Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac Hack Contest Redux

Posted by samzenpus on from the what-breaks-first dept.

narramissic writes "Remember the controversial Mac hacking contest from last year's CanSecWest conference? No? Here's a refresher: Conference organizers challenged attendees to hack into a Macintosh laptop, with the successful hacker winning the computer and a cash prize. Winner Dino Dai Zovi found a QuickTime bug that allowed him to run unauthorized software on the Mac once the computer's browser was directed to a specially crafted Web page. Well, the contest is back again this year, but with a twist, says Dragos Ruiu, the principal organizer of CanSecWest: 'We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first.""

16 of 164 comments (clear)

  1. easy by jim.hansson · · Score: 5, Interesting

    http://slashdot.org/firehose.pl?op=view&id=508230

    --
    preview button, my computer does't have any preview button
  2. Default Install by Archangel+Michael · · Score: 5, Insightful

    I'd make sure that each was installed to default configuration. No tweaking allowed.

    Vista installed from DVD default/recommended choices where possible on installation screens. Same with Ubuntu, and Mac OS/X. Any deviations noted. Any extra software installed must be available on all three platforms.

    Just to make it "fair".

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
    1. Re:Default Install by calebt3 · · Score: 4, Insightful

      I'd say that allowing updates to be installed would be fair.

  3. What will be the GNU/Linux prize? by Anonymous Coward · · Score: 5, Funny

    The 386 it was installed on?

    1. Re:What will be the GNU/Linux prize? by Enoxice · · Score: 4, Funny

      The toaster it was installed on?

      Fixed.
      --
      Anyone else think the comments just weren't rendering right before they turned off ABP and saw ads?
  4. Wrong! by EmbeddedJanitor · · Score: 4, Funny

    The Vista computer won't get hacked because nobody will want to take it home!

    --
    Engineering is the art of compromise.
  5. Obvious misleading conclusions by Secret+Rabbit · · Score: 4, Insightful

    I think it's obvious the nonsense that'll come out of this. People will say, x OS is more insecure than y and z because it fell first/so quickly. Regardless of the skewed skill/effort that went into breaking it.

    This "twist" is bullshit.

  6. Re:Potential for rigging by Decado · · Score: 5, Insightful

    I would have said that the challenge pretty much amounts to saying "The next OS we find a vulnerability for is the weakest". In the long term it is a meaningless piece of data. If we hear about a new exploit for any OS tomorrow it means nothing, you have to look at long term trends to find a correct answer.

    --

    Slashdot: Proof that a million monkeys at a million typewriters can create a masterpiece

  7. "fair" would be "what users need" by SuperBanana · · Score: 4, Insightful

    Vista installed from DVD default/recommended choices where possible on installation screens. Same with Ubuntu, and Mac OS/X. Any deviations noted. Any extra software installed must be available on all three platforms. Just to make it "fair".

    When is the last time you left an OS in its default configuration?

    A fair configuration is one in which all tested operating systems provide as identical as possible feature sets, including all the features the majority of people like to use. Like printer and file sharing, for example.

    It's also not fair to include, for example, NoScript- that breaks a ton of websites out of the box until you whitelist sites. Likewise for not including Flash as part of the package. An even more relevant example: the necessary firewall rules to allow IM (and file transfers.)

    --
    Please help metamoderate.
  8. I'd like to see stats on effort per platform by SuperBanana · · Score: 4, Interesting

    We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first.

    What I'd be most interested in is a survey of contestants as to their platform experience, and how focused they intend to be on attacking the different platforms. That part could be wildly unscientific, but could be interesting if everyone answers openly.

    Couple that with some good logs of network activity, to see how focused attacks are on the various systems.

    For example, it could turn out that nobody goes for the supposed low hanging fruit, and everyone tries to target the Mac...or an OpenBSD box, if they bring one. Etc.

    --
    Please help metamoderate.
  9. Re:Prediction by Nerdfest · · Score: 4, Funny

    The outcome would be dependent on whether or not the Vista machine has already booted up. If not, attacking the other 2 gives you a decent head-start.

  10. Re:Prediction by LiquidCoooled · · Score: 5, Funny

    There is already a trojan available for vista, however noone is infected because its not finished copying over the network yet.

    --
    liqbase :: faster than paper
  11. TFA doesn't say by Cajun+Hell · · Score: 5, Funny

    Who is operating each machine? I need their email addresses. I want to send them some programs, and my "hack" is that the programs will come with instructions to the operator: please execute this attachment.

    My understanding is that for Windows, I just need to have the filename end with .exe. For MacOS, I need it to end with .dmg. For Linux, I need to train the user how to use chmod.

    --
    "Believe me!" -- Donald Trump
    1. Re:TFA doesn't say by Shados · · Score: 4, Interesting

      Try this for giggles. Have a Vista machine. Send them an email with an exe file. Try and get them to execute it. Good luck. If you manage that, try the same exercise by MSN Messenger. At that point, even I am not sure I can do it without googling, and even then its tricky. Vista is a b**** when it comes to running EXEs received by email or MSN.

  12. Re:*BSD! by CapsaicinBoy · · Score: 4, Funny

    Ummm. OSX is just NeXTstep v5 (or 6 by now?), and NeXTstep is a flavor of BSD.

    Please turn in your geek card on the way out.

    http://en.wikipedia.org/wiki/Image:Unix_history.en.svg

  13. Re:Prediction by Anonymous Coward · · Score: 5, Funny

    Sorry that's my fault, let me turn my sound off.