Mar 31 2008
Hack into a computer, and you get to keep it. This was the challenge at CanSecWest Vancouver 2008 last March 26-28. There were three computers that were presented for this contest:
- Sony VAIO VGN-TZ37CN running Ubuntu 7.10
- Fujitsu U810 running Vista Ultimate SP1
- MacBook Air running OSX 10.5.2
The purpose of this contest was to reveal possible vulnerabilities in the system so that the vendor can secure them. A $20,000 cash prize was also added as an incentive by the sponsors. All that you had to do is hack into the computer and execute some code to retrieve the claim ticket file. Then the machine is yours plus you get some cash on top of it.
It took Charlie Miller about 2 minutes to get into the Mac. With all of the bragging from Apple on the superiority of the operating system, its very surprising how easy it was to exploit flaws in it. Miller won the Mac and received $10,000 from 3Com’s TippingPoint division.
Shane Macaulay hacked into the Windows machine after 2 days of work. He used a cross platform Java bug to compromise Vista’s security.
No one managed to win the Sony VAIO computer. Hacking into Linux proved itself to be a formidable task. The attackers claimed they found bugs in the operating system, but there weren’t any willing to write the code to exploit it. The likely reason was that it would take too long to complete it.
The contest was interesting. OS X was by far the easiest to hack. Apple is very good at convincing people that Macs are better than Windows in their ads, but they were unable to produce an operating system that can give moderate security against attackers. Its not surprising that the Linux machine was the most secure. With its large community of developers and users, the end result is very secure and stable operating system.