Hacker contest - Linux vs Mac vs Vista

It's funny when any news comes out of Windows being hacked or holes found where a possible attack may occur most people I know rush to get patches, update their software or add another 37 layers of security, or at least swear a lot and jump up and down and curse MS or whoever is at fault .
So far the reaction to the outcome of this contest from most Mac aficionados that I know is to adopt the 'ostrich stance' [with several having their heads in a worse place than the sand], all dismissed it for various reasons ranging from 'meaningless to some sort of conspiracy, although there was only one person that took that line of thinking and sadly he takes that for most things.

 

Well said.

 

Are you referring to this article?

http://www.roughlydrafted.com/2008/03/29/mac-shot-first-10-reasons-why-cansecwest-targets-apple/

...and the countering:

http://www.osnews.com/story/19545/CanSecWest:_Countering_Misinformation

...and then the following update to this criticism:

http://www.roughlydrafted.com/2008/03/31/thom-holwerda-of-osnews-calls-“mac-shot-first”-misinformation-and-slander-oops/

think what an ordinary little flaw in a browser can lead to...

/C.

 

thanks for those links, you made my day.
these guys would give scientologists a good run for their money.

 

This has been a funny thread to read:
the apple fanboys go to war LOL

@BigC with respect

I suspect that Flash is one of the first apps installed by all the security conscious you tubers et al.

While I agree with the general thrust that (the challenge) is an bit of aalmost complete stunt and has got CAnSecWest far more publicity than they have paid for and afaics has almost no bearing on real day to day security : everybody rushes out to buy Linuux Laptops and desktops : installing Flash and going to a website is hardly a rare thing: I am assuming the "typical config" included UAC; I am surprised that Flash was not part of the "typical" set-up really.

From what I can see Adobe and Apple QT have had multiple and repeated flaws exposed: really a big problem given the ubiquity of both
Anybody not have both installed ??

https://www.wilderssecurity.com/showthread.php?t=204685

That aint a low level threat.

( heh the Second Life exploit for QT was a winner, lol, for those with a real life heh)

Hardly any massive spin from the Linux fora: just business as usual.
I see some of the distros have basically abandoned Flash and some even recommending strongly against it.
Roll on Gnash..
Regards

 

True, but I think what bigc was trying to point out was that it wasn't Vista itself that was actually compromised at all. The hackers had their best shot at it, and after they threw everything they had and still failed, the competition judges decided to give them some slack and allow third-party apps with known vulnerabilities to be installed.

Though for that record, I install Flash and a handful of other vulnerable apps on my XP machine, and I don't touch Windows Update. I sleep soundly at night, and I'll continue doing so.

 

Yeah, agree
but
it has to be connected and be able to actually do "stuff": "The Vista Experience": more than many had bargained for
Not much use as a doorstop.. hmmm..

"..we all live in a yellow internet.." ( apologies to L&McC)

is safari an integrated part of OsX ? or just happen to be resting there

There is an interesting page here about IE8 and some other stuff: "Martian Headsets"
http://www.joelonsoftware.com/items/2008/03/17.html
http://www.joelonsoftware.com/

Regards.
PS I've edited my previous post to qualify a bit> my brain is -marginally- faster than my typing.

 

So take up the issue with Adobe, who has yet to release a fix for their product's flaw. What are you harping on Microsoft for?

"..we all live in a yellow internet.." ( apologies to L&McC)

I would assume so. The MacBook was broken when they had yet to introduce any third-party apps. On an interesting sidenote, this would seem to indicate that IE is more secure than Safari.

 

Not, specifically, as noted Vista and ?IE7 not hackable in the first instance...just making observation re what might most often comprise a "typical" set-up

Add "Again..."

Heh: Adobe Flash as a Vista rootkit: is that what you're suggesting: back door and all via specific websites ...

 

Quote:
"I see some of the distros have basically abandoned Flash and some even recommending strongly against it.
Roll on Gnash..

If it is true that Debian (for one) has abandoned Flash, it is due to their strong position on FOSS software, not security. After all, the Linux kernel gets patched quite frequently.

For an example of an open-source security meltdown, see this:
"Linux Wins The Security Showdown! Now What?
http://www.informationweek.com/blog/main/archives/2008/03/linux_wins_the.html

Also, the Opera web browser/email client is proprietary. It is free but not open-source.

Quote:
"is safari an integrated part of OsX ? or just happen to be resting there

Safari's roots go to Konqueror, the default browser for the KDE desktop used on both Linux and BSD (as noted previously in this thread by member HURST). Here:

"Surprise: Apple's New Browser Is a Sister to Konqueror
"January 11th, 2003
http://www.linuxjournal.com/article/6565

Here is a shared vulnerability between Safari and Konqueror:

"Apple Safari / Konqueror SCRIPT tag filtering bypass
"24.01.2007
http://securityvulns.com/Hnews91.html

Based on Mac's shared heritage with BSD, it is *likely* that Safari is integrated into the OSX desktop, not the operating system. Konqueror is integrated into the KDE Desktop, not the operating system.

What if Kubuntu had been used instead of Ubuntu (or Ubuntu with the KDE Desktop installed); would they have fallen?