Vista falls - Linux “pwns” this year’s CanSecWest

Posted March 30, 2008 at 09:37 PM by Mark Pascua

Section: Computers, Security, Software / Applications

After three days of Hack-a-thon, one victor remains standing after CanSecWest’s PWN 2 OWN competition, a Sony Vaio running Ubuntu Linux.

On Thursday, the MacBook Air fell under the hands of Charlie Miller, who pocketed $10,000 and left two other machines still standing: a Fujitsu U810 running Windows Vista SP1 and a Sony VAIO with Ubuntu. After another day and relaxation of the rules, the U810 was conquered by Shane Macaulay, of Security Objectives, by using a flaw in Adobe’s Flash. If “Shane Macaulay” sounds familiar to you, that’s because he was on Dino Dai Zovi’s team when they hacked the MacBook Pro at last year’s CanSecWest.

The contest began on Wednesday, which limited the “players” to network OS-specific attacks. However, after an unsuccessful first day, the rules had to be relaxed on Thursday, which resulted in the MacBook’s two minute compromise via a Safari hole. On Friday, the third and final day, the rules were further softened allowing the contestants to utilize any “popular” software exploit to hack the remaining machines. Seven hours later, Macaulay and his team took control of the Fujitsu latop. 

The original prize for successfully hacking a machine was $20,000; which was halved each day as the contest continued and the rules were softened. Macaulay was awarded $5,000 from the contest’s sponsor, 3Com’s TippingPoint.  A nondisclosure agreement has been signed, preventing the details of the flaw from being revealed. Until TippingPoint has disclosed the details of the vulnerabilities to Apple and Adobe, the exploits will remain secret.

Several contestants did try their hand at the Linux box, but no one succeeded. So, Linux remains safe for another year—open source and Tux FTW!

Read [CNET News]