PWN to OWN Reading
April 1, 2008
I’m sure this will provide great fodder for flame wars of all sorts for the next few months. All three operating systems survived round one where just the OS (with default settings) was up for grabs. Of course since none of these operating systems are ever used in such a state, it’s not all that meaningful. OS X fell in round two – applications included by default – thanks to Safari. And Vista fell in an exploit involving Java and Flash (details to be revealed only after achieving irrelevance) in the common third party app round. Ubuntu (Gutsy) was the last OS standing.
- Official contest description. It must feel a little odd to take home the machine you just compromised as part of the prize. (Last year’s winner prefers the OS he cracked. I guess it makes sense.) The 30 minute slot setup seems a little unusual as well.
- Official write-up. As a commenter notes, the guys cracking the Vista machine are doing so with (first-to-fall) Macs.
- Channel Register:
As we’ve said in the past, one benefit of the Pwn2Own contest is its ability to eliminate economic variables from the argument over whether a given platform is vulnerable to attack. Given the proper incentive, it’s safe to say that any is ripe for the picking.
- From Planet Websecurity (links to original blogs): 1, 2 (the real winner? NoScript!), 3 (is a Flash flaw Microsoft’s fault? Would it work cross-platform? Wouldn’t it have been at least tried on the Ubuntu machine in the contest? UPDATE: The latter is specifically disallowed. D’oh! You’d think they could just test it and release the result.)
- Desktop Linux (a few of the details seem confused.)
- Ubuntu Tips and Tricks.