cansecwest vista We wrote about the CanSecWest conference last week when the hacking contest was on its second day. The second day consisted of stock configurations along with browsers and some mail applications. That’s when the MacBook Air laptop was hacked in in about 2 minutes utilizing a Safari vulnerability that Apple has now been notified of.

On the third day widely used plugin frameworks (Silverlight, Flash, etc…), instant messengers, and more were all installed on the machines. After several hours of working at it Shane Macaulay managed to tiptoe his way into the Vista machine using an Adobe Flash vulnerability. As a result of his efforts he is taking home that computer, and gets a prize of $5,000. Not to shabby.

So that leaves Ubuntu Linux standing alone as the only unhacked computer among the three operating systems. Not to takeaway from Ubuntu’s win, but there are some things that you should consider before drawing any conclusions:

  • Technically it wasn’t really Microsoft’s fault that the machine was hacked since Adobe is the one who creates Flash. The MacBook Air vulnerability, on the other hand, was in the Safari browser which ships on all Apple computers.
  • One of the rules of the contest is that you “can’t use the same vulnerability to claim more than one box, if it is a cross-platform issue.” Adobe does make Flash for Linux and Mac’s, but there was no mention as to whether the vulnerability used to attack the Windows machine was actually a cross-platform bug. Similarly if Safari was installed on the Windows machine would it have been subjected to the same vulnerability that brought the MacBook Air to its knees?

There Are 3 Comments

  1. Wahooo…well sorta. It was a good contest and really shows how secure Vista is on a stock installation, that is really good on Microsoft’s end. All in all we know which system is secure out of the box and which isn’t for now. Good contest, and the price is pretty good as well. 8)

  2. Mohan wrote:
    Wahooo…well sorta. It was a good contest and really shows how secure Vista is on a stock installation, that is really good on Microsoft’s end. All in all we know which system is secure out of the box and which isn’t for now. Good contest, and the price is pretty good as well. 8)

    This is really one of my favorite contests because it’s interesting to see what computer goes down first. I was pretty impressed that Vista withstood the pressure under the stock configuration as well, and Ubuntu definitely deserves a round of applause too.

  3. Ryan wrote:
    Mohan wrote:
    Wahooo…well sorta. It was a good contest and really shows how secure Vista is on a stock installation, that is really good on Microsoft’s end. All in all we know which system is secure out of the box and which isn’t for now. Good contest, and the price is pretty good as well. 8)

    This is really one of my favorite contests because it’s interesting to see what computer goes down first. I was pretty impressed that Vista withstood the pressure under the stock configuration as well, and Ubuntu definitely deserves a round of applause too.

    If I were Microsoft I would use this for their advantage and market how secure their OS is…in stock configuration of course.
    ;)

Leave Your Comment


Message is the only required field.
Emails are not published.