Ubuntu unpwned as CERN prepares to destroy Earth

And mobe explodes teacher

  • alert
  • submit to reddit

Security for virtualized datacentres

After three days of determined hacking and pwning, during which time the Mac and then the Windows machine toppled, only the box running Ubuntu remained standing. The Pwn2Own contest at CanSecWest pitted the three machines against hackers, with the prizes being the computers themselves. Cue smug Linux users and apologists of the other two camps. And the odd impartial commenter, of course:

The only machine truly secure from remote exploits is the one not connected to the Internet and locked in a vault.

Additionally, the user is as important a part of the machine's security as the OS is, if not more. All the security in the world won't protect a user from their own actions.

Dive Fox

Weather it's flash or nvidia drivers; proprietary code is a security problem. It's all right when it works but I'd feel safer if all those who put these little black boxes in the linux platform would open source them or be replaced with things like gnash (when it's finished) and the nvidia nouvou driver.

Otherwise there will always be something you'll never be sure of security wise.

Martin Owens

Be nice to knowhow many hours were spent on creating each hack.

That would give some indication of a) the difficulty of finding the explot and b) any hacker bias for/against an OS as I doubt equal time was spent on the Linux hack as it's much more sexy to hit the big guys

toxic monkey

Although this competition does have some interesting and useful points - and a largely unnoticed one is that "new and shiny" doesn't always equate to "safe and sound" (pricey new hardware and OS often are "protected" for a while by their scarcity on the ground) - it pretty much sews up what most IT professionals have known for years: a "home" platform, regardless of its merits, will fall to a determined hack when it is attacked. This is why major ISPs are removing as much damaging capability on their consumer networks as quickly as possible. Reduce the attack surface from the little farmers with their pitchforks and torches, and everyone can sleep tonight.

Hence the topic: what about a serious server pwn2own contest? Get three major server vendors - like IBM, HP, Sun, etc. - to provide a nice mid-class server platform configured for a "typical" firewall task. A web server, mail server, ecommerce server, etc. Three different OS and hardware platforms (Power/AIX, Intel/Windows, SPARC/Solaris), also patched and configured by the vendors to spec. Then let the games begin: whoever can get the target server to spew unauthorized scripting (should be a suitably innocuous script provided as the test piece by the event organizers) wins. Get the vendors to kick into the kitty for a prize (most competitors won't REALLY want a blade server and disk farm to take home, will they?) and see what come out of this.

I think this would be an important twist in that we'd see what the world would look like if it were reduced to a Utility Computing cloud, with end-users effectively defanged and all work housed inside the Fortress Data Center. I'm sure the result would show the World is not safer in the castle than it is in its huts today. But the lesson needs to go on record just the same.

Mine's the delivery order with 2 pizzas and a twelver of stout, wrapped in the thermal blanket...

Brett Brennan

In a damning indictment of safety of wireless technology, a recent controversial experiment saw a teachers head actually explode when exposed to a deadly cocktail of Wi-Fi transmissions, mobile phone radiation and emissions from a nearby TETRA mast. Okay, not really. But we had some of you going. Admit it.

Ive just taken a sledge hammer to my wireless router. I'm now in a Wi-Fi Cold-spot.


It's all down to focussed microwave radiation.

The phones were acting as an antenna that drew in and focussed the radiation from the school's industrial strength microwave oven (anyone having tried microwave popcorn in one will know that the bag catches fire in a minute or two).

The nature of the phone signals mean that the microwave radiation is reverse-phased which defeats the normal shielding.

The focussed radiation then rapidly boils the fluids in the brain resulting in the usual 'egg in a microwave' situation.

Elmer Phud

" .. In the interests of good taste the Reg has refrained from linking to the vid. .. "

You blew it! I was totally suckered in until you gave the game away with that completely ridiculous suggestion!

Anonymous Coward

Many years ago, The Guardian published a story about a new automated bus control system for London. All buses were to be driverless, and controlled remotely by operators who would view the traffic through a CCTV mounted in the driver's cab, connected in real time to a video screen in the control centre. One operator in the centre would be able to control up to five buses simultaneously, tests had shown.

I was so taken in, I nearly posted it to risks@csl.sri.com

A few years later, a net-friend who was an aviation specialist published a story that the flight crew on an Airbus A320 had experienced an outage of the flight control system on approach to landing. When they tried to restart the system, it gave a message saying "PIN not recognised". Apparently, this was due to Airbus using second-hand ATM chips to build their on-board systems.

The "incident" turned up a few months later in the final year undergraduate dissertation of one of my software engineering students, quoted without irony as an example of the risks from computer systems.

A few years after that, I broadcast my own story that Airbus had subcontracted the maintenance of the flight control software on the A320 to a third-party support firm. I had just just returned from a meeting in Copenhagen, and said I had seen the story in the Danish magazine "Godaj" ("Hello" in Danish). I said that the head of the third-party support firm was Wolf Larssen (the villain of "The Sea Wolf" by Jack London) and quoted him as saying that he was not worried that the original developers of the flight control system would not give him the source code, since his employees could download the binary and de-compile it.

At least three experts in safety-critical avionics were totally taken in and expressed their concern to the discussion group on which I had broadcast the story. I was still receiving concerned enquiries 5 years later from people who had read it in the archives, and hadn't noticed the date on it.

Moral: Make the spoofs believable, but perhaps not *too* believable! :-)

Peter Mellor

Providing a secure and efficient Helpdesk

More from The Register

next story
Are you a fat boy? Get to university NOW, you PENNILESS SLACKER
Rotund types paid nearly 20% less than people who didn't eat all the pies
Emma Watson should SHUT UP, all this abuse is HER OWN FAULT
... said an anon coward who we really wish hadn't posted on our website
Japan develops robot CHEERLEADERS which RIDE on BALLS
'Will put smiles on faces worldwide', predicts corporate PR chief
Bruges Booze tubes to pump LOVELY BEER underneath city
Belgian booze pumped from underground
Let it go, Steve: Ballmer bans iPads from his LA Clippers b-ball team
Can you imagine the scene? 'Hey guys, it's your new owner – WTF is that on your desk?'
Amazon: Wish in one hand, Twit in the other – see which one fills first
#AmazonWishList A year's supply of Arran scotch, ta
SLOSH! Cops dethrone suspect - by tipping over portaloo with him inside
Talk about raising a stink and soiling your career
Oz carrier Tiger Air takes terror alerts to new heights
Don't doodle, it might cost you your flight
Oi, London thief. We KNOW what you're doing - our PRECRIME system warned us
Aye, shipmate, it be just like that Minority Report
prev story


Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.