Linux: Last OS Standing

    Vista second OS to fall to hackers in security contest - Ars Technica

    After Mac OS X, Vista fell at PWN2OWN. Linux persevered, however...

    Microsoft's Internet Explorer team should see this as a great accomplishment considering how poor IE6's security record has been. It looks like Vista's IE7 stood up to the challenge. Nevertheless, Vista's fall on the last day left the Sony Vaio laptop running Ubuntu as the ultimate winner—Linux was the last OS left standing.
    Grats to Ubuntu!

  2. #2
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,429
    I think the following reply to that article places everything in perspective:

    RGMBill's comment
    Vista was indeed "beaten" by a flaw in Flash.... but the people who exploited it said the flaw was in ALL versions of Flash, meaning that they had a choice of choosing the Vista laptop or the Ubuntu laptop, as the one they cracked, they kept (the Macbook was cracked the day before, and so wasn't in the running) ... the Vista laptop was a bit nicer and more expensive, so they went for it.

    If the Linux laptop had been more valuable, they would have done the exploit via Linux. And then the headlines would say "Vista uncracked!" or some other, also misleading, title.

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,324
    Interesting. Although I've started developing a personal hate for IE7 at this point for other reasons. I think this may highlight that a lot of vulnerabilities are no longer OS specific and that one shouldn't assume that just because it's not listed for your OS that you aren't vulnerable (until it's verified as such -- and even then, I'd be suspicious).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246
    Good find, Neg. Thanks!

  5. #5
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    Yet another reason to keep flash disabled, as if I needed one.

  6. #6
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    But then you can't watch Strong Bad !



    anyway, even though I'm mostly a UNIX type OS user, I'm with Neg on this one too in that they could have gone for either OS. What they should have done afterwards was make an announcement and see if anyone could get either one without that.

    Testing OS security using non platform specific exploits is kind of like saying my car is better because no one tossed a brick through the windows (pun!) like they do on Chevy cars.

    That doesn't mean no one can break the Windows (Pun!!!!) it just means no one has unless I'm using special glass that can take a brick.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  7. #7
    Senior Member JPnyc's Avatar
    Join Date
    Jan 2005
    Posts
    2,734
    I don't even know what that is.

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    I agree with gore on this one.............well mostly. This is the bit that caught my attention:

    all held out for the first day of the contest (remotely exploitable vulnerabilities), and so the rules were relaxed on the second day to also include any default installed client-side applications. This led to a quick compromise of Safari, and therefore of the MacBook Air laptop. Vista and Linux remained unscathed.
    I think that it is reasonable to include default installations if you are looking at the average user vulnerability angle; but user chosen third party software is a totally different issue.

    Actually the whole exercise strikes me as some sort of farce. The way I see it they had to move the goalposts twice and even then none of the OSes was actually compromised?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Arstechnica didn't have the whole story. The Register reported Shane Macaulay, who hacked Vista in the contest, was initially thwarted by Vista's SP1, "which he had neglected to install when testing the Flash exploit in the days leading up to the contest. Per the contest rules, each target machine had to be fully patched, and when the researcher first ran the code during the competition, new page protections added by Microsoft's security team prevented the exploit from properly executing."

    Macaulay fashioned some javascript to finish off the job. It is a bit of a farce, isn't it, but aren't all games? As for Ubuntu, it looks like security-by-obscurity has its place, albeit a minor one.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  10. #10
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Had they used Slackware we wouldn't be arguing to begin with, you have to install flash manually with that normally.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Similar Threads

  1. suse is crap on finding cdrom
    By rajunpl in forum Operating Systems
    Replies: 43
    Last Post: July 1st, 2004, 08:30 AM
  2. Is Torvalds really the Father of Linux?
    By MrLinus in forum Cosmos
    Replies: 11
    Last Post: May 24th, 2004, 10:52 PM
  3. Fork in Linux Road?
    By NullDevice in forum Operating Systems
    Replies: 1
    Last Post: April 13th, 2004, 09:38 PM
  4. Linux: Cheap chic for computer fashionistas
    By xmaddness in forum *nix Security Discussions
    Replies: 6
    Last Post: August 26th, 2002, 11:18 PM
  5. Installing Linux
    By Rewandythal in forum Other Tutorials Forum
    Replies: 5
    Last Post: December 12th, 2001, 09:29 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •