Vista, Leopard, Linux to compete in hack contest

By Tom Espiner
Special to CNET News.com Published: February 7, 2008 7:34 AM PST

Tools

Related Stories: Year in review: Botnet gains, Web 2.0 pains
December 31, 2007; Inviting the hackers inside
December 4, 2007; Black Hat 'supersizes' in Las Vegas
July 30, 2007; Apple plugs QuickTime zero-day flaw
May 1, 2007; Mac hacked through QuickTime flaw
April 24, 2007
Related Blogs: IE also affected by $10,000 QuickTime bug
News Blog
April 25, 2007; Apple issues a security update for Quicktime 7.1.6
News Blog
May 29, 2007

Apple's OS X, Microsoft Windows, and Linux operating systems are to be pitted against each other in an ethical hacking contest in Vancouver next month.

Run by the organizers of the CanSecWest Vancouver 2008 security conference, the competition is a repeat of the "PWN to Own" contest at CanSecWest in 2007, when security researchers competed to win a MacBook Pro and $10,000. The prize was shared between security researchers Dino Dai Zovi and Shane Macauley for their successful use of a zero-day QuickTime vulnerability, which they used to compromise the MacBook. The vulnerability was subsequently found to also affect Windows platforms.

The hacking competition at CanSecWest 2008 will pit the Linux, Leopard OS X, and Vista operating systems against each other, according to CanSecWest organizer Dragos Ruiu.

"The fur is flying right now about which is more secure--Linux, Vista, or Leopard," Ruiu said on Thursday. "Linux guys have their propaganda, Windows guys are saying this and that, Apple guys have buried their heads in the sand as usual. I guess the proof is in the pudding."

The prizes for the contest will be "several laptops," according to Ruiu. When he spoke to ZDNet UK, on Thursday, the security researcher was in Tokyo partly to organize a CanSecWest event and partly to go "shopping for laptops." Ruiu had not yet decided which laptops to buy, but said he was looking for something "new and thrilling."

"We want the prizes to inspire lust amongst geeks," said Ruiu. "It's going to be something lustworthy."

Last year the $10,000 prize money was supplied by security firm TippingPoint. This year's contest still needs a sponsor, and it is possible that the nature of the contest could still change, said Ruiu, although he declined to say what other form it might take.

Tom Espiner of ZDNet UK reported from London.

More from News.com on this story's topics: Hacking
Create an email alert | RSS feed; CanSecWest
RSS feed

See more CNET content tagged:
contest, hacking, Apple MacBook, Linux, Microsoft Windows Vista

Add a Comment (Log in or register) 92 comments (Page 1 of 2)

Yee-haw! Can't wait for this!
by ejevo February 7, 2008 8:10 AM PST: Oh, this is going to be good. Let the fanbois shut up, and the results will speak.; Reply to this comment View reply
Processing

Boy can this be skewed...
by nlakin February 7, 2008 8:33 AM PST: The initial security settings set on each of these machines can vary greatly. What one expert calls "typical" security setup for each one of these OS's can greatly skew the results. They at least should have a rep from each OS to rebut/agree on a typical setting. This is like a prosecuter presenting a case to a jury without the defense having a chance to refute the evidence.; Reply to this comment View all 2 replies
Processing

Vista will have so many holes...
by supoman February 7, 2008 8:50 AM PST: It'll be like trying to plug the holes in a sponge to keep water inside.; Reply to this comment

On one condition:
by Penguinisto February 7, 2008 9:03 AM PST: That all three are set up with just their defaults. The last time something like this was done, was a contest in 1999 by Mindcraft... bought and paid for by Microsoft. You can only guess how stacked the odds were. Or, you can read the MSFT flack's admission of same for yourself - here: http://www.itweb.co.za/sections/enterprise/1999/9904221410.asp (Mindcraft's website is still up, but it's been pretty much defunct since 2003). -- This time, let's set it up with the ultimate - the defaults, patched to present with whatever patching/update program exists on each OS (All three have one). Fedora Core 8, OSX Leopard/10.5, and Vista w/ SP1. Then simply turn 'em loose with public IP addys and see what comes of it. /P; Reply to this comment View all 2 replies
Processing

Speed vs Severity
by ittesi259 February 7, 2008 9:32 AM PST: I would like to see this rated as speed and severity taken into consideration. Its one thing to say "I hacked you in 5 minutes" but no good if your hack doesn't do anything. But if you can say "I hacked you in 30 minutes and now I own your system" thats a different story. I expect all 3 will be hacked. I'd be more interested in whether or not the exploits involve a lot of user interaction like the Mac one did needing to go to a specifically crafted website. User education should in theory prevent such attacks from working, however such is not the case. As a user of Windows and Mac OS X I say only the following to fanboys of either. Both are gonna get hacked, and thats just the way it is. The only secure piece of software is one that has undiscovered bugs. For those thinking I'm a Linux fanboy for not including it, its because I don't use it myself.; Reply to this comment

Do both
by Lee in San Diego February 7, 2008 9:44 AM PST: Hack out of the box operating systems, the Joe Syxpack configuration. Then hack hardened operating systems.; Reply to this comment View reply
Processing

OS/2 Is The "Must Have" Operating System...
by Commander_Spock February 7, 2008 10:07 AM PST: ... (not "Vista, Leopard, Linux) which will compete in hack an contest) like those Golden Oldies by Elvis Presley. Was OS/2 involved it would have whooped "Vista, Leopard, Linux" hands-down. !; Reply to this comment View all 4 replies
Processing

Vista SP1?
by frankwick February 7, 2008 2:23 PM PST: Will this contest occur before or after SP1 is installed?; Reply to this comment

Real time patches and git clones
by ethana2 February 7, 2008 6:02 PM PST: I look forward to every last security vulnerability getting crushed out of linux, while microsoft and apple hobble along with their closed systems that respond in days instead of minutes to new developments. This will be entertaining.; Reply to this comment View reply
Processing

vista lose? your proof
by rdgadz February 8, 2008 6:24 AM PST: isnt ie7 still the only browser that doesn't allow writing to system files by default?; Reply to this comment