/NEWSFORUMSOFTWARE TOOLSMERCHANDISEADVERTISECONTACT
mods:ext modsint modslighting modsperipheral modssw modsmisc modstechniques
Ubuntu wins CanSecWest Hack Off
Written by Chris Tangora   
Saturday, 29 March 2008
cansecwest.jpgThe winners and losers in the CanSecWest zero day hack contest are in.  The winner is Ubuntu, as it was the only OS who did not fall to hackers.  The losers are Apple OS X.5.2, Safari, Windows Vista SP 1 and Adobe Flash.  The Windows Vista laptop went down after Adobe Flash Player was installed.  The interesting part is that nobody has reported how long it took the winning team to take over the Windows machine once Flash was installed.  Just seems like media hype now about the "2 minutes" to get into the MacBook Air.

But the big news is Ubuntu.  The open source operating system has shown it can handle it's own in the world of security.  No word on what the Adobe Flash vulnerability is, but it must be OS specific, as the Ubuntu could have had Flash instaled also.  Zero Day viruses and bugs will always be there, so the story isn't as much which OS went down first.  The big question now is, who will fix their bugs first?  I'm assuming that Microsoft will be notified about the bug as well as Adobe, and Apple has a one day head start.  Can the Apple fix be fast enough to make it's way into the 10.5.3 update?

Lots of questions, but we'll have to wait for the answers.

Tipping Point Blog for PWN to OWN contest




Comments (7)
01-04-2008 09:35
 
I find it incredibly lame that it was within the rules of the contest that the exploiter could instruct someone sitting at the computer to visit a maliciously crafted Web site. I thought the whole point was to get control of the machine without having to interact with the user (apparently I didn't read that part of the rules). The results of the Day 2 round of the contest speak less about the overall security of the machines tested and more about how easy it is to p0wn a gullible user's machine, which is not a groundbreaking new insight by a long shot.
Registered
  
31-03-2008 10:47
 
Don't forget that no known or existing vulnerabilities were allowed in the contest. This was a true Zero Day attack. 
 
It says nothing about overall security, as there are vulnerabilities that are still open for both Leopard and Vista.
Registered
  
31-03-2008 09:47
 
Yep. Vista Sux.
Guest
  
Randy
30-03-2008 22:02
 
Chan, according to the TippingPoint blog, Vista was won "after it was installed with the latest version of Adobe Flash."
Guest
  
Malaz
30-03-2008 19:42
 
Hmm, I thought that the Vista lost because of a Java problem (which was not OS specific)?
Guest
  
Chan
30-03-2008 13:29
 
Not really, Clifford - that's one of the reasons I started using linux, too!
Guest
  
Jon
29-03-2008 22:49
 
Linux is sweet succulent security. I started using it because I kind of felt bad about breaking so many copyright laws by pirating software. Pretty funny now that I think about it.
Guest
  
Clifford

Write Comment

Name:
Comment:

Code:* Code
I wish to be contacted by email regarding additional comments
 
< Prev   Next >
Copyright © 2002 - Present.  MacMod.com.  All rights reserved.  Privacy Policy.  Terms & Conditions.  Designed & Powered by Ackoo.