The MacBook Air went first; a tiny Fujitsu laptop running Vista was hacked on the last day of the contest; but it was Linux, running on a Sony Vaio, that remained undefeated as conference organizers ended a three-way computer hacking challenge Friday at the CanSecWest conference.

Read story.

This comment is a tad disingenious:The mac went via safari, and vista via java.
We really need to know more about how the boxes are set up.
http://www.pcworld.com/article/id,14...1/article.html
... thus, it's amazing the linux box wasn't hacked. Maybe nobody wanted it?

http://www.pcworld.com/article/id,14...1/article.html
... bin more detail. Not so much "nobody was able to " on day one, and more "nobody even tried".

Come on Simon Bridge, now your trying to be a wise A__, heh heh!!

Day one only allowed remote attacks over the network. As in, they would have had to pretty much brute force their way in. The systems only started to fall when the contest organisers were told to visit websites, probably why the Apple went first as there was a vulnerability only patched a few days ago.

It's a real world test - as far as that's possible in a contest. In reality, a cracer would be more likely to set up a website to have people give them info than spend time crafting a remote exploit which may get patched as they're writing the crack.

Maybe, but then again~

http://www.pcworld.com/article/id,14...1/article.html

What I assumed from this and other articles is that they had to find their own bugs in the OSes, then write the exploits.

Cheers

Good point. I guess it's hard to craft a new exploit remotely if you can't get into the system!

The systems were supposed to be default installs, a flaw in any installed package was counted as a flaw in the OS. Another surprise for the linux end with all it's extra packages.

However, one could craft an exploit by having another default install handy. The trick is, it had to be new, so you also needed to know which exploits had been tried already.

Whatever, I did post the links off to BADVista.

Exactly, and the Vista hacker assumed that to mean 'original version', when in fact, he was given sp1 with new security enhancements. That's why it took so long to break it, but he still managed to do so.

Why is that such a surprise? From your own previous post~

I researched Linux for a long time before I decided to switch, and the one aspect that kept popping up is that it can be hacked, but it's not worth the effort. In other words, it takes too much work for so little gain, considering you can't really do much once you're in. (Unless the logged-in user is running as root). I thought that was intentionally incorporated into the design of the system. Am I wrong?

Now, that's worth reading!

Cheers