iTWire - Two out of three ain't bad

TAG

Two out of three ain't bad

by Stephen Withers
Monday, 31 March 2008
Page 1 of 3 ! Of the three notebooks up for grabs in the PWN2OWN competition at CanSecWest, only two were hacked and won. But what does that say about the security of the operating systems they were running? Not a lot, I'd suggest. Firstly, none of the computers were compromised on the first day, which only allowed remotely exploitable vulnerabilities with no user interaction. That's the good news - it implies that the days of our computers being vulnerable to takeover just because they were connected to the Internet are over. Secondly, you shouldn't read too much into reports about how little time any particular team took to break into a system. It's safe to say that hours of work went into developing the winning attacks, and that anyone capable of finding an suitable exploit would also be able to put together a tool that at least partially automates an attack. Indeed, winner Charlie Miller told Computerworld that "It took us maybe a week altogether". Nor is there any significance in how early in the day any particular computer was won. Teams were randomly allocated 30 minute slots to attempt their hacks, and once someone had succeeded no further exploits were accepted. << First page < 1 2 3 Next page > Last page - Post your comment >>

< Next story in category		Previous story in the category >