Roy Schestowitz wrote:
With Vista breached, Linux unbeaten in hacking contest
,----[ Quote ]
| The MacBook Air went first; a tiny Fujitsu laptop running Vista was hacked on
| the last day of the contest; but it was Linux, running on a Sony Vaio, that
| remained undefeated as conference organizers ended a three-way computer
| hacking challenge Friday at the CanSecWest conference.
`----
http://www.linuxworld.com/news/2008/032908-with-vista-breached-linux-unbeaten.html?fsrc=rss-linux-news
Great news and good publicity.
The contest was held at a security conference that was not specific to
Linux. A $20,000 prize was offered.
http://cansecwest.com/index.html
(((((
CanSecWest 2008
The ninth annual CanSecWest conference will be held March 26-28 2008, at the Mariott Renaissance Harbourside hotel in downtown Vancouver, British Columbia.
Interact with the security community
CanSecWest, the world's most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.
2008-03-20 21:33:00 CanSecWest PWN2OWN 2008
Three targets, all patched. All in typical client configurations with typical user configurations. You hack it, you get to keep it.
Each has a file on them and it contains the instructions and how to claim the prize.
Targets (typical road-warrior clients):
* VAIO VGN-TZ37CN running Ubuntu 7.10
* Fujitsu U810 running Vista Ultimate SP1
* MacBook Air running OSX 10.5.2
This year's contest will begin on March 26th, and go during the presentation hours and breaks of the conference until March 28th. The main purpose of this contest is to present new vulnerabilities in these systems so that the affected vendor(s) can address them. Participation is open to any registered attendee of CanSecWest 2008.
Once you extract your claim ticket file from a laptop (note that doing so will involve executing code on the box, simple directory traversal style bugs are inadequate), you get to keep it. You also get to participate in 3com / Tipping Point's Zero Day Initiative, with the top award for remote, pre-auth, vulnerabilities being increased this year. Fine print and details on the cash prizes are available from Tipping Point's DVLabs blog.
Quick Overview:
* Limit one laptop per contestant.
* You can't use the same vulnerability to claim more than one box, if it is a cross-platform issue.
* Thirty minute attack slots given to contestants at each box.
* Attack slots will be scheduled at the contest start by the methods selected by the judges.
* Attacks are done via crossover cable. (attacker controls default route)
* RF attacks are done offsite by special arrangement...
* No physical access to the machines.
* Major web browsers (IE, Safari, Konqueror, Firefox), widely used and deployed plugin frameworks (AIR, Silverlight), IM clients (MSN, Adium, Skype, Pigdin, AOL, Yahoo), Mail readers (Outlook, Mail.app, Thunderbird, kmail) are all in scope.
More detailed rules and fine print will be available on this site shortly.
)))))
|
|
