Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Mac Hack Contest Redux

samzenpus posted more than 6 years ago | from the what-breaks-first dept.

Security 164

narramissic writes "Remember the controversial Mac hacking contest from last year's CanSecWest conference? No? Here's a refresher: Conference organizers challenged attendees to hack into a Macintosh laptop, with the successful hacker winning the computer and a cash prize. Winner Dino Dai Zovi found a QuickTime bug that allowed him to run unauthorized software on the Mac once the computer's browser was directed to a specially crafted Web page. Well, the contest is back again this year, but with a twist, says Dragos Ruiu, the principal organizer of CanSecWest: 'We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first.""

cancel ×

164 comments

Sorry! There are no comments related to the filter you selected.

how about a taste test (2, Interesting)

gandhi_2 (1108023) | more than 6 years ago | (#22327744)

where you have to try apples, oranges, and beef jerky and decide which one tastes "best".


out of the box linux? Is there really such a thing? Ubuntu OEM, knoppix? That's a pretty wide range here.

Re:how about a taste test (1)

cheater512 (783349) | more than 6 years ago | (#22328166)

I wouldnt call this a apples to oranges comparison.
They are all common operating systems and they all fulfill the same purpose.

Although they'd probably have to do a handful of Linux boxes to ensure that problems aren't distro specific.

Re:how about a taste test (1)

calebt3 (1098475) | more than 6 years ago | (#22328238)

But then you could have a significant number of people attacking the Vista and Mac boxes (say, 20% each) and the other 60% would be split up among (maybe) 4+ Linux boxes.

Re:how about a taste test (1)

mrxak (727974) | more than 6 years ago | (#22328568)

I'd expect most people will try mac and linux, however many boxes they have. Everybody already knows you can hack Vista no problem, there's not much challenge in it, so they will concentrate on the ones with the higher perceived security. Never underestimate people's desire for glory.

Re:how about a taste test (2)

toadlife (301863) | more than 6 years ago | (#22328680)

Everybody already knows you can hack Vista no problem
Ok. How?

Re:how about a taste test (3, Funny)

calebt3 (1098475) | more than 6 years ago | (#22330220)

Click the 'x' in the top corner of the login screen. Oh wait...

Prediction (2, Funny)

flaming error (1041742) | more than 6 years ago | (#22327746)

> the successful hacker winning the computer and a cash prize I'm betting somebody's taking home a Windows machine.

Wrong! (4, Funny)

EmbeddedJanitor (597831) | more than 6 years ago | (#22327784)

The Vista computer won't get hacked because nobody will want to take it home!

Re:Wrong! (1)

Darfeld (1147131) | more than 6 years ago | (#22327880)

Yes it will. you could always get rid of windows and install linux after that. Or sell it on e-bay...

Re:Wrong! (0)

Anonymous Coward | more than 6 years ago | (#22330128)

(Score:-1, Wooshbait)

Re:Wrong! (1, Redundant)

r0b!n (1009159) | more than 6 years ago | (#22329270)

Hardware capable of running Vista will run Linux very nicely.

Re:Prediction (4, Funny)

Nerdfest (867930) | more than 6 years ago | (#22328078)

The outcome would be dependent on whether or not the Vista machine has already booted up. If not, attacking the other 2 gives you a decent head-start.

Re:Prediction (5, Funny)

LiquidCoooled (634315) | more than 6 years ago | (#22328220)

There is already a trojan available for vista, however noone is infected because its not finished copying over the network yet.

Re:Prediction (5, Funny)

Anonymous Coward | more than 6 years ago | (#22329988)

Sorry that's my fault, let me turn my sound off.

Re:Prediction (1)

kevlarcowboy (996973) | more than 6 years ago | (#22329202)

That's because they found out it was only a Mac Mini and gave up.

Default Install (5, Insightful)

Archangel Michael (180766) | more than 6 years ago | (#22327760)

I'd make sure that each was installed to default configuration. No tweaking allowed.

Vista installed from DVD default/recommended choices where possible on installation screens. Same with Ubuntu, and Mac OS/X. Any deviations noted. Any extra software installed must be available on all three platforms.

Just to make it "fair".

Re:Default Install (4, Insightful)

calebt3 (1098475) | more than 6 years ago | (#22327812)

I'd say that allowing updates to be installed would be fair.

Re:Default Install (1)

Daengbo (523424) | more than 6 years ago | (#22329696)

Nt only "fair" but required. The systems should be fully patched and using default installed software. This makes Windows a much smaller target software-wise, but I don't see any other way to make the competition fairer.

Re:Default Install (3, Insightful)

hairyfeet (841228) | more than 6 years ago | (#22330182)

That isn't really a real world test. I mean,come on,who in the hell would use a windows box with NOTHING on it? With Apple and just about any Linux,you would have everything you need to get work done,but on windows you'll need at LEAST some form of office software,along with adobe reader,and usually Nero or whatever came with the burner.


As a pc repairman that has been fixing windows boxes for over a decade,I can tell you that no matter what ELSE they have installed,they ALWAYS have some sort of office(even if it is just MSWorks) along with Adobe reader and either Nero or Roxio burning software.I don't think I've ever seen a box brought in that didn't have those,so for a real world test I would suggest MS Office 2K3(as that is what I've seen on the most machines) along with adobe reader and Nero or Roxio burning software. That would be a truly fair test.


Besides,if you never actually USE the machine,I doubt you'll be hacked.But most people actually want to DO things with their pc,and with windows that means at the very least a couple of pieces of software. But I doubt it'll make much difference anyway.The windows will be pwned the quickest,just like always.Vista just may take a little longer. Cancel or Allow?

Re:Default Install (1)

Daengbo (523424) | more than 6 years ago | (#22330268)

I agree with your assertion that a Windows computer won't be used like that, but any other configuration won't test the OS but applications unrelated to it, compromising the test. Sure "OpenBSD has had one remote exploit in the default install in its history" and the OS isn't usable for much in the default state, but that's the way to compare it against other OSes. Everything else just comes down to an argument of "why did you install that" and "they weren't optimized equally." Default install. XP still has enough holes fully patched that it would be first, but I'm pretty sure Vista would hold up well.

You need to exclude social engineering, too, but that's not a very "real world" case, either.

"fair" would be "what users need" (4, Insightful)

SuperBanana (662181) | more than 6 years ago | (#22327878)

Vista installed from DVD default/recommended choices where possible on installation screens. Same with Ubuntu, and Mac OS/X. Any deviations noted. Any extra software installed must be available on all three platforms. Just to make it "fair".

When is the last time you left an OS in its default configuration?

A fair configuration is one in which all tested operating systems provide as identical as possible feature sets, including all the features the majority of people like to use. Like printer and file sharing, for example.

It's also not fair to include, for example, NoScript- that breaks a ton of websites out of the box until you whitelist sites. Likewise for not including Flash as part of the package. An even more relevant example: the necessary firewall rules to allow IM (and file transfers.)

Re:"fair" would be "what users need" (3, Interesting)

CannonballHead (842625) | more than 6 years ago | (#22327980)

I think this is an excellent point.

Default windows configuration is defaulted to... well, a very compatible set of options.

Not having actually done a Mac install, I don't know what the default is.

A default Linux partition, depending on the flavor, could be pretty minimal...

Here's what I think would make it more fair: make all the operating systems able to do the same things. Presumably, the normal Mac user, at some point, will want to opens a windows media file and an Office 2007 file. The typical Windows user will use quicktime at some point, and thus have it installed and have its possible security holes, too.

Otherwise, I could create a Linux distro that is THE safest operating system EVER... and just not let you do anything, no network connectivity, etc. Pretty safe! And useless.

Re:"fair" would be "what users need" (2, Informative)

hunterkll (949515) | more than 6 years ago | (#22328836)

OS X install by default has no network services running external and is firewalled. you have to manually turn on network sharing and services from a preference pane

Re:"fair" would be "what users need" (1)

song-of-the-pogo (631676) | more than 6 years ago | (#22329502)

my experience was that the firewall was not enabled by default. I had to enable it myself. the rest of what you posted is certainly the case, though.

Re:"fair" would be "what users need" (1)

aliquis (678370) | more than 6 years ago | (#22330652)

I just checked my machine in Leopard and the firewall was off.

Anyway as others have said OS X has flash and javascript enabled and installed in the browser, quicktime, itunes with streaming music, mp3, pdf, dvd, burner support. Can show docs maybe (?)

I think default is the only way to test this however. If one os does more bad luck for it. Just take some regular/useful Linux dist.

Re:"fair" would be "what users need" (1)

Captain DaFt (755254) | more than 6 years ago | (#22329974)

"Otherwise, I could create a Linux distro that is THE safest operating system EVER... and just not let you do anything, no network connectivity, etc. Pretty safe! And useless."

Oh, I dunno... http://tinfoilhat.shmoo.com/ [shmoo.com] It has its uses.

Re:"fair" would be "what users need" (1)

LaskoVortex (1153471) | more than 6 years ago | (#22328186)

Fair would be the least number of clicks from start to finish, as this is what the majority of machines would be running in the world, and so the results would give an estimation of real world performance (not ubergeek world, but real world). If more people chose windows to attack because they thought it would be easiest, then that would also be a reflection of real world. I'd also stipulate that the install CDs would have to checksum with those available from bestbuy (or the politically correct equivalent). Several different linux installs would probably need to be tested as well, as these would vary.

What about Quicktime? (1)

yabos (719499) | more than 6 years ago | (#22328128)

That comes on OS X by default but to make Windows equal in potential flaws you have to install it on Windows too. Stuff like that gets complicated fairly fast. Quicktime shares code between OS X and Windows and most of the recent flaws regarding rtsp were the same result on either platform which was DOS or potential execution of arbitrary code.

Re:What about Quicktime? (2, Interesting)

QuantumG (50515) | more than 6 years ago | (#22328336)

Quicktime comes with Firefox these days .. I've lost count of the number of times I've seen Quicktime crash Firefox.. every time I think "I bet that is exploitable", but, ya know, I'm too lazy to bother looking.

Re:What about Quicktime? (2, Informative)

Crimson Wing (980223) | more than 6 years ago | (#22329032)

Quicktime comes with Firefox these days
Uh, BS? Every time I've installed Firefox so far, then gone to a page with an embedded QuickTime media file, Firefox has complained of needing an additional plugin. I install QuickTime itself, and then embedded QT files play just fine.

Re:Default Install (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22329146)

But the update model of Windows is completely different from that of Ubuntu and Mac OS/X. Whereas Windows is based around 'distribute platform, then updates to the platform as and when they are done', Ubuntu is based on 'distribute entire platform in each update as and when they are done'. It's very difficult to index the apples and oranges to a common standard here.

Some ways of doing it are:

1. Windows Vista as per release date shrink wrapped copy, Ubuntu as per most recent internet downloaded copy. Result: Vista has a lot more bugs, especially the exploits that have been published and fixed. Ubuntu will use the very latest patches and have none. Argument in favour: The 'idealised new customer experience' is reflected. Argument against: The 'quality of programming' at either the point of Vista release or at the present is not reflected. Is there an 'idealised new customer' who does not get a patched version from Dell, or store-buyer who does not run Windows Update as prodded to many many times by the OS?

2. Windows Vista as per release date shrink wrapped copy. Ubuntu as per internet download availble on the date Vista was released. This would not reflect any 'idealised new customer experience', but would reflect a 'quality of programming at that point in time' measure to some rough degree. The problem is, which unpatched version of Mac OS/X would be used? The one released at the earliest date BEFORE Vista, or at the earliest date AFTER Vista, and why should Vista's release be the yardstick?

3. Windows Vista patched to the latest date. Ubuntu patched to the latest date. Mac OS/X patched to the latest date. This would not reflect an 'idealised new customer experience', but would come close to reflecting a 'quality of programming at the present' measure together with an 'average user' experience (considering how many get moderately patched versions when they buy it). When Vista SP1 is released, will e.g. anyone buying from Dell have a 'first user' experience WITHOUT SP1?

I'd say 3 is the best, because, although 1 is tempting because it clearly increases the likelihood that Vista will be hacked first, the 'idealised first user experience' that it claims to justify its case is unlikely to exist.

As for the choice of distro - you could always have several teams working on Vista and Mac OS/X computers, and one team for each distro.

Do they even have to ask? (1)

Paiev (1233954) | more than 6 years ago | (#22327764)

We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first
Do they even have to ask? Vista will go down first, most likely. Also, what Linux distribution are they going to be using? A Debian machine is going to be a lot more difficult to break into than an alpha version of Fedora 9, for example.

Re:Do they even have to ask? (1)

doombringerltx (1109389) | more than 6 years ago | (#22328138)

Just a wild guess, but I doubt with whatever distro they use, it won't be an alpha or beta verison. Just a hunch.

Re:Do they even have to ask? (0)

Anonymous Coward | more than 6 years ago | (#22328384)

> Just a wild guess, but I doubt with whatever distro they use, it won't be an alpha or beta verison. Just a hunch.

Well that excludes Vista then.

What will be the GNU/Linux prize? (5, Funny)

Anonymous Coward | more than 6 years ago | (#22327768)

The 386 it was installed on?

Re:What will be the GNU/Linux prize? (4, Funny)

Enoxice (993945) | more than 6 years ago | (#22328044)

The toaster it was installed on?


Fixed.

Re:What will be the GNU/Linux prize? (2, Informative)

calebt3 (1098475) | more than 6 years ago | (#22328116)

The complete list [uncyclopedia.org]

Re:What will be the GNU/Linux prize? (1)

HiThere (15173) | more than 6 years ago | (#22329238)

Sorry, it was BSD Unix that was installed on the toaster. (I forget which flavor.)

Re:What will be the GNU/Linux prize? (1)

Eddi3 (1046882) | more than 6 years ago | (#22329612)

A slice of cinnamon bread?

Re:What will be the GNU/Linux prize? (1)

Isauq (730660) | more than 6 years ago | (#22330748)

NetBSD. The devs maintain that it was an excellent example of typical embedded systems with NetBSD.

Cool. (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22327774)

See, things like this are great when in all in good fun. It's good for the mind and is a wonderful example of human creativity.

Like I always say, "anything made by a human can be broken by a human".

Re:Cool. (1)

karlto (883425) | more than 6 years ago | (#22330304)

Like I always say, "anything made by a human can be broken by a human"
I always heard it the blunt way: "If you can fix it, I can f*** it."

Begs The question (3, Funny)

realthing02 (1084767) | more than 6 years ago | (#22327778)

Before the sea of "vista sucks" comments, I'm going to ask this question:

When vista inevitably goes first, who is going to want it? I assume it must be a good enough computer to actually run vista, so lets all take guesses at the OS loaded onto it after it's "pwnd".

It doesn't beg any question... (2, Funny)

Anonymous Coward | more than 6 years ago | (#22328350)

...and you damn well know it. You guys are deliberately baiting the language nazis - there's no way you could *still* be ignorant of what this phrase means.

Re:It doesn't beg any question... (0)

Anonymous Coward | more than 6 years ago | (#22329550)

You're fighting a losing battle. And it's not unreasonable that to "beg the question," if it had no other meaning, would mean "raise the question." Many words and phrases take on multiple meanings. That's just the way language goes.

too easy (0)

Anonymous Coward | more than 6 years ago | (#22327794)

Aww come on, placing Vista in this contest is obviously unfair to OS X and Linux; the latter two don't stand a chance at beating Vista for first place.

Won't somebody please think of the Vista? :(

Re:too easy (2, Interesting)

HiThere (15173) | more than 6 years ago | (#22329272)

Actually, Vista may be the last standing. I'm not saying it's the most secure, but it's the most unknown. And if you were a Black Hat who had developed a route into Vista, I'm sure there are more profitable ways of exploiting your ingenuity.

Potential for rigging (1)

volt4ire (1131825) | more than 6 years ago | (#22327816)

The problem with the "let's see which OS cracks first" approach is that Microsoft, Apple or maybe even Novell would bribe participants to focus their efforts on their competitor's OS.

Re:Potential for rigging (1, Informative)

Anonymous Coward | more than 6 years ago | (#22327846)

That and the fact that linux isn't an OS.

Re:Potential for rigging (5, Insightful)

Decado (207907) | more than 6 years ago | (#22327870)

I would have said that the challenge pretty much amounts to saying "The next OS we find a vulnerability for is the weakest". In the long term it is a meaningless piece of data. If we hear about a new exploit for any OS tomorrow it means nothing, you have to look at long term trends to find a correct answer.

Re:Potential for rigging (0)

Anonymous Coward | more than 6 years ago | (#22328102)

That's about the only intelligent post that this thread will result in.

Re:Potential for rigging (1)

Divebus (860563) | more than 6 years ago | (#22330388)

This is kind of a silly contest. Fun but silly. It might be more fun to see which OS annoys the user enough to launch the CPU across the room.

If you really want to know what happens from a security standpoint, just connect them all to the Internet and wait. That's real world for you. Even if Linux or OS X does get hacked first, there's a lot of catching up to do before anyone can say "see, it's just as insecure as windows".

Re:Potential for rigging (1)

Murphy Murph (833008) | more than 6 years ago | (#22327888)

The problem with the "let's see which OS cracks first" approach is that Microsoft, Apple or maybe even Novell would bribe participants to focus their efforts on their competitor's OS.


And thus another window into how I don't think like some other people. Sure I guess the idea is possible - but to instantly assume all actors are bad actors shows a fundamental distrust of humans I find frightening.

Re:Potential for rigging (2, Insightful)

The Mighty Buzzard (878441) | more than 6 years ago | (#22328492)

You obviously don't know very many humans then. Of course you are posting on /. so I suppose that's to be expected.

Obvious misleading conclusions (4, Insightful)

Secret Rabbit (914973) | more than 6 years ago | (#22327854)

I think it's obvious the nonsense that'll come out of this. People will say, x OS is more insecure than y and z because it fell first/so quickly. Regardless of the skewed skill/effort that went into breaking it.

This "twist" is bullshit.

Re:Obvious misleading conclusions (1)

Hybridan (857002) | more than 6 years ago | (#22328274)

Honestly, I could see this being a legitimate, "real world" or functional test type experiment. It would be difficult to make a contest like this something that is a perfect and "equal" or fair representation of the security of the OS's. It would however, provide an interesting look into how people generally perceive and go about attacking different systems. The amount of time or work put into finding cracks in the armor of one or the other is perhaps just as interesting as which would "fall first".
H.

Re:Obvious misleading conclusions (0)

Anonymous Coward | more than 6 years ago | (#22328932)

Regardless of the skewed skill/effort that went into breaking it.

So they could make the contest to be the first person to break into all three machines, then look at the average time it took for each OS. That should take care of evening out the distribution of talent attacking each system.

Poor subnet (1)

cruelworld (21187) | more than 6 years ago | (#22327938)

I feel so bad for that subnet. So many idiots who will just sit there and hammer it endlessly hoping that some magical 'hacking' will occur.

I'd like to see stats on effort per platform (4, Interesting)

SuperBanana (662181) | more than 6 years ago | (#22327940)

We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first.

What I'd be most interested in is a survey of contestants as to their platform experience, and how focused they intend to be on attacking the different platforms. That part could be wildly unscientific, but could be interesting if everyone answers openly.

Couple that with some good logs of network activity, to see how focused attacks are on the various systems.

For example, it could turn out that nobody goes for the supposed low hanging fruit, and everyone tries to target the Mac...or an OpenBSD box, if they bring one. Etc.

Lopsided... (1)

msauve (701917) | more than 6 years ago | (#22327948)

This hardly seems like a fair test, for what the results are implied to indicate.

I'll predict that Vista goes down first, because there are more Windows programmers out there than Mac/*nix. Time-to-first-hack isn't a valid measure of OS robustness.

That probably won't be a popular statement here on /. , but oh well.

Re:Lopsided... (2, Insightful)

geekoid (135745) | more than 6 years ago | (#22328080)

Yes, but the skill and motivation to hack OSX is much higher. The person who can exploit OSX in a meaningful way would get a lot of prestige from the '*hat' community.

Besides, that involves a logical fallacy. Basically be your statement to be true, they must ahve the same architecture, developed by people od equal skill use the same project management style and the same QA.

Re:Lopsided... (1)

toadlife (301863) | more than 6 years ago | (#22328216)

Yes, but the skill and motivation to hack OSX is much higher.
You speak as if OSX exploits are a rare thing.

The person who can exploit OSX in a meaningful way would get a lot of prestige from the '*hat' community.
You mean like the last contest winner who developed a working brower + quicktime attack in only a few hours? Are you saying the same class of exploit that is used to infect Windows users every day is not significant on OSX?

Re:Lopsided... (1)

Jerry Smith (806480) | more than 6 years ago | (#22330518)

You speak as if OSX exploits are a rare thing.

Rare? Diamonds are rare, yet I see them daily.

Are you saying the same class of exploit that is used to infect Windows users every day is not significant on OSX?

One uses an exploit to potentially cause an infection. If it doesn't spread, well, that doesn't really say much about the exploit.

But I am really interested in the outcome of the contest, especially what they will consider as a 'default' install and 'default' configuration.

Re:Lopsided... (1)

QuantumG (50515) | more than 6 years ago | (#22328264)

No-one gives a shit about desktop security, let alone Mac-OS desktop security. Businesses pay for security analysis.. of server apps.

Re:Lopsided... (1)

phantomcircuit (938963) | more than 6 years ago | (#22330540)

This is from 2006 and is a fairly basic security flaw. http://milw0rm.com/exploits/1545 [milw0rm.com] Mac OS X simply has not been a valuable enough target in the past to be attacked in a meaningful way.

It would be more interesting to have (2, Insightful)

Babu 'God' Hoover (1213422) | more than 6 years ago | (#22327972)

all the contestants attack each of the three systems with the winner given his choice of the systems.

A new rule (1)

kcbanner (929309) | more than 6 years ago | (#22328126)

The IPs of the machines are given out, but not what OS is on the boxes. (Identifying the windows box is pretty easy though, RPC etc).

Vista would be first (3, Insightful)

tsotha (720379) | more than 6 years ago | (#22328132)

Even if it were the most secure, Vista would be first. I'm sure there are kits you can buy from shady groups in Eastern Europe or Russia that will do the trick immediately. If Vista doesn't already have the highest market share, it will at some point. So if you make hacking kits for organizations that make botnets you're gonna crack Vista first.

Re:Vista would be first (3, Insightful)

Idiot with a gun (1081749) | more than 6 years ago | (#22328410)

Except... many important servers run on Linux. So while lots of malware exists for Vista/XP, lots of people around the world really do make attempts at assaulting Linux boxes. More often than not, I believe, success is based upon attacking weaknesses in the software installed on said box. (Which one can argue that a properly maintained *nix box has a better chance of surviving, because of the continual security updates for all of its software).

Re:Vista would be first (2, Interesting)

tsotha (720379) | more than 6 years ago | (#22328438)

Oh, I'm sure Linux boxes are subject to attacks as well. I just think, as a nefarious writer of cracking software, you'd have to believe your time is better spent cracking Windows than Linux. And I don't believe servers are the most profitable boxes to hack anymore - keyloggers to swindle online banking users are probably the big moneymakers.

Re:Vista would be first (1)

Idiot with a gun (1081749) | more than 6 years ago | (#22328726)

Some of the most brilliant hacks are for recognition among hackers, not just money. More often than not, the real money makers are the dumb assaults, phishing, domain squatting, social engineering, etc.

Re:Vista would be first (0)

Anonymous Coward | more than 6 years ago | (#22328582)

Is it profitable to buy Vista hacks? I am guessing that with SP1 RTM, all easy hacks used by script kiddies are plugged, so you'll have to get kits using obscure hacking methods. Remember that you'll have to disclose the method to breach the security and I don't see why shady groups will sell you their secrets because once they're out, the holes'll get plugged, effectively rendering their products useless. I don't think it'll be cheap nor will it guarantee you to be the first to breach the security. You may spend more than going to a store and buy a complete set of computer.

Re:Vista would be first (1)

ozmanjusri (601766) | more than 6 years ago | (#22329748)

Vista would be first. I'm sure there are kits you can buy from shady groups in Eastern Europe or Russia that will do the trick immediately.

Different class of exploit.

Your average Vista install's destiny is to become part of a botnet. That doesn't requre the type of remote cracking that's being set up in this test, just a trojan embedded in a shiny cursor app.

Windows botnets tend to be herded by Linux servers which have been individually cracked, which is what this test is about.

*BSD! (1)

QuickFox (311231) | more than 6 years ago | (#22328150)

What about *BSD? This contest is grossly unfair unless a *BSD is included!

Hehe. Let's see them try to pwn that one.

Re:*BSD! (0)

Anonymous Coward | more than 6 years ago | (#22330762)

They tried to include a workstation with OpenBSD in it, but the hackers would complain that it could be considered torture.
Seriously, if you have not tried OpenBSD, try it. It does require more hand-configuration than say, Ubuntu, but its manpages are actually useful. No more searching through the entire Google database to be able to start your system's GUI. Filesystems support is its weakness, but if you are looking for a free OS for your laptop(ytes, that includes your wireless card) you will have troubles to find anything better.
It isn't solid as in nobody has ever bothered to break it. It is solid as in Gameboy.

TFA doesn't say (5, Funny)

Cajun Hell (725246) | more than 6 years ago | (#22328252)

Who is operating each machine? I need their email addresses. I want to send them some programs, and my "hack" is that the programs will come with instructions to the operator: please execute this attachment.

My understanding is that for Windows, I just need to have the filename end with .exe. For MacOS, I need it to end with .dmg. For Linux, I need to train the user how to use chmod.

Re:TFA doesn't say (2, Funny)

Al_Lapalme (698542) | more than 6 years ago | (#22328690)

Hehehe... Copy to desktop; right click->properties - check 'executable' and then run.

Can't wait to see those vacation pictures!!!

Ahhh f*ck.

Re:TFA doesn't say (2, Informative)

toadlife (301863) | more than 6 years ago | (#22328792)

For Linux, I need to train the user how to use chmod.
Naw. Assuming it will be a functional equivalent of Windows and OS X, it should be running KDE, which means it will have support for archives (Ark) built into it. Just send 'em an archived shell script with the execute bit already set. Alternatively, you can send them your payload in some sort of package format, like RPM.

stupid test (1)

EdelFactor19 (732765) | more than 6 years ago | (#22328798)

this doesn't measure the security of the OS
it measures the stupidity of the user

your program can be a one liner on any of the machines.

just a freaking script that says "delete *.*"
or you coudl see who has passwordless sudo and go sudo rm /*
and that will do on any *nix pretty much

again we are testing the OS not the STUPID USER AT THE WHEEL

Re:TFA doesn't say (0)

Anonymous Coward | more than 6 years ago | (#22329156)

Umm... DMG is just a disk image. What you want is to create your application and everything it needs into one folder and append .app to the end of the folder name. Hope this helps in your evil plot. :)

Re:TFA doesn't say (4, Interesting)

Shados (741919) | more than 6 years ago | (#22329326)

Try this for giggles. Have a Vista machine. Send them an email with an exe file. Try and get them to execute it. Good luck. If you manage that, try the same exercise by MSN Messenger. At that point, even I am not sure I can do it without googling, and even then its tricky. Vista is a b**** when it comes to running EXEs received by email or MSN.

I'm taking a wild guess here (1)

Lewrker (749844) | more than 6 years ago | (#22328286)

that they won't use a Debian stable netinstall with properly configured iptables and choose to deploy Fedora instead ?

OSX, Linux, Vista (2, Interesting)

Anonymous Coward | more than 6 years ago | (#22328288)

If I were to enter such a contest I would target OSX first, then Linux and Finally vista.

OSX is first because apple has been hideing behind security by obscurity for too long. I have seen no evidence that suggests OSX gets it any more than Microsoft did.

Linux next because source code is avaliable... and while clever hits without source are sometimes easier you just might get lucky walking the ususal paths and find something exploitable.

MS has been more or less awake from the security perspective for years now and most of the expliot efforts have been targeted at this platform which raises the bar for discovery of new expliots because all the trivial vectors have already been probed. Following the same line windows expliots are simply worth more than OSX or Linux expliots. Good ones can be worth a room full of PCs if you can find the right buyer.

Applications such as browsers, media players, and various popular plugins ... acrobat, flash...etc provide great cross platform opportunity for successful attacks. It might actually be worth ones time to try for a common expliot and win all three :)

Besides a PC is a PC... you can always reformat the drive and install Solaris if you want :)

Kobayashi Maru (1)

Coolhand2120 (1001761) | more than 6 years ago | (#22328390)

Someone should pull a Kobayashi Maru and hack all the competing hacker's machines so they can win the prize.

Re:Kobayashi Maru (1)

calebt3 (1098475) | more than 6 years ago | (#22328400)

Everybody else gets redirected to 127.0.0.1 while you take your time?

Re:Kobayashi Maru (0)

Anonymous Coward | more than 6 years ago | (#22329214)

1. Beat the pasty-faced nerds with a waffle iron each time they go close to their computers
2. Keep trying on your own computer. Trap them in cages
3. Keep trying until they show you how to hack it out of frustration
4. You win
5. Sell them to someone
6. Profit!

There is no ? step!

I thought that Macs were invincible..... (0)

Kral_Blbec (1201285) | more than 6 years ago | (#22328466)

Funny that nobody has yet commented on how they cracked Mac. For years the main advantages that I have heard Mac users claim is that they are: 1)Easier to use (which I contest) 2)"Virtually" immune to hacking attempts So what stuff like this shows is that it is just as vulnrable, there is just no motivation. I can't wait until all the grandmas that bought a mac because the nice gentleman told them that they wouldnt have to worry about all the mean viruses (or is it virii?) that they have heard so much about start getting hijacked when the market share gets high enough for people to care.

GNU/Linux... which distro will they use? (1)

Sodki (621717) | more than 6 years ago | (#22328514)

I hope they'll go with Gentoo. It is uncrackable. When the hackers attack they can't do anything to it because the system is busy compiling itself.

To make it fair. (2, Insightful)

Higaran (835598) | more than 6 years ago | (#22328554)

I think all each team should have to hack all 3 computers, and the first team to do so gets to pick, and then the seconed picks the next one and then the thrid gets the last one. So that equal energy goes into hacking each unit, and each team will learn something about a system they probably didn't know, and isn't that what this whole thing is about, learing something.

Me thinks... (1)

drewmoney (1133487) | more than 6 years ago | (#22328580)

They should probably turn off the Windows machine, just to make it fair and all...

These contests provide limited information... (1)

argent (18001) | more than 6 years ago | (#22328810)

While they may help reveal specific information about vulnerabilities, which is good, they don't provide much useful information about the security of the systems being attacked.

Second prize... (1)

Swimingly Gunston (1234752) | more than 6 years ago | (#22329044)

two windows laptops plus a cash prize.

Sin City (1)

dangran (1234680) | more than 6 years ago | (#22329328)

What'll Vegas open the odds at?

Aw, man... (1)

TobyRush (957946) | more than 6 years ago | (#22329350)

I saw the headline and got all excited.... [wikipedia.org]

Unfortunately... (1)

actionbastard (1206160) | more than 6 years ago | (#22329590)

As a long time OS X admin, OS X will -unfortunately- probably go down really hard this time 'round.
After all, LI_US has already passed judgement on it. [smh.com.au]

OpenBSD (1)

EEPROMS (889169) | more than 6 years ago | (#22330152)

You could be real bastard and put OpenBSD on a top or the range $10k machine and watch as people spend hours pulling their hair out.

Re:OpenBSD (1)

EEPROMS (889169) | more than 6 years ago | (#22330170)

You could be a real bastard and put OpenBSD on a top of the range $10k machine and watch as people spend hours pulling their hair out.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?