Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Hacking Contest Pits MacBook Air Against Vista, Ubuntu



 By: Ryan Naraine
2008-02-22
Article Rating:starstarstarstarstar / 44


There are 11 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
CanSecWest organizers are urging hackers to fire code execution exploits at the three biggest desktop operating systems.

Organizers of the annual CanSecWest security conference have expanded the PWN 2 OWN hacking contest to pit fully patched laptops running Mac OS X, Windows Vista and Ubuntu against some of the world's smartest hackers.

Last year, the contest was aimed specifically at two MacBook Pro machines and was won by Dino Dai Zovi, a New York-based researcher who exploited a QuickTime zero-day vulnerability.

This year, CanSecWest organizer Dragos Ruiu says there will be three targets: A MacBook Air, running the latest OS X, fully patched with typical configuration; A Sony VAIO VGN-TZ37CNB, running Ubuntu, latest release; and a Fujitsu U810, with a fully patched Windows Vista installation.
Resource Library:

"The victory conditions will be the contents of specific, specially planted files on each system, to be extracted by winners," Ruiu said.

The hacker who successfully takes control of any of the machines gets to keep the laptop and any associated prizes for the exploits used, he explained.

At last year's conference, TippingPoint's Zero Day Initiative added a $10,000 cash bounty to the pot that was eventually won by Dai Zovi.

This year, the attack surface will be widened to include some of the most commonly used desktop applications.

For example, an attacker can find and exploit holes in the three main browsersInternet Explorer, Mozilla and Safarior vulnerabilities in mail clients like Microsoft Outlook, Apple's Mail.app or Mozilla Thunderbird.

It will also include instant messaging clients like Skype, MSN Messenger, Adium or Pidgin. "They are all in scope," Ruiu said.

Ronald Dodge, associate dean, information and education technology at the United States Military Academy, will serve as the judge for the contest.





  Reader Comments: Hacking Contest Pits MacBook Air Against Vista, Ubuntu
>>> Post your comment now!
Lesson: Nobody is Secure
I love these exercises because it teaches that none of these systems is actually secure. The general public is blind to threats to their security...
Posted At: 05-06-08
By: John
give Vista the boot
I'm curious how you switched from Vista to XP. I was told the only way was to have Vista Business installed, which could be uninstalled. and then a...
Posted At: 05-05-08
By: Anonymous
A user comment on this article
I'm sure any of these Os's can be hacked.. oh hhmm just about forgot, Linux is not an OS, but a kernel, but still it can be breached, seeing that...
Posted At: 04-27-08
By: kyelite
bit flippin
All that is needed is to flip the correct bit and crash goes the box! ON the security side it goes to show physical access is everything. yes with...
Posted At: 02-29-08
By: SirJames
Vista Oiy
I have New Lenovo Desktop with Vista Home Basic and it is pain in the A***, Same Machine with Ubuntu 7.10 runs like Lightning!!. Vista is constantly...
Posted At: 02-26-08
By: Uncle Sam
XP SP3 runs like a dream!
I don't know how it would compare security-wise,but it does add plenty of new security features like black hole router detection. What I can tell you...
Posted At: 02-25-08
By: kb
Why isn't XP SP3 included?
I'm interested in how the new XP path SP3 would do also. I'm hearing that it's superior to Vista in many ways.
Posted At: 02-25-08
By: D. Chase
>>> Post your comment now!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 



x}ks㶲*Q3CiJؖIm"!1E=N6~bvKJcLٖhݍF|Gλ$i9cr3ݩkj΢.w߽ !d[f8iTE[ ]ߤ~Am;t =4mFNHB~}@~sf*wD!H/ԎTa@]2x6;k:&o4veki cߨ_[&``1Z|R j9iݑ |i @I>R(CѺQQy_IږyH6EGJ+ߣ"C7 ݩHrW2X^DP~FDM:ǎ-4rwN̚<3τPcwҴv[P;E{QUh /B1r!f-{4ɿTݱ[ L=iLVC;%0ýtf?Dk> NR#ZSˆ辥{$)5< \g4QL1H6}~8IZ Q 68Q)K?GN8CEnڏe[پtwgy@ffbt9a&ԃ P2zhNt(`_dY7;Ͱ-P6CM-ZMQKJ]ٯ:E}`[쫅S who>;W*)Jw9*C[wn-ua(.:^O.ac'H H_L Z.JT:( Ԙ8rg`rM7Jqq+~)ڡVR]jF[V@a`%pfQUriO'sK߾ڤ>>;O}b)̠VPAf`WKe`9=y\toz{MNڟ;w:Rڟ+̪ok*~k! /x_6~b M u ôWuI-Gf{r&j]}::$7cY>韐/ !}_w nr@ i/],Kj,nHˤdL2Tc]NjoNX ^YK7B) u%u(7>hr Q@e)#8?݇IhJq䨉k>ذ 1"%hy啋,}Et"A)O%ތ1E|r'yfRB(&pHqbgd{Ӱerq}\oV͉2]X]uUjoE?t_wθyn?]OH{⧋vІ)ICsEhYf7wI9qI}sQV_[ %kPQ/Q G'&-d`q86acJݤ#}fE=𾾟AAӧIz>56R#Gst$AG61^zK ucb>'ݸäWX(}Zc3{QKW4Кk:FAтMtT;n]`2Zw9ܻ-L&wzt#` VGPC!]7$> (d@+9=P_)qmNl}h`1 >5g%G@i0x1C.O)))?]HPw9DJ B!B0H`P, a\.y"M':ݱ;P}sGe-n^ d6gF2LYG0-&D7rb.G E_-Muc{s_9Դziڛ,Â%bi]yfm,`bD$%\Ew,Ofwq=7cBCD ݜZ,'1!&B~aZ&4" 7qYlEA\'1nuC\f{aMr"Vv6P0*FSMzF9;m9\Лvs9n$!+xWY 2gdRUͳqtʝ+PXZ2n2>=MO%XScX`D~wzb0qm/n)NaV|\t\g˪rKfYU{-UWv/KƠ\?ouriO,ohm_¼xeP4@VRkϥ%2=6PCD6"CzچxTX5:m ,_&TYW+@-ZYSj2ej-[`B]PeܠQ@5%X3PQ[ lx kuPCߵ |#7=dsgH>:`(e!\o N( >Aװ DؚZSS{<`m1Jx>hx# d\6,[b)0#Všk?L=Kwaﴽ.J-.lFd>n 'L[QHz{%1͉V*a0Y6؋T,a?7:HycI_)+%UMH&[b"ud\6˰@\kOa3<(yRrf!9֐˅Q4$\* ؕGQ~Pc6ư5wpH} [Lݡ \wlSIB=O Oքk&.D:#DA#Ez . ZA Џ0BrIaj H"*U H`mR@;kRUtC ^qv WJI:Nd=j|tǜ}h3ʋ2 YΣEVJjB =5jZ͎=>YP2~2j&8x_? p+zM85hN(vo?SMK\}O>yN '-h'^)0ZN +u\NS!4dP.Q95f> S#<~Ɋ0 ClWõX1 pWPV:LuOi?!GF lʂu!MU~tzVE@ GzCH '`QtEa*NiBHYZX9i h5f~+ˣ ,ć{i#f MaFž.nJ^+=4xAs‡1ክ54f;NV'wjO6Jh)VXS!RW dĞe~g'QyϤ͋h3|5y@mvgfӏ6=_`t mAؙY%7CuitLeb`l "Z`|iY`&c1 s*? |l3pڳ `Mɧb_k`p1\EAn#>ҍۙ'yUcү|m*,n1}a%[ŜQx` fzlhLi7J}MVJȅe#uL!ٯԾ=bH%~w9@` |RQzt>#`t>9kۻBlpI75 SXx|{ KPHe, ,"zдr3=<f(V*UX㘘ٽ ՔݷS( @/I6\CnU]uv1g f[i)3(+Ees?; %mcv/is0#ёnt/x01vY?&`;/4.š?K˓HsGQ9g!K1rCE1>dt+]=^NN:k^aOQ區҈FU~Bh]\/~wϻ!9\tx`.'! upy@!hWHv::b3hmƛ&%c֗5!g<72lzA q^9`\\h5c-ͅH'“S&aDu0aZ,m8tǠQC~kL?ffc: M"IQU֭EdU)I=Y)'Ó?8Lb`@L6#Gz f}#uo/o=إ ֛MYzJ cܺ Bvo$6}E;-|uREBN]_`hAxZWrы0æHMG#ͺ,L3ZNh 9:8RJĻQBsFA! !i$b uVGons2Ͼl&yb@L}Hu[Ia!ݸm9B@8g#ymFڦLS~<ӈ=Hn(lﺣD-_S~H#, @5qұV[& @8-M8՜%x)z)LܶVWg)U^S[kpf9@{O7م:ރSoz`a 0| ^3=<)ۂͭooU1U_ȼb5 #ZJ_Dct{Z: zR+Ft ٮJ} '=EY g; |ZZW& " 5&HīOO%YDҥȊ[j/U*e];b^)5XYsV GuWA+e.&]'W2O#@877,! l^v|%F-7F! NyHbե{ʑI(,aׅ CZga<ge 軄gRGWx/M2O!c30 R l*Tw$^䯢U V%ԟaG}nǶI B@>ց,@b,%ZxEUD{"Y?n{h67(@W_V/;j^vn\_Ji,Ρ7J]h+x'|nVa~=o j|ԋO'X06K[E"vkzo1mARǛ>hq~a95 t H"!HD@ģ7?zRz4Oʱ]ڳã^k'vaq 73gxrY+3r=ks,ڳLxH*|)pHoE1HY3~cȰ5mkoi^h9݅Z _f9 -Qr,Z"?3Hn>ҷv5陯T/A]6MQbχm8aOkKW1ˊ҃jnaB"I@pXD"Kb^y6$ۉJڟy`Qre;SiQ@ WC! By58QnnS=8yu B]EP>yY@#zmx:dh|/dSz0.AaNgѹ(|Pu* v\X!ᗃXsu޷vz̳L r\[XyM$ˏc,> ztowwv]gOi8ε7 d5y4컃Ҟ_F5ڑO}K{;"y0Z=_ 'ʲatna1Y#;ЋdooPCGcyũn.۶/[͆q{Q#D"$(l=X67sK ~Vxr2˪vERV@dzgcXYuYH]I#$J[u ")PAgXt~D)>u{.ͦ艩 l1av@ކ(oNp#[N؏D#? KD)PG%}N~"O;=TTCLjDpSߛK׍'@ >*or/gW#^1ňk('>?ďhU6ZG72TQ<#5B,9-%3Cכdž]^Yя T.>.~'Ѝ_J j\JH(+aV|+A#샒=%xٻ ,qx( Dw uv3<QmIIm$>  B(,3VGBx `,%7fTXB0KhDYbɤ3=^RV6TPڜ93͒Eˉ}tESc%5zK*uub? @utNk-b"K]1x~[/Oz'5aL|n.P;IQ6'a|Q&5rRM` _[b\i z µ3r3#6w4xm;Xḯkka{Rb];XhfW0yj+n-楻3xb(͊Nԝoڋ8b.Ƅ憶p찌71vMw 

XPpġ,ႎ|xU{V~z:jNч ̋(HKt4*:WX>m;A=HiLLROG x/pb XB`]7}D['ٍlZf!.O,D1*< qN@?:};ozxX2s-d=w:}GT/a0'A <8R" 2ŧQY"aKO>1q1$'!M l \R- rH8GW F}ԕy\氟aHp=Sq-qVZ1ш@Q->ɹcMN퓔pxXҚ0!<RAAC/#ߝII!5Q"`"1/a9=c3bwK&cZ|E"{X#&3)-9E_A(#*?I @S ,PF: / j1n 3Ԕu7SI8/0SN\<ߔYE+X<>we~t:&> 2{f)u n9 :jTeO g>򽉡{0un S2C´vt`~LR ] 4Bq0h^J+ ;:B"DILv]a]M,#>0-ŌCZUQJdRL(%>gDtUtYUu @!>͊G2QqJV!J`xFA dez߃JŷHIPk; rڽ&-rznާu^(oWj[u{{sپ\ Sˇ2d&SRo4eš_mꌹ6c\qxYx>+ah,Ώ6qNE~Rf}YQB/Ni0urr|j%6N/N|veIc:jS#[}uR_*'M&7bS>oI]hF&5/ʶ΁s?Bǜ!kȿ^Nmw!_48iCSi}>@?':ShuVwN IN>?t.s{9_ sfE\9_<@ߋ^}.rs_yß92zgg9_@EN>e^\%euݜwAtsOK7G\\Կʩ s?=__>g}3sn &/&oonr/=IR<9k]QN~,.Os됟* ~2*ΕR+@^W~_ s{^WKͮ0TntKT앆cn5:Aba/ c|2yFl*DgqⅇW4:<)~bye?VRRw;]Cڤ\r{]rXѧV{5_93>qLklR@s|,y |8SNtW:xi5;HߪêxĿ+N©ߡ={n7fn@L|uӚ޴ϼ5v<2kUե |3O߆zW-̽>Y݉7xx.؅\gUvt ]`aP$ }Vj?f6>ta;}}:\>Y36J쓭? }MF`Mԭ:S w߽[&@Y8'Q?Ѱs3Pt9^i\wn ]w n )xT״} J\ߑN0lFGDd1|UUEVjrp` VQ*D`I>#xt>`2ګ.7tS+rcpC޺n5G Px>[c6LzLbe݌MMu?u_v3*m؏d S7 5w;SŨЫِ@>X΂3|$kc5;L:AÆojYb J;cp\;l={cPi[LY D˼xl4@;4Xr(9T(YF Tz\[ 7oJ/ݳU HŲjc!fY-Nؒ1fQSRۨ*u ${Iz6KN,7}8#Xb̜C+<0 ;VχAK޻-&Ip|)^ZAۀ şI n'qgŻ/-qpwpG5c"YǴdFX1icЁuYI5;~ɑ ( kF5/oCd3Zf]r{^f$jA+_ac۝ZB. ,1,D~ӳNm$b-e]ݎ;3wK/R!N~ fB~ƞ;.'IಓW`'cyB#&f%b P|_ JRyS(y6::Lx+-v)1 K94I Ѓ=z_\Ab;:2>_ >Ro.TùLHd v"ё:4.cm3fN甽aQ"j[MAc>7q>+so7a`a? (TǨz1>!3FQxS4J('55:\.5(l$==ASh<O5yX'"'ڮwzlo()y+r. ?ՄVoUTHJ//'H2GCKrT~{J}*P=fښS;]/v",d/+2lХvHyEO G=~5)H@%WbwH]wц|7(6؋|!Og ϿavCR6LI`Q'11&̃NN-Gw U|ٲs9ebV)qmeG)I<}u<ڢu ׸6Vx}҂ ]@z:ί8G# Pr3қ1zaY1ue lx$_O]UƧf2K'=gз 57d$LE==֟g%\!dW*@OD07"6ic.KE0&(Xp\GAVΙَ|&gw>G}d ȑȎ d}5Px9kK@0mѥhOYm0o6`#]Ǟ':K$~Al=be,-WrcdKxf:叐^ƃ o+RTy X^b0Уe`Z+r k5+E6<]܈X>ƽnb@RYH3+OXg{,*ve6r! l XGڦJ-Q`[Aj`P,lp/>:G[ 0r2ѯ|NN7p2$Ӿ82epCrr奖I;;Q0&x"[\'QI 8`\жX3]#fE1[RjnbrYMS cJ\4l䓈mAb ?Õk[)O=S'>z_].^3Ơ`{ej  ؚտHR#z^"!ACw3=|ל r?qmr?{x9^tkJ)_=Y W{څ$hxb " vݐݣŬ"D&;qVTHkMΡmlpR!*acL 1L+]-nB@:S .Cg,$ˋ}P cyx ŧ$NS`0x@tƙW~g\B/0,G+^:' ^y{ac!˾tں9!3M*`΢gI^vTQ*sclgLp -ϱcRZ`l/Z6w9