The Event: CanSecWest’s PWN 2 OWN contest, Vancouver, Canada
The Contenders: Mac OS X Leopard, Microsoft’s Windows Vista, and Linux.
The Challenge: Compromise the OS
The Prize: $10,000 + laptop
The Winner: Charlie Miller
Apparently, the OS that’s safer by design is the first to get compromised, after the rules were relaxed a little bit. 2 minutes is all it took, according to a report in InfoWorld (yes, still one of my favorite tech news sources). Excerpt:
Contest rules state that Miller could only take advantage of software that was pre-installed on the Mac, so the flaw he exploited must have been accessible, or possibly inside, Apple’s Safari browser.
And:
Shane Macaulay, who was Dai Zovi’s co-winner last year, spent much of Thursday trying to hack into the Fujitsu Vista laptop, at one point rushing back to his Vancouver area home to retrieve a file that he thought might help him hack into the system.
But it was all in vain.
More in Gone in 2 minutes: Mac gets hacked first in contest on InfoWorld.com.
This comes little over a week after Apple released what is labeled a massive patch, a monster patch, a mega-update, or a mega-monster security update by the media (Yes, that makes me feel like Jon Stewart now). The patch contains 90 fixes according to these reports.
Last year’s contest winner, Dino Dai Zovi, exploited a vulnerability in Apple’s QuickTime to take home the prize.
Gloat not, Windows Vista and Linux. You are expected to be hacked by today— and when that happens, it will be further proof that vulnerabilities exist in all systems. That’s the nature of software. When it comes to millions of lines of code, “bug-free” and “vulnerability-free” software is a myth. What really matters is how easily these can be exploited, how quickly the vendor responds and releases patches to fix vulnerabilities.
As far as Windows Vista is concerned, it has an enviable track record so far.
{ 1 comment… read it below or add one }
Vista does have a envyable trackrecord as displayed in the fact that once people updated to it, they immediately ran screaming for XP. Nice job MS.