On the final day of the PWN 2 OWN contest, only the Linux box was left standing.
Vista fell after 2 days of intensive effort, the winner* used a flaw in the Java runtime to gain control of the Windows box. It wasn't all plain sailing though, Shane McCauley needed help from VMWare's Alexander Sotirov to get his code working. Apparently, Vista SP1 comes with additional security measures that he wasn't expecting. He also got a little help from co-worker Derek Callaway (does this mean they share the computer they won?)
McCauley had this to say about his win:
PC World wrote:"The flaw is in something else, but the inherent nature of Javaallowed us to get around the protections that Microsoft had in place,"he said in an interview shortly after he claimed his prize Friday."This could affect Linux or Mac OS X."
He chose to work on Windows because having done contract work for Microsoft, he's more familiar with their products.
But onto the winner!
Several attendees attempted to crack the Linux box, but none were successful. However, some of the show's 400 attendees had found bugs in the Linux operatingsystem, but apparently,* didn't want to put the work intodeveloping the exploit code that would be required to win the contest.
Now what is that all about? I thought the whole idea of open source was to get this sort of thing out into the open.
Still a good effort that shows that two other vendors still have some work to do.
McCauley also had something to say about the Mac's showing at the event.
PC World wrote:
Earlier, Miller said that he chose to hack the Mac because he thoughtit would be easiest target. Vista hacker Macaulay didn't dispute thatassertion: "I think it might be," he said.
Full details at PC World
Now I imagine there is going to be some to debate as to whether this is actually a Vista flaw, or a problem with Java. I would say both. The problem is caused by Sun, but it is also Microsoft's job to protect the user from weird behaviour in applications. I wonder if we're going to see increasing use of virtual machines for hijacking purposes.
More...
View All Our Microsoft Related Feeds
Vista fell after 2 days of intensive effort, the winner* used a flaw in the Java runtime to gain control of the Windows box. It wasn't all plain sailing though, Shane McCauley needed help from VMWare's Alexander Sotirov to get his code working. Apparently, Vista SP1 comes with additional security measures that he wasn't expecting. He also got a little help from co-worker Derek Callaway (does this mean they share the computer they won?)
McCauley had this to say about his win:
He chose to work on Windows because having done contract work for Microsoft, he's more familiar with their products.
But onto the winner!
Several attendees attempted to crack the Linux box, but none were successful. However, some of the show's 400 attendees had found bugs in the Linux operatingsystem, but apparently,* didn't want to put the work intodeveloping the exploit code that would be required to win the contest.
Now what is that all about? I thought the whole idea of open source was to get this sort of thing out into the open.
Still a good effort that shows that two other vendors still have some work to do.
McCauley also had something to say about the Mac's showing at the event.
Earlier, Miller said that he chose to hack the Mac because he thoughtit would be easiest target. Vista hacker Macaulay didn't dispute thatassertion: "I think it might be," he said.
Full details at PC World
Now I imagine there is going to be some to debate as to whether this is actually a Vista flaw, or a problem with Java. I would say both. The problem is caused by Sun, but it is also Microsoft's job to protect the user from weird behaviour in applications. I wonder if we're going to see increasing use of virtual machines for hijacking purposes.
More...
View All Our Microsoft Related Feeds