Not even worth pwning

-
Just as I had wondered when I read the headline about how Linux was the last OS standing, confirmation comes this week from the gal who oversaw the contest and whose company put up the cash prizes. This comment is choice:
"It was actually a lack of interest" on the part of the PWN to OWN contestants, Forslof said. "[Shane Macaulay's] exploit would have worked on Linux. He could have knocked it over. But [the contestants] get a lot more mileage out of attacks on the Mac or Windows," she continued.

"Linux, it is what it is. The code is a lot more transparent. But vulnerabilities for Mac and Windows, those are the ones that are going to get the press," Forslof added.
Translation: Ubuntu (Linux) is as flawed as Windows and Mac OS X, but its greatest flaw is that it's just so damn boring.

I wonder if this is also an indirect slap to the faces of folks like RMS and others who keep preaching the way of GPL and how sinful it is not to be one with GPL. I know I get tired of hearing it.

Oh. And for those of us who keep hammering about Windows' lack of security, this equally interesting quote:
"The sheer amount of difficulty [he had] exploiting that Flash vulnerability shows that Microsoft has started to make it more difficult for the bad guys," Forslof said when asked to draw some conclusions from PWN to OWN.

"Some of [Microsoft's] defense-in-depth strategies put a kink in the exploit. Everything is breakable, everything is exploitable, but what we'd like to do is narrow the group of people who can do it by making it harder for them," Forslof said.
The question I have is just how much the security bar has been raised. Was it hard because there have been real advances in security, or because there aren't enough Vista boxen out there yet to make it economically worthwhile? I certainly hope that the easy days of pwning legions of Windows boxen for massive bot nets may be coming to an end. If it is, then it's about time.

Comments

Post a Comment

All comments are checked. Comment SPAM will be blocked and deleted.

Popular posts from this blog

A Decade Long Religious Con Job

-
Image
I rarely write inflammatory (what some might call trolling) titles to a post, but this building you see before you deserves it. I've been seeing this building next to I-4 just east of Altamonte/436 and Crane's Roost for nearly 12 years, and never knew who owned it. Today on a trip up to Lake Mary with my wife I saw it yet again. That's when I told her I wanted to stop by on the way back and poke around the property, and photograph any parts of it if I could. What I discovered was this still unfinished eighteen story (I counted) white elephant, overgrown with weeds and yet still under slow-motion construction. It looks impressive with its exterior glass curtain walls, but that impression is quickly lost when you see the unfinished lower stories and look inside to the unfinished interior spaces. A quick check via Google leads to an article written in 2010 by the Orlando Sentinel about the Majesty Tower. Based on what I read in the article it's owned by SuperChannel
Read more

Ten Reasons to Ignore Ten Reasons to Dump Windows and Use Linux

-
There is a tradition amongst the hard-core Linux aficionados to extol Linux's various virtues as a list of 10 or more reasons to substitute (as in "dump") an existing Windows installation with Linux. There's no reason to point them all out; a simple Google search (" 10 reasons to use Linux ") will provide you with such lists stretching back through the years, as well as hours of entertainment. One very recent list caught my eye over the weekend, published by PCWorld. Their article, " Ten Reasons to Dump Windows and Use Linux ", seems to have hit a nerve with me. Normally I just ignore such journalistic pap, since the majority of it comes courtesy of one ill-informed blog or another (such as this one). But in this instance a "real" publication put some time and journalistic "credibility" into this list, which places it in front of a wider audience than the typical blog poist (again, such as this one). So let's consider al
Read more

Former Eclipse user re-evaluates Eclipse 3.3M5

-
Image
I've been using NetBeans for a while now, starting with version 4.2 in beta. One of NetBeans' key selling points (in my not-so-humble-opinion) is Java GUI building with Matisse . That feature continues to be quite powerful and unrivaled, especially for a free-as-in-beer IDE. I even wrote a lovely paean to the wonders of NetBeans and why I moved away away from Eclipse to NetBeans . Now, it looks like I may have to eat some of those tastefully written words. What you're looking at above is a complete Ruby on Rails project hosted and running within Eclipse 3.3 Milestone 5 on Windows XP. Milestone 5 was released this past Friday, February 9th. I installed it Saturday, and then went on a plugin hunt to fill out additional features and capabilities. Why did I decide to re-install Eclipse, especially a milestone? So that I could get a complete integrated development and test capability in one convenient package for Ruby on Rails. Like a lot of other folks I've been playing
Read more