Wednesday, April 2, 2008

Pwn to own

In CansecWest Conference they created a contest where there were three machines with 3 differents OS's. The one who managed to pwn one of them, will win money and the machine.

Well now the contest is over and the results are this:

1- MacBook Air running OSX 10.5.2 - Charlie Miller - Exploited a Safari bug
2- Fujitsu U810 running Vista Ultimate SP1 - Shane Macaulay (Security Objetives) -

Ubuntu standed strong in the contest and nobody managed to own it. The question is, someone went after the Ubuntu? or everybody concentrated their efforts on the more deployed OS's?

Now everyone will start saying that Linux is stronger than the others, but i don't think that one
contest like this could be used in the war of "Which OS is more secure?"

Also is interesting seeing how in a little time (48hs) when money is put in the game new vulnerabilities are founded.

Charlie in action:



More information here
Video of Charlie Miller after pwning OS X
By -

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...

  • Scan for shellshock with wfuzz
    In the last few weeks everyone has been talking about Shellshock, the vulnerability affecting bash and having security ramifications everyw...
  • Wfuzz 2.1 released !
    I'm pleased to announce  a new version of WFuzz! Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for findi...
  • Scanning ports through SSH Port Forwarding
    In one of the latest penetration tests we faced a SSH server that was based in Maverick SSHTOOLS. The funny thing is that this server was ...