CanSecWest contest: Vista vs. Leopard vs. Ubuntu

Wiis, PlayStations, iPads, blogging platforms, Facebook and anything else worthy of buzz in the digital world.
Beer Moon
Forum God/Goddess
Posts: 2032
Joined: Mon Jan 17, 2005 7:08 pm
Contact:

CanSecWest contest: Vista vs. Leopard vs. Ubuntu

Postby Beer Moon » Fri Mar 28, 2008 9:16 am

Annual competition for $10,000 (plus the laptop you hacked).

Day 1, all three OS's remained unhackable - attacks allowed over a network only.

Day 2, hackers were allowed to have users open emails or visit webpages. Result:

Leopard went down in two minutes flat.

juanton
Forum God/Goddess
Posts: 2751
Joined: Mon Jul 21, 2003 3:24 pm
Contact:

Postby juanton » Fri Mar 28, 2008 10:16 am

I love this comment as it sums up my feelings about this and any similar sort of test:

"Point SIMPLY most hacks accure because of THE USER!!! opeing up emails, clicking on Free advertisments or going to bad web pages! (in our local paper Old people have been turning those email check scams, and Private shopper scams!"

Dude, give up the fight, it's a dumb one. Use what works best for you.

Wet_Pavement
Forum God/Goddess
Posts: 677
Joined: Thu Nov 23, 2006 6:40 am
Location: Madison
Contact:

Postby Wet_Pavement » Tue Apr 01, 2008 6:42 am

The story leaves out that Microsoft won't issue a patch for over a year while Apple will address it much more quickly.

Nick Berigan
Forum God/Goddess
Posts: 592
Joined: Thu Apr 03, 2003 5:12 pm
Contact:

Postby Nick Berigan » Tue Apr 01, 2008 7:32 am

Wet_Pavement wrote:The story leaves out that Microsoft won't issue a patch for over a year while Apple will address it much more quickly.


How do you "patch" the fact that the user opened an email? Do you flash the user's BIOS or something? If someone knows how to do that, I could really use that info.

Wet_Pavement
Forum God/Goddess
Posts: 677
Joined: Thu Nov 23, 2006 6:40 am
Location: Madison
Contact:

Postby Wet_Pavement » Tue Apr 01, 2008 8:13 am

The point is that Microsoft consistently waits a long, long, long time to fix security flaws.

And depending on the kind of attack used by the rogue website or the rogue email, yes they can be patched.

Beer Moon
Forum God/Goddess
Posts: 2032
Joined: Mon Jan 17, 2005 7:08 pm
Contact:

Postby Beer Moon » Tue Apr 01, 2008 5:04 pm

The point is neither OS has zero-day exploits that are easy to take advantage of - both made it to day 2.

Only Linux remained unhacked the entire time, and many said it was not due to the fact that it was impossible, simply that it was easier to get into Leopard and then Windows, compared to the coding required to exploit the Linux vulnerabilities.

Also, Windows is on a monthly patch release schedule - more frequent than some other much-less popular consumer OS company. They also release emergency patches when necessary.


Return to “Technology & Video Games”

Who is online

Users browsing this forum: No registered users and 2 guests