Posts Tagged security

Hacker Super Bowl

At this year’s CanSecWest, there are three computers set up for open hacking, one running Vista, one running OSX, and one running Ubuntu Linux. Hacks must be done with a new zero-day exploit (that is, it can’t be an already known-about crack).

Organizers have worked to make the attack surface area the same on each system. That’s important because each OS comes with a different amount of pre-installed software — from Vista’s “it’s up to you to install anything useful” to OSX’s “We’ll give you a common set of simple tools” to Ubuntu’s “What do you want to do today? It’s already installed or available with a click.”

Day 1, the cracks must only be done over the network in non-user-interactive mode, and the prize is $20,000
Day 2, the cracks must only be done against software which is already installed, but it can involve tricking the user. Prize is $10,000
Day 3, the cracks can be done against a suite of commonly installed software, but the prize is only $5,000.

Update: Two minutes into day two, the Macbook Air was the first of the three systems to fall, due to an exploit against Safari.
Update 2: Late into the third day, the Vista laptop fell to a exploit against Adobe Flash. Ubuntu wins the contest.

, , ,

2 Comments