VS.
VS.
Cracking Competition Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 03/20/2008 9:07:51 PM PDT by Swordmaker
CanSecWest's Pwn2Own contest returns
Tired of all the knee-jerk banter from fanboys about whose operating system is the most secure? So are the organizers of the CanSecWest security conference, which will be held in Vancouver later this month. And with a contest awarding as much as $25,000 worth of prizes, they're likely to breathe fresh life into a stale debate.
This year's Pwn2Own competition will place three brand-new, fully patched laptops side by side: a Fujitsu U810 running Vista Ultimate, a Vaio VGN-TZ37Cn running Ubuntu 7.10 and a MacBook Air running Leopard. The first person to remotely run code on each one gets to take the machine home, and is automatically entered into the running for a $25,000 award from TippingPoint, whose Zero Day Initiative pays bounties to researchers for responsibly disclosing vulnerabilities. At last year's Pwn2Own contest, conference organizers challenged attendees to hack into one of two fully patched MacBookPros to claim the machine and a $10,000 bounty from TippingPoint. Security guru Dino Dai Zovi, spent less than 12 hours doing just that, crafting a QuickTime exploit that allowed him to take complete control of the machine.
CanSecWest's Pwn2Own contests are useful because they allow us to isolate the technical strengths and weaknesses of a given platform from its popularity. Acrimonious debate has fomented for years about whether the high number of real-world Windows exploits - compared to those of OS X, Linux and other operating systems - is a natural consequence of having a 90-percent chunk of the market or the result of sloppy and insecure coding practices at Microsoft.
There's at least some merit to the argument that organized cyber crime gangs - just like makers of popular games Half-Life 2 and Crysis - don't write for the Mac and Linux because the smaller market shares make it impossible to get a return on the investment. The Pwn2Own contest, by offering a considerable incentive for exploits of these platforms, helps to neutralize the economic variable.
"These computers are REAL and FULLY patched," conference organizer Dragos Ruiu wrote in an email announcing the rules. "All third party software is widely used. There are no imitation vulnerabilities. Any exploit successfully used in this contest would also compromise a significant percentage of the internet connected hosts." The rules for this year's contest include:
El Reg will be attending CanSecWest, which runs from March 26-29. We are willing to trade beer for scoops or livers. ®
VS.VS.If you want on or off the Mac Ping List, Freepmail me.
Bookmark - educational thread potential.
There’s a joke here somewhere.
only 25K??? The guy can make more than that keeping the vulnerability closed sourced and selling the exploit online.
Given three good and equal teams and budgets, determined to lock down a system really tight, I'd take BSD first (not on this list) and any of the Linux distros, such as Ubuntu second, and various Microsoft products last.
But I doubt that's what they're doing here.
"These computers are REAL and FULLY patched," conference organizer Dragos Ruiu wrote in an email announcing the rules. "All third party software is widely used. There are no imitation vulnerabilities. Any exploit successfully used in this contest would also compromise a significant percentage of the internet connected hosts."That's more like it. Of course, the "we were just kidding" disclaimer a few days after some dramatic announcement of a non-event could be planned. :')
OS X *is* a BSD.
The following, from serverwatch.com explains it better than I can.
August 10, 2004
Differentiating Among BSD Distros
By Martin Brown
Organizations that want to use a public Unix variant have two solutions from which to chose: Linux and BSD. The much talked about Linux camp contains a variety of distributions that include different utilities and tool sets. The same is true of the less frequently covered BSD camp. This article compares and contrasts the four main BSD variants and offers recommendations for both server- and desktop-based solutions.
There are four main BSD variants. Three of these (FreeBSD, OpenBSD, and NetBSD) are totally free; the fourth (Mac OS X) is technically the core part of an operating system that most wouldn't even consider a BSD variant. To understand the differences between the various versions, let's briefly recap the history of BSD to understand how the different versions have developed.
Today's BSD variants are open source versions of the original AT&T Unix operating system. In fact, they all come from the Unix developed at the University of California Berkeley, and BSD is actually short for Berkeley Software Distribution. A significant part of the original BSD code was based on the AT&T Unix code, which wasn't free. Through efforts on the part of a few key members of the original BSD development team, such as William F. Jolitz, the final parts of the code were developed under an open source license and produced 386BSD.
In 1993, 386BSD was forked into two of the main versions we know today: NetBSD and FreeBSD. They were formed with different aims and goals. Not surprisingly, each has its own history. OpenBSD, the third variant, arrived in 1996 and was developed specifically to address some of the security concerns in the other variants.
The BSD incorporated into Mac OS X is known as Darwin. It is available as a completely separate component. Darwin itself is derived from the BSD layer of the NextStep operating system, developed by NeXT, the company set up by Steve Jobs after he left Apple in the 1980s. Technically, Mac OS X is based on the FreeBSD core, with OS X 10.3 based on FreeBSD 5.x. It is, however, extremely customized beyond the base BSD code. The key benefit with Mac OS X is the Aqua GUI that allows OS X to operate like the original Mac OS operating system but still have all the benefits and flexibility of an efficient BSD kernel.
Like other Unix variants, the four BSD distros provide similar basic functionality. All contain the following core components:
In addition, because it is a Unix-like operating system, most of the other tools, utilities, and systems, such as Perl, Python, Apache, MySQL, PostGreSQL, Java, C/C++, work with BSD. However, because it is a less popular Unix alternative than Linux, fewer prepackaged applications are available. Some BSD variants do come with a Linux compatibility package, though, that enables them to execute Linux applications (from the same platform) directly.
BSD systems have a reputation for better reliability than some alternatives, largely because they are developed with smaller, more focused development teams. They also boast a more mature code base, as a significant proportion of the BSD ethos come from the very earliest forms of Unix.
Why a cross-over cable? Why not just connect through a switch? It’s a small difference, but still, how many hackers in the real world get to direct-connect with a cross-over cable to their target computer?
The crossover cable is to prevent interference or assistance from others - to help ensure that the person claiming to crack it really is the person that did it.
Vista is the slowest to hack.
Make sense. I was just curious. It’s been ages since I’ve used a cross-over cable for anything, now that all switches auto-sense connections.
Oops. How a tiny typo can make all the difference!
I typed: make sense
as if to imply you were not making sense
when what I meant to type was: makes sense
meaning: it makes sense
Anyway, thanks for the explanation. It makes sense.
O S it is. :-)
True, BSD is used in MAC OS X. However, that's not what I meant. See further my Post #10 explaining the distinctions.
M R Ducks
Care to speak English?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.