-
March 31st, 2008, 04:17 PM
#1
Linux: Last OS Standing
Vista second OS to fall to hackers in security contest - Ars Technica
After Mac OS X, Vista fell at PWN2OWN. Linux persevered, however...
Microsoft's Internet Explorer team should see this as a great accomplishment considering how poor IE6's security record has been. It looks like Vista's IE7 stood up to the challenge. Nevertheless, Vista's fall on the last day left the Sony Vaio laptop running Ubuntu as the ultimate winner—Linux was the last OS left standing.
Grats to Ubuntu!
-
March 31st, 2008, 04:40 PM
#2
I think the following reply to that article places everything in perspective:
RGMBill's comment
Vista was indeed "beaten" by a flaw in Flash.... but the people who exploited it said the flaw was in ALL versions of Flash, meaning that they had a choice of choosing the Vista laptop or the Ubuntu laptop, as the one they cracked, they kept (the Macbook was cracked the day before, and so wasn't in the running) ... the Vista laptop was a bit nicer and more expensive, so they went for it.
If the Linux laptop had been more valuable, they would have done the exploit via Linux. And then the headlines would say "Vista uncracked!" or some other, also misleading, title.
-
March 31st, 2008, 04:45 PM
#3
Interesting. Although I've started developing a personal hate for IE7 at this point for other reasons. I think this may highlight that a lot of vulnerabilities are no longer OS specific and that one shouldn't assume that just because it's not listed for your OS that you aren't vulnerable (until it's verified as such -- and even then, I'd be suspicious).
-
March 31st, 2008, 04:56 PM
#4
-
March 31st, 2008, 04:56 PM
#5
Yet another reason to keep flash disabled, as if I needed one.
-
March 31st, 2008, 05:50 PM
#6
But then you can't watch Strong Bad !
anyway, even though I'm mostly a UNIX type OS user, I'm with Neg on this one too in that they could have gone for either OS. What they should have done afterwards was make an announcement and see if anyone could get either one without that.
Testing OS security using non platform specific exploits is kind of like saying my car is better because no one tossed a brick through the windows (pun!) like they do on Chevy cars.
That doesn't mean no one can break the Windows (Pun!!!!) it just means no one has unless I'm using special glass that can take a brick.
-
March 31st, 2008, 06:51 PM
#7
I don't even know what that is.
-
March 31st, 2008, 07:55 PM
#8
I agree with gore on this one.............well mostly. This is the bit that caught my attention:
all held out for the first day of the contest (remotely exploitable vulnerabilities), and so the rules were relaxed on the second day to also include any default installed client-side applications. This led to a quick compromise of Safari, and therefore of the MacBook Air laptop. Vista and Linux remained unscathed.
I think that it is reasonable to include default installations if you are looking at the average user vulnerability angle; but user chosen third party software is a totally different issue.
Actually the whole exercise strikes me as some sort of farce. The way I see it they had to move the goalposts twice and even then none of the OSes was actually compromised?
-
April 1st, 2008, 12:28 AM
#9
Arstechnica didn't have the whole story. The Register reported Shane Macaulay, who hacked Vista in the contest, was initially thwarted by Vista's SP1, "which he had neglected to install when testing the Flash exploit in the days leading up to the contest. Per the contest rules, each target machine had to be fully patched, and when the researcher first ran the code during the competition, new page protections added by Microsoft's security team prevented the exploit from properly executing."
Macaulay fashioned some javascript to finish off the job. It is a bit of a farce, isn't it, but aren't all games? As for Ubuntu, it looks like security-by-obscurity has its place, albeit a minor one.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
April 1st, 2008, 02:37 AM
#10
Had they used Slackware we wouldn't be arguing to begin with, you have to install flash manually with that normally.
Similar Threads
-
By rajunpl in forum Operating Systems
Replies: 43
Last Post: July 1st, 2004, 07:30 AM
-
By MrLinus in forum Cosmos
Replies: 11
Last Post: May 24th, 2004, 09:52 PM
-
By NullDevice in forum Operating Systems
Replies: 1
Last Post: April 13th, 2004, 08:38 PM
-
By xmaddness in forum *nix Security Discussions
Replies: 6
Last Post: August 26th, 2002, 10:18 PM
-
By Rewandythal in forum Other Tutorials Forum
Replies: 5
Last Post: December 12th, 2001, 09:29 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|