Trial By Hacker

In the fifth installment of my Top 10 List of Linux FUD patterns, I discussed various security measures used in Linux distros. Last week, the CanSecWest security conference invited hackers to circumvent security on three fully-patched computers running different operating systems: OS X, Windows Vista & Ubuntu 7.10. The OS X machine reportedly fell first, requiring only two minutes to exploit a vulnerability in the Safari browser! Vista fared well on its own, but an attack on Adobe Flash in the last day marked the end for Windows. At the end of the three-day contest, The Ubuntu machine was the only one left standing! This is good news indeed!

I’d like to note that while this is a great PR victory for Linux, please bear in mind that the parameters of the contest were controlled. Given the right circumstances and/or enough time, the outcome may have been different, and in the real world, windows of opportunity are left wide open all the time – so, protect yourself. It was also interesting to me that the Mac fell first because it was an ‘easy target’ and that the exploit that took out Vista could easily be tweaked to work on any platform.

Cheers!
-Brandon

Note: my original references for this post were articles on eFluxMedia and The Register.

Tags: , , , , , , , , , , ,

3 responses to “Trial By Hacker”

  1. Lorenzo E. Danielsson says :

    Hm. Weird selection of operating systems. First of all, I wonder about the rationale for choosing Ubuntu to represent Linux. Not that I am claiming anything about Ubuntu security-wise, I’m just curious as to why it was selected. Second, no BSD represented? You would have thought that if it was a matter of determining security, at least Open BSD with its security record would have been a contender.

    Anyways, these kind of things in isolation don’t prove much. You could hold another one where OSX comes in on top. It’s a matter of what results you want, and setting the rules accordingly. If you get a bunch of tests run under different circumstances and you start to similar results repeating themselves then you can start drawing conclusions. But you already noted that in your second paragraph.

  2. Kevin Guertin says :

    @ Lorenzo

    I think Ubuntu was selected because it is currently the most popular distribution and it would attract attention.

  3. Anonymous says :

    I think OpenBSD would have won if the competition was longer and it was entered, but that’s only due to ridiculous amounts of auditing and lack of functionality.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: