Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Businesses Operating Systems Software Windows Apple Linux

Mac Hack Contest Redux 164

Posted by samzenpus from the what-breaks-first dept.
narramissic writes "Remember the controversial Mac hacking contest from last year's CanSecWest conference? No? Here's a refresher: Conference organizers challenged attendees to hack into a Macintosh laptop, with the successful hacker winning the computer and a cash prize. Winner Dino Dai Zovi found a QuickTime bug that allowed him to run unauthorized software on the Mac once the computer's browser was directed to a specially crafted Web page. Well, the contest is back again this year, but with a twist, says Dragos Ruiu, the principal organizer of CanSecWest: 'We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first.""
This discussion has been archived. No new comments can be posted.

Mac Hack Contest Redux More

Mac Hack Contest Redux

Comments Filter:

  • Default Install (Score:5, Insightful)

    by Archangel Michael ( 180766 ) on Wednesday February 06, 2008 @08:29PM (#22327760) Journal
    I'd make sure that each was installed to default configuration. No tweaking allowed.

    Vista installed from DVD default/recommended choices where possible on installation screens. Same with Ubuntu, and Mac OS/X. Any deviations noted. Any extra software installed must be available on all three platforms.

    Just to make it "fair".

  • Cool. (Score:1, Insightful)

    by Anonymous Coward on Wednesday February 06, 2008 @08:30PM (#22327774)
    See, things like this are great when in all in good fun. It's good for the mind and is a wonderful example of human creativity.

    Like I always say, "anything made by a human can be broken by a human".

  • Re:Default Install (Score:4, Insightful)

    by calebt3 ( 1098475 ) on Wednesday February 06, 2008 @08:34PM (#22327812)
    I'd say that allowing updates to be installed would be fair.

  • Obvious misleading conclusions (Score:5, Insightful)

    by Secret Rabbit ( 914973 ) on Wednesday February 06, 2008 @08:38PM (#22327854) Journal
    I think it's obvious the nonsense that'll come out of this. People will say, x OS is more insecure than y and z because it fell first/so quickly. Regardless of the skewed skill/effort that went into breaking it.

    This "twist" is bullshit.

  • Re:Potential for rigging (Score:5, Insightful)

    by Decado ( 207907 ) on Wednesday February 06, 2008 @08:39PM (#22327870)
    I would have said that the challenge pretty much amounts to saying "The next OS we find a vulnerability for is the weakest". In the long term it is a meaningless piece of data. If we hear about a new exploit for any OS tomorrow it means nothing, you have to look at long term trends to find a correct answer.

  • "fair" would be "what users need" (Score:5, Insightful)

    by SuperBanana ( 662181 ) on Wednesday February 06, 2008 @08:40PM (#22327878)

    Vista installed from DVD default/recommended choices where possible on installation screens. Same with Ubuntu, and Mac OS/X. Any deviations noted. Any extra software installed must be available on all three platforms. Just to make it "fair".

    When is the last time you left an OS in its default configuration?

    A fair configuration is one in which all tested operating systems provide as identical as possible feature sets, including all the features the majority of people like to use. Like printer and file sharing, for example.

    It's also not fair to include, for example, NoScript- that breaks a ton of websites out of the box until you whitelist sites. Likewise for not including Flash as part of the package. An even more relevant example: the necessary firewall rules to allow IM (and file transfers.)

  • It would be more interesting to have (Score:2, Insightful)

    by Babu 'God' Hoover ( 1213422 ) on Wednesday February 06, 2008 @08:48PM (#22327972)
    all the contestants attack each of the three systems with the winner given his choice of the systems.

  • Re:Lopsided... (Score:3, Insightful)

    by geekoid ( 135745 ) <dadinportlandNO@SPAMyahoo.com> on Wednesday February 06, 2008 @08:59PM (#22328080) Homepage Journal
    Yes, but the skill and motivation to hack OSX is much higher. The person who can exploit OSX in a meaningful way would get a lot of prestige from the '*hat' community.

    Besides, that involves a logical fallacy. Basically be your statement to be true, they must ahve the same architecture, developed by people od equal skill use the same project management style and the same QA.

  • Vista would be first (Score:4, Insightful)

    by tsotha ( 720379 ) on Wednesday February 06, 2008 @09:03PM (#22328132)
    Even if it were the most secure, Vista would be first. I'm sure there are kits you can buy from shady groups in Eastern Europe or Russia that will do the trick immediately. If Vista doesn't already have the highest market share, it will at some point. So if you make hacking kits for organizations that make botnets you're gonna crack Vista first.

  • Re:Vista would be first (Score:3, Insightful)

    by Idiot with a gun ( 1081749 ) on Wednesday February 06, 2008 @09:36PM (#22328410)
    Except... many important servers run on Linux. So while lots of malware exists for Vista/XP, lots of people around the world really do make attempts at assaulting Linux boxes. More often than not, I believe, success is based upon attacking weaknesses in the software installed on said box. (Which one can argue that a properly maintained *nix box has a better chance of surviving, because of the continual security updates for all of its software).

  • Re:Potential for rigging (Score:2, Insightful)

    by The Mighty Buzzard ( 878441 ) on Wednesday February 06, 2008 @09:45PM (#22328492)
    You obviously don't know very many humans then. Of course you are posting on /. so I suppose that's to be expected.

  • To make it fair. (Score:2, Insightful)

    by Higaran ( 835598 ) on Wednesday February 06, 2008 @09:50PM (#22328554)
    I think all each team should have to hack all 3 computers, and the first team to do so gets to pick, and then the seconed picks the next one and then the thrid gets the last one. So that equal energy goes into hacking each unit, and each team will learn something about a system they probably didn't know, and isn't that what this whole thing is about, learing something.

  • Comment removed (Score:4, Insightful)

    by account_deleted ( 4530225 ) on Thursday February 07, 2008 @01:11AM (#22330182)
    Comment removed based on user account deletion

  • Re:Default Install (Score:3, Insightful)

    by stephanruby ( 542433 ) on Thursday February 07, 2008 @03:37AM (#22330878)
    At the very least, the Vista computer should be an emachine, or have AOL preloaded on it. A computer designed to meet the adware needs of its corporate-manufacturers over the needs of its owner should give us a much more realistic exercise. After all, what are botnets made up of? Cheap preloaded computers purchased at Best Buy/Walmart? Or computers assembled from scratch / or purchased through one's IT department through Dell ?

Slashdot Top Deals

What is research but a blind date with knowledge? -- Will Harvey

Close