The annual CanSecWest security conference hacking contest ‘PWN2OWN’ caused a bit of a stir last week when a suspected Safari browser exploit allowed a MacBook Air to be hacked in just two minutes. It took a fair bit longer, but on Friday Windows Vista Ultimate SP1 running on a Fujitsu U810 finally fell to the efforts of Shane Macaulay, a consultant with Security Objectives.
Macaulay apparently used a zero-day vulnerability exploit found in Adobe’s Flash Player. Microsoft’s reputation shouldn’t be too badly shaken though because the machine stood up to both the first day and second days of attacks. On day three the rules were relaxed yet further to allow the use of ‘popular’ third party software Adobe Acrobat Reader and Flash Player, Firefox and Skype.
In particular, Internet Explorer 7 salvaged back some of the respect Microsoft lost with the poor security record of IE6. However, if you really want to be safe while you surf, it’s high time you learned to use Linux. Ubuntu, an operating system that is completely free to download and use, remained obstinately unhacked at the end of the contest.