Feeds

Only Ubuntu left standing, as Flash vuln fells Vista in Pwn2Own hacking contest

Contestant overcomes bout of 'hacktile dysfunction'

Protecting users from Firesheep and other Sidejacking attacks with SSL

CanSecWest A laptop running a fully patched version of Microsoft's Vista operating system was the second and final machine to fall in a hacking contest that pitted the security of Windows, OS X and Ubuntu Linux. With both a Windows and Mac machine felled, only the Linux box remained standing following the three-day competition.

Shane Macaulay, who played a hand bringing down a Mac during last year's Pwn2Own contest, defeated the Vista machine using a previously unknown vulnerability in Adobe Flash. On final day of the CanSecWest conference in Vancouver, Macaulay spent the better part of four hours trying to get the exploit to work. (The delay prompted one spectator to playfully dub the difficulty "hacktile dysfunction.")

A MacBook Pro running a fully patched version of Leopard was the first to drop out during day two of the race, when researchers from Independent Security Evaluators demonstrated a previously unknown vulnerability in Apple's Safari browser. With brand new boxes running both Ubuntu and Vista remaining, Macaulay spent day three switching back and forth between the two machines, trying to get his Flash exploit to execute properly. He was assisted by Alex Sotirov, a security researcher at VMware.

Initially thwarting Macaulay's efforts was the recently released Service Pack 1 for Vista, which he had neglected to install when testing the Flash exploit in the days leading up to the contest. Per the contest rules, each target machine had to be fully patched, and when the researcher first ran the code during the competition, new page protections added by Microsoft's security team prevented the exploit from properly executing.

"They had done some stuff in Vista to prohibit this form of attack from being successful on third party software," Macaulay said minutes after he finally commandeered the Fujitsu U810 laptop. "We had to do some porting to get around that issue."

Macaulay and Sotirov fashioned some javascript to circumvent the new measure, a feat that effectively allows them "to render that protection ineffective," Macaulay said.

It also allows them to pocket a $5,000 bounty from Tipping Point's Zero Day Initiative and keep the pricey Fujitsu laptop. Macaulay said he would probably sell the machine, which he and Sotirov autographed with a black Sharpie pen, on eBay.

Under contest rules, qualifying exploits on day one had to target default installations of the operating system itself and winners were allowed to walk away with the hacked box and a $20,000 bounty. Contest organizers gradually expanded the eligible attack surface on days two and three by allowing an vulnerabilities in an increasing number of third party applications. The bounty dropped to $10,000 on day 2 and $5,000 on day three. No one bothered competing on day one.

Plenty of commentators have made hay of the MacBook Pro being the first to exit the race, and Linux zealots are sure to conclude the contest results prove the superiority of that platform. Maybe. But that's not how it looks to Macaulay, who says with a few hours of tweaking, his exploit will also work on OS X and Linux.

The better take-away is that exploits like these are a fact of life for everyone no matter what kind of machine they choose (are you listening, Mac Guy?). Another lesson: just as quickly as Microsoft or any other developer adds new measures like page protection to their code base, hackers, ethical and otherwise, are find ways to work around them.

"Nobody can do anything about it, because you're always going to be installing something" that will bypass security, Macaulay, who wore torn blue jeans and a Puma jogging jacket, said with a shrug. "If it's not Java, it'll be something else." ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.