Thursday, April 03, 2008

Not even worth pwning

Just as I had wondered when I read the headline about how Linux was the last OS standing, confirmation comes this week from the gal who oversaw the contest and whose company put up the cash prizes. This comment is choice:
"It was actually a lack of interest" on the part of the PWN to OWN contestants, Forslof said. "[Shane Macaulay's] exploit would have worked on Linux. He could have knocked it over. But [the contestants] get a lot more mileage out of attacks on the Mac or Windows," she continued.

"Linux, it is what it is. The code is a lot more transparent. But vulnerabilities for Mac and Windows, those are the ones that are going to get the press," Forslof added.
Translation: Ubuntu (Linux) is as flawed as Windows and Mac OS X, but its greatest flaw is that it's just so damn boring.

I wonder if this is also an indirect slap to the faces of folks like RMS and others who keep preaching the way of GPL and how sinful it is not to be one with GPL. I know I get tired of hearing it.

Oh. And for those of us who keep hammering about Windows' lack of security, this equally interesting quote:
"The sheer amount of difficulty [he had] exploiting that Flash vulnerability shows that Microsoft has started to make it more difficult for the bad guys," Forslof said when asked to draw some conclusions from PWN to OWN.

"Some of [Microsoft's] defense-in-depth strategies put a kink in the exploit. Everything is breakable, everything is exploitable, but what we'd like to do is narrow the group of people who can do it by making it harder for them," Forslof said.
The question I have is just how much the security bar has been raised. Was it hard because there have been real advances in security, or because there aren't enough Vista boxen out there yet to make it economically worthwhile? I certainly hope that the easy days of pwning legions of Windows boxen for massive bot nets may be coming to an end. If it is, then it's about time.

No comments:

Post a Comment

All comments are checked. Comment SPAM will be blocked and deleted.

Note: Only a member of this blog may post a comment.