Slashdot Mirror
Last Year's CanSecWest Winner Repeats on Vista, Ubuntu Wins
DimitryGH followed up on the earlier news that the MacBook Air lost CanSecWest by noting that "Last year's winner of the CanSecWest hacking contest has won the Vista laptop in this year's competition. According to the sponsor TippingPoint's blog, Shane Macaulay used a new 0day exploit against Adobe Flash in order to secure his win. At the end of the day, the only laptop (of OS X, Vista, and Ubuntu) that remained unharmed was the one running Ubuntu. How's that for fueling religious platform wars?"
Make mine a Guinness :)
Guinness FTW.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
I've been a little suspicious of this contest simply because of the different hardware prizes. It is possible that a hacker's motivation for the contest is driven by the nice hardware of the machine, and *not* the OS running on it. In other words, of course they're going to try to hack the nicest machines, and every system has holes (regardless of record), so it isn't necessarily news that "nicest machine was hacked first".
Not that it's easy to level this particular playing field, but you could argue that at least the Vista and Ubuntu machines can run on exactly the same type of laptop. Maybe even "3 MacBooks running VMware" would still be considered fair for testing the built-in strengths of all 3 operating systems. The idea is to take away the hardware incentive, so the results are more interesting.
"Microsoft killed my company, I hold a personal grudge. I don't use Microsoft products and neither should you."-JWZ
You harbor the same good tastes, Sir, and cheers to you too, aswell as to the original poster.
A horse can't be sick, you know, even if he wants to.
UAC is basically sudo and like the root password prompts that come up under GUI in Linux, except that MS didn't think that it would make sense to prompt a user already designated as a admin to enter the password because the vast majority of their users run in a single user environment. If the user is not an admin, then the admin password is prompted for. Can your provide some references for how windows not properly com
/opt/random/bin/random, it'll be denied; you'll need to use a console (sudo cp foo /opt/random/bin/random). In this regard Ubuntu assumes a user never needs to install third-party software or touch another user's files.
What the? On Vista, you are always asked for an administrative password to do administrative stuff. If the current user is an admin, that's you're own password, otherwise it's a username/password combo. This is by default; Windows can be configured so administrators don't need to enter their password if a user is foolhardy enough.
On Ubuntu,[*] you are asked for your own password if you're a regular user with administrative rights (which lets you launch a program as root); and you are asked for your own password, but you'll always get an incorrect password prompt, if you're just a regular user. Root is disabled by default; but if a user is foolhardy enough they can enable it and use it as their regular user and never again be prompted for their password.
The Windows prompt comes up more frequently; if you have no write permissions to C:\Program Files\Random Third Party\Random.exe, but you try to copy a file on top of it, Windows will ask for an administrative password. On Ubuntu, if you have no write permissions to
The Windows method is probably more convenient and the Linux method clearly has a bug, but not a security bug (if you won't ever be able to upgrade your privileges, it should just refuse). But considering you never log in as root on Linux, they're probably about equal, assuming the backends are secure.
[*]: I currently use Debian, so Ubuntu might've changed in some regards.
Look out!