Hacker contest - Linux vs Mac vs Vista

Discussion in 'other security issues & news' started by TairikuOkami, Mar 28, 2008.

Thread Status:
Not open for further replies.
  1. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    http://cansecwest.com/post/2008-03-20.21:33:00.CanSecWest_PWN2OWN_2008
    http://dvlabs.tippingpoint.com/blog...e-have-our-first-official-winner-with-picture
    1. day - allowed an attack at system services only.
    2. day - an attack via an infected URL webpage.

    1. looser - MacBook Air exploited via a brand new 0day vulnerability in Apple's Safari web browser. The contest continues with Ubuntu 7.10 & Vista Ultimate SP1.
     
  2. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    Last edited: Mar 28, 2008
  3. wat0114

    wat0114 Guest

    Does Safari even have a version for Linux? I haven't seen one. It is an interesting contest and looking forward to the final results :)
     
  4. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    I heard that Safari is based on KDE's konqueror, so that could be a "linux version"
     
  5. wat0114

    wat0114 Guest

    You are right. A little digging and it is indeed called Konquerer, at least for Linux.
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    on day two it only took two minutes to hack the Mac airbook. that is pretty quick:ninja:
     
  7. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    A little more digging. Where there is a will, there is a way:

    http://www.ubuntu-unleashed.com/2008/03/howto-install-safari-on-ubuntu-with.html

    "Howto: Install Safari on Ubuntu with Flash and Shockwave! (Hulu, Youtube, Shockwave Works!) March 21, 2008
    "Ok ive been browser hunting and seen a lot of hype about Safari browser's speed so I decided to give it a whirl, I managed to get it install with Flash and it works very well with youtube and hulu ! Here is how I got it installed, let me know how it goes if you decide to check it out!

    http://www.howtoforge.com/installing-safari-on-ubuntu7.10-with-playonlinux

    "Installing Apple's Safari Browser On Ubuntu 7.10 With PlayOnLinux 01/18/2008
    "This guide explains how you can install Apple's Safari browser on Ubuntu 7.10. As there is no Linux version of Safari, we will run it under Wine. We will use a tool called PlayOnLinux to install Safari under Wine.
     
  8. wat0114

    wat0114 Guest

    I'll just stick with FF. All those terminal commands look a bit intimidating to me, and I'm just too new to Linux to dive into all that right now :doubt:

    Getting Flash to work in FF was a PITA. Thank goodness for Google and the answers I found to help me get it installed and working.
     
  9. wat0114

    wat0114 Guest

  10. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Only because Adobe's Flash doesn't work on it?
     
  11. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    This is cheating just a little as I am not running Ubuntu 7.10 on my laptop, but I am posting from Safari v3.1 running on Debian Etch stable via wine.

    I happened to have wine on this Debian install. I downloaded and installed mstcorefonts (a Debian package) from the Debian repository and Safari from Apple's web site.

    The Safari UI has a few glitches (mainly the menu bar text, no spaces between FileEditViewHistory...), but is very usable.
     
  12. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Actually Vista did very well, It took three days to hack it and then the hacker had to have someone install a third party software of the hackers choice and then go to a particular web site. pretty much a setup but it still took three days. In my book that is very respectable.:thumb:
     
  13. wat0114

    wat0114 Guest

    I'm running the Adobe Flash plugin 9.0.48 installer in Firefox and it's working. It was a hassle to install (had to delete some xt?? something or other file).
     
    Last edited by a moderator: Mar 29, 2008
  14. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Well, then the conclusion is that the same vulnerability probably doesn't exist on the Linux version. An Adobe flaw, not a Windows flaw, was what let the hackers finally break through.
     
  15. wat0114

    wat0114 Guest

    Would it matter if the linux Flash installer has the same exploit as the Windows version, in that it would be more difficult to exploit under Linux as opposed to Windows only because of the the way linux works?
     
  16. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    And in what way would Linux work to make this flaw any less exploitable, perchance?
     
  17. wat0114

    wat0114 Guest

    I have no idea :doubt: linux is all new to me, having used it for only a week. I'm still in very early learning mode. I've heard very little except that everything runs in a kernel and that is supposed to make it more secure than Windows?? I'm using it because it will soon be used on one of our systems at work, so i'd like to learn something about in advance :)
     
  18. solcroft

    solcroft Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    1,639
    Well, there we go.

    Popular myth used to have it that Macs were more secure than Windows, too.
     
  19. wat0114

    wat0114 Guest

    LOL! In the end, though, I guess it still comes down more to the individual using the system. Someone using Windows can run it as secure, or more secure, than someone using linux, or vise-versa. Until I learn more about Linux, there isn't too much I can comment on about it.

    *EDIT*

    sorry, just to add more. This is only speculation of course, but I figure where a Linux user could really get themselves in trouble is though careless, cavalier use of the sudo command and careless downloading through the Synaptic manager, where it is all too easy to acquire restricted (multiverse) or proprietary drivers. Just a thought.
     
    Last edited by a moderator: Mar 29, 2008
  20. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    "In the end, though, I guess it still comes down more to the individual using the system. Someone using Windows can run it as secure, or more secure, than someone using linux, or vise-versa.

    Well said wat0114. This should be a sticky.
     
  21. wat0114

    wat0114 Guest

    Thanks bktII! Too bad I can't take credit for it. It was something I took from a Linux article :D
     
  22. bktII

    bktII Registered Member

    Joined:
    Apr 12, 2006
    Posts:
    224
    "It was something I took from a Linux article

    @wat0114

    This makes it even more powerful!
     
  23. wat0114

    wat0114 Guest

    That suits me just fine :thumb: :)
     
  24. Chuck57

    Chuck57 Registered Member

    Joined:
    Sep 2, 2002
    Posts:
    1,422
    Location:
    New Mexico, USA
    So, if that 3rd party sofware couldn't be installed and they hadn't gone to a particular website, they might never have gotten into Vista?
     
  25. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
Loading...
Thread Status:
Not open for further replies.