Windows 7 hacked in 2 minutes - Twice
Rex Ballard
<quote>
When his turn came, Pwn2Own newcomer Peter Vreugdenhil successfully
exploited a vulnerability in IE8 running on Windows 7 with attack code
called "technically impressive" by TippingPoint because it bypassed
the operating system's Data Execution Prevention, or DEP, security
mechanism, which is designed to stop most attacks.
Like Miller, Vreugdenhil, a freelance vulnerability researcher from
the Netherlands, earned a $10,000 prize.
Another former winner, a German computer science student known only by
his first name, Nils, was awarded $10,000 for hacking Firefox on
Windows 7.
</quote>
I didn't see any mention of successful Linux pwns
Of the browsers set up as targets for the contest, only Google's
Chrome remained standing on the first day.
Clogwog
news:7e93d335-e195-4425...@i25g2000yqm.googlegroups.com...
>
>
> http://www.computerworld.com/s/article/9174101/Hacker_busts_IE8_on_Windows_7_in_2_minutes?source=CTWNLE_nlt_dailyam_2010-03-25
>
> <quote>
> When his turn came, Pwn2Own newcomer Peter Vreugdenhil successfully
> exploited a vulnerability in IE8 running on Windows 7 with attack code
> called "technically impressive" by TippingPoint because it bypassed
> the operating system's Data Execution Prevention, or DEP, security
> mechanism, which is designed to stop most attacks.
>
> Like Miller, Vreugdenhil, a freelance vulnerability researcher from
> the Netherlands, earned a $10,000 prize.
>
> Another former winner, a German computer science student known only by
> his first name, Nils, was awarded $10,000 for hacking Firefox on
> Windows 7.
> </quote>
>
>
> I didn't see any mention of successful Linux pwns
No obviously not, there was simply no Linux system at Pwn2Own
http://bit.ly/dynxr5
(poorly translated by Google)
[q]
Linux
Like previous years, Linux is the great absent again Pwn2Own during the
game. This has nothing to show that it is difficult to hack Linux. "It is
probably easier, although this does depend on the Linux version you are
talking about," says Miller. The reason Linux is not taking part because few
people on the desktop. In addition there are the leaks in the browser and
running on both Windows and Linux.
[/q]
Pwn2Own is not interested in Linux, it's so easy to hack, (says Miller), no
challenge to do such a trick!
Just like Unix guru Andy Tanenbaum wrote:
[q]
"most attackers think hitting Windows offers a bigger bang for the buck so
Windows simply gets attacked more."
[/q]
http://lists.virus.org/securecoding-0405/msg00035.html
Rex Ballard
> "Rex Ballard" <rex.ball...@gmail.com> schreef in berichtnews:7e93d335-e195-4425...@i25g2000yqm.googlegroups.com...
> > I didn't see any mention of successful Linux pwns
> No obviously not, there was simply no Linux system at Pwn2Ownhttp://bit.ly/dynxr5
> (poorly translated by Google)
That explains why it was not mentioned.
> [q]
> Linux
> Like previous years, Linux is the great absent again Pwn2Own during the
> game. This has nothing to show that it is difficult to hack Linux. "It is
> probably easier, although this does depend on the Linux version you are
> talking about," says Miller. The reason Linux is not taking part because few
> people on the desktop. In addition there are the leaks in the browser and
> running on both Windows and Linux.
> [/q]
I've heard this claim numerous times, yet I have yet to see someone
successfully pwn a properly configured Linux system.
I suppose it couldn't be that difficult, since someone cracked the Mac
in 8 seconds last year. What did Apple do, set the root password to
root or something?
> Pwn2Own is not interested in Linux, it's so easy to hack, (says Miller), no
> challenge to do such a trick!
Again, not much record of successful hacks. Given the millions of
Linux servers out there, you'd think someone would have cracked a few
thousand at the same time by now.
Most "successful cracks" involve bone-head configurations in which the
machine has been set up exactly the way utilities like rsh and rlogin
tell you NOT to set it up. Classic bone-head plays include things
like setting the wild card in hosts.equiv, letting people ftp
executable files to the cgi-bin directory, and setting up signed java
applets to accept a developer key as a fully validated key.
> Just like Unix guru Andy Tanenbaum wrote:
> [q]
> "most attackers think hitting Windows offers a bigger bang for the buck so
> Windows simply gets attacked more."
> [/q]http://lists.virus.org/securecoding-0405/msg00035.html
Yes, but I would think that Microsoft would pay a handsome bounty to
be able to say that Linux was hacked in 8 seconds. If that's actually
possible.
> > Of the browsers set up as targets for the contest, only Google's
> > Chrome remained standing on the first day.
Congratulations to Google.
Clogwog
news:201003252031...@smtp.cobalt.loc...
> Rex Ballard "contributed" in comp.os.linux.advocacy:
>
>> Windows 7 hacked in 2 minutes - Twice
>
> It wasn't hacked -twice-, he just took 2 vulnerabilities to speed up the
> hack. If he only took one vulnerability, it would take up to 55 minutes to
> achieve his goal. At least, the guy is Dutch.
> ;-)
>
>
I bet he could crack *any* Linux distro in 10 minutes!
http://bit.ly/dynxr5
poorly translated by Google
(According to security expert Charlie Miller)
[q]
Linux
Like previous years, Linux is the great absent again Pwn2Own during the
game. This has nothing to show that it is difficult to hack Linux. "It is
probably easier, although this does depend on the Linux version you are
talking about," says Miller. The reason Linux is not taking part because few
people on the desktop. In addition there are the leaks in the browser and
running on *both* Windows and *Linux* .
[/q]
Let's wait for COLA cretin nr. 1 & self anointed "security expert", Peter
Kohlkopf, to deny what the *real* expert said.
<chuckle>
--
How to write a Linux virus in 5 easy steps
http://www.geekzone.co.nz/blog.asp?postid=6229
Rex Ballard
> "John Holmes" <nospam.13i...@gmail.com> schreef in berichtnews:201003252031...@smtp.cobalt.loc...
> > Rex Ballard "contributed" in comp.os.linux.advocacy:
> >> Windows 7 hacked in 2 minutes - Twice
> > It wasn't hacked -twice-, he just took 2 vulnerabilities to speed up the
> > hack. If he only took one vulnerability, it would take up to 55 minutes to
> > achieve his goal. At least, the guy is Dutch.
> > ;-)
I thought two different people won awards and laptops for pwning -
maybe I misread.
> I bet he could crack *any* Linux distro in 10 minutes!
I'd like to see him try. Anyone can SAY they can do something.
Actually DOING it is harder.
> poorly translated by Google
> (According to security expert Charlie Miller)
> [q]
> Linux
> Like previous years, Linux is the great absent again Pwn2Own during the
> game. This has nothing to show that it is difficult to hack Linux.
Actually, it proves nothing either way. For whatever reason, they
sponsors of the contest didn't want to risk their laptops to Linux.
Never mind that millions of Linux and UNIX servers risk far more than
the cost of a laptop. Many *nix systems process millions of dollars
per minute, some even millions of dollars per second. A successful
hack would be catastrophic - it would make headlines - it would
probably also result in federal prosecution.
> "It is
> probably easier, although this does depend on the Linux version you are
> talking about," says Miller.
So he really doesn't know one way or the other.
> The reason Linux is not taking part because few
> people on the desktop.
Or because the sponsors didn't want Linux to be there - and survive.
Microsoft was really hoping they would do much better.
After all, last year, a Mac was hacked in 8 seconds.
Made Vista look pretty good - for a few days anyway.
If Linux did as well as Chrome, and lasted through the first whole
day, that would be really embarrassing for BOTH Microsoft and Apple.
> In addition there are the leaks in the browser and
> running on *both* Windows and *Linux* .
> [/q]
The one that I can think of is signed Java applets. The browser could
run one of those and it would get out of the JVM "sand-box" - but it
would only be able to muck with the user's home directory.
> Let's wait for COLA cretin nr. 1 & self anointed "security expert", Peter
> Kohlkopf, to deny what the *real* expert said.
> <chuckle>
Actually, the real expert said he didn't know.
He THINKS it MIGHT be easy to gain root access and control of a Linux
system because it runs FireFox. He didn't say he was willing to
demonstrate in front of the reporter.
> How to write a Linux virus in 5 easy stepshttp://www.geekzone.co.nz/blog.asp?postid=6229
Rex Ballard
http://www.open4success.org
GreyCloud
> On Mar 25, 2:58 pm, "Clogwog" <BWAHAHAH...@BWAHAHAHAAA.LOL> wrote:
>> "Rex Ballard" <rex.ball...@gmail.com> schreef in berichtnews:7e93d335-e195-4425...@i25g2000yqm.googlegroups.com...
>
>
>>> I didn't see any mention of successful Linux pwns
>
>> No obviously not, there was simply no Linux system at Pwn2Ownhttp://bit.ly/dynxr5
>> (poorly translated by Google)
>
> That explains why it was not mentioned.
>
>> [q]
>> Linux
>> Like previous years, Linux is the great absent again Pwn2Own during the
>> game. This has nothing to show that it is difficult to hack Linux. "It is
>> probably easier, although this does depend on the Linux version you are
>> talking about," says Miller. The reason Linux is not taking part because few
>> people on the desktop. In addition there are the leaks in the browser and
>> running on both Windows and Linux.
>> [/q]
>
> I've heard this claim numerous times, yet I have yet to see someone
> successfully pwn a properly configured Linux system.
>
> I suppose it couldn't be that difficult, since someone cracked the Mac
> in 8 seconds last year. What did Apple do, set the root password to
> root or something?
>
They may have done so.
The really odd thing is that in 6 years I've yet to get hit by any kind
of malware. I've seen social engineered tricks in getting you to
install some software, but then one had to do chmod +x file and then run
it. I've also not seed one virus hit my macs. Maybe I'm using the
wrong kind of bait.
Anyway, there is an article that shows that AV software on OS X causes a
lot of os problems and it isn't worth it.
Of course a while back, these same hackers never could gain entry to
VMS. And they've tried for three days with no luck.