• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

"PWN to OWN" contest @ CanSecWest conference, VISTA & OSX hacked, Ubuntu unscathed

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

Evilsizer

Senior Forum Spammer
Joined
Jun 6, 2002
ouch thats gotta hurt! sad to see a free os do better then something, someone is getting paid to work on.
 

Shell

Member
Joined
Jul 21, 2006
Location
CYYZ Pearson
This article is finding it's way on the wall of several computer stores.

Mac vs PC, battle for the short-bus!
 

juane414

Member
Joined
May 2, 2006
Location
Wisconsin
One could argue that Ubuntu or orther Linux distro's need some work to (in areas other then security) if it is going to be mainstream like Windows or OSX. Windows and OSX were probably at disadvantages in this competition since hackers have been attacking Windows and Mac operating systems for years while leaving Linux alone. Experienced hackers probably have a better idea of what they are doing with Vista and OSX. I completely agree that Linux is more secure then Windows and OSX, but its not because its superior, rather because its more simplified.
 

th3

Member
Joined
Aug 19, 2007
One thing i want to focus on here is the Macs vulnerability in Safari, and where did safari come from. Safari is based on code from Konqueror, which is the default browser in Kubuntu and some other KDE based Linux distros, so if you are running older versions of Kubuntu you shouldnt feel too safe. "sudo apt-get install konqueror" should upgrade it to a newer and hopefully safer version.
 

ihrsetrdr

Señor Senior Member
Joined
May 17, 2005
Location
High Desert, Calif.
One thing i want to focus on here is the Macs vulnerability in Safari, and where did safari come from. Safari is based on code from Konqueror, which is the default browser in Kubuntu and some other KDE based Linux distros, so if you are running older versions of Kubuntu you shouldnt feel too safe. "sudo apt-get install konqueror" should upgrade it to a newer and hopefully safer version.

That's interesting; I don't particularly like Safari, and the fact that it's code is based on Konqueror(another browser I don't care for) is ironic.
 

juane414

Member
Joined
May 2, 2006
Location
Wisconsin
Speaking of Safari... I really hate the fact that I keep getting an Apple update window popping up trying to get me to install Safari with my iTunes update. I keep unchecking it and it keeps coming back!

Firefox > Safari
 

Shelnutt2

Overclockers Team Content Editor
Joined
Jun 17, 2005
Location
/home/
Well as with anything if you run an older version for too long the security holes in it become larger and larger. (Speaking of old Konquer).

All in all, if I had to give a reason why Linux is more secure, it would be because everything is open source. This allows anyone to look at the code find holes and fix them. This also allows crackers to find those same whole, but in general you have more people looking at the code than in these paid companies. Also when a hack is published on the web its easier for developers or even guys like us to track down the security breach because we can go look and follow code.
 

FudgeNuggets

Member
Joined
Mar 2, 2006
Location
Gone Racing
Odd that they got to OSX and not Ubuntu, I mean the security systems are very similar. I smell a rat somewhere. It almost seems like this is skewed. How could they get to Safari and not Konqueror? Were they using Firefox on the Ubuntu machine? Did they try Firefox on the Mac? Before proclaiming chest pounding victory, I want details damnit!!!
 

Cheator

Member
Joined
Apr 21, 2004
Location
Ottawa, Canada
Odd that they got to OSX and not Ubuntu, I mean the security systems are very similar. I smell a rat somewhere. It almost seems like this is skewed. How could they get to Safari and not Konqueror? Were they using Firefox on the Ubuntu machine? Did they try Firefox on the Mac? Before proclaiming chest pounding victory, I want details damnit!!!

Oh come now, Fudge. It doesn't mean its a bad OS, just means its a little easier to crack than Ubuntu... or at least it has unpatched holes, anyway.

Konqueror wouldn't be running on Ubuntu, anyway. Not by default. It would be using FF.
 

FudgeNuggets

Member
Joined
Mar 2, 2006
Location
Gone Racing
Oh come now, Fudge. It doesn't mean its a bad OS, just means its a little easier to crack than Ubuntu... or at least it has unpatched holes, anyway.

Konqueror wouldn't be running on Ubuntu, anyway. Not by default. It would be using FF.

Ok then, so rather than saying blah blah blah blah blah OSX sux, Linux pwns and whatever moronic **** people say these days then how about giving the facts that SAFARI and possibly Konqueror has a hole in it.... The security methods used for OSX and Linux are the same, no one is more secure than the other. Windows on the other hand is a whole different mess.....

bloody slanted journalism and fanboys misrepresenting the facts......
 

Cheator

Member
Joined
Apr 21, 2004
Location
Ottawa, Canada
Ok then, so rather than saying blah blah blah blah blah OSX sux, Linux pwns and whatever moronic **** people say these days then how about giving the facts that SAFARI and possibly Konqueror has a hole in it.... The security methods used for OSX and Linux are the same, no one is more secure than the other. Windows on the other hand is a whole different mess.....

bloody slanted journalism and fanboys misrepresenting the facts......

Thats not true, and I think you're right about this misrepresentation but in the wrong way.

OSX employs proprietary software throughout that is not similar at all to what is in linux. We're not just talking on the software level, but even at low level (almost kernel). to say they are the exact same is not correct.

I think you're taking this too seriously, as OSX is not immune to security holes, nor is Linux. It just so happens that during that competition, no one hacked Ubuntu.
 

FudgeNuggets

Member
Joined
Mar 2, 2006
Location
Gone Racing
Thats not true, and I think you're right about this misrepresentation but in the wrong way.

OSX employs proprietary software throughout that is not similar at all to what is in linux. We're not just talking on the software level, but even at low level (almost kernel). to say they are the exact same is not correct.

I think you're taking this too seriously, as OSX is not immune to security holes, nor is Linux. It just so happens that during that competition, no one hacked Ubuntu.

Do you have a link to a guide or can explain the differences then, because it was my understanding that Linux and OSX both being built off of *nix builds and having similar file structures and security measures were very close to each other in kernel and security operations.

Also, the operating system did not fail, an application did.

I'm not being combatitive or anything, I just want to KNOW the differences if my fundamental understandings are incorrect. I mean that is why we're here right, share the knowledge? I am a knowledge sponge.... FEED ME!!!!

I just did a lot of searching and reading and everything I can find relating to OSX security keeps going back to the methods used in BSD and Unix which is the same that Linux uses, right?

http://developer.apple.com/internet/security/securityintro.html
 
Last edited:

Cheator

Member
Joined
Apr 21, 2004
Location
Ottawa, Canada
In my white hat hacker class we learned a few of the differences, however I can't remember any of them now ( i played wow through that class :) ).But even different distros take different security approaches.

For instance, there are some distros that allow remote connections to the local xorg server. We did this with FC5 and discovered that it was set automagically. Another example would be runlevels. Many distros differ in this respect as well...

Once again I think you're taking it to seriously. It's simply a competition, and it just so happens that OSX had unpatched holes. It happens. I don't really see any cause for alarm...