« MacBook Air Cracked First in Security Derby | Main | Curiosity Wouldn't Be Such a Bad Trait for a Legislator »

March 31, 2008

Vista Compromised to Get at a Nice Laptop

“Hacker Shane Macaulay (with the help of friends Derek Callaway and Alexander Sotirov) of Security Objectives was able to compromise and gain control of the Windows Vista laptop via a previously undiscovered flaw in the latest version of Adobe’s Flash software, allowing him to claim the Fujitsu laptop and the $5,000 cash prize. Just like the Safari flaw that Apple was informed of, the zero-day vulnerability that Shane exploited was responsibly disclosed to Adobe, which is already reportedly readying an update that fixes the vulnerability.”

“Microsoft’s Internet Explorer team should see this as a great accomplishment considering how poor IE6’s security record has been. It looks like Vista’s IE7 stood up to the challenge. Nevertheless, Vista’s fall on the last day left the Sony Vaio laptop running Ubuntu as the ultimate winner—Linux was the last OS left standing.”

Readers in the comments claim any of the three targeted machines could have gone down over the Flash exploit that claimed Vista, leaving the Mac as the only machine taken out by software that came out of the box.

Were any points really proven? No. Except, perhaps, a point assorted advocates (and zealots) alternately embrace or dance around, depending on whether it suits them:

Comparing the relative security of operating systems based on ‘sploit-counting nitpickery is just stupid. Who among average users doesn’t have Flash installed on their machine? On what planet have we not seen 13 Firefox 2 point releases come and go, only one of which addressed nothing more serious than a vulnerability of “high” criticality, all the rest of which had at least one “severe” vulnerability?

The problem with contests like this is that the people who don’t know any better than to run into the street yelling “My OS is the securest!!11!!! lolz losedowz luserz!” will continue to not know any better.

(Link)

Previously: MacBook Air Cracked First in Security Derby

E-mail   0 Comments    Digg This    add to del.icio.us

Posted by mhall at 2:07 PM | Add Comment

Leave a comment

Name

Email Address

URL

Remember personal info?

Comments (You may use HTML tags for style)

Captcha:

Type the characters you see in the picture above.