dvlabs.tippingpoint.com — "7:30pm PST Update - Vista Laptop was Won!: Congratulations to the team of Shane Macaulay and Derek Callaway (both from Security Objectives) and Alexander Sotirov! - they have just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash" Only Ubuntu was left standing!
Mar 29, 2008 View in Crawl 4
grumpyrainMar 30, 2008
And I think it is important to differentiate between IE for XP and earlier, and IE on Vista. On Vista, IE specifically uses a security token with SFA privileges. I mean it can not even download a file to the desktop for itself, but instead requires a broker application to act as a middleman. I have little reason to be convinced that, security-wise, IE7 is light years ahead. I do however believe that exploiting the host OS through IE7 is no simple feat, because the compromised IE7 process isn't allowed to meddle with even user level files, let alone root level settings.The memory corruption bug in Safari allowed arbitrary remote code execution (bad). The same flaw under IE7 on Vista would have allowed arbitrary remote code execution within its extremely limited sandbox. The Safari flaw not only allowed access to the user level files, but clearly must have found some way to elevate itself to a point where a remote term session was possible (double bad).
Closed AccountMar 31, 2008
"You should read a little bit more about what the purpose of protected mode is before replying."You're right. I'm sorry."Protected mode prevents both IE and it's plugins from accessing virtually any files on the system. This *includes* Flash. If Flash is accessing stuff outside of of this sandbox, it *is* a problem of the sandbox itself, not Flash."If that is true, then I agree that Vista was exploited.
mrsteveman1Apr 8, 2008
I've never owned an ATI card in my life, my laptop is an i945 and my old desktop was an NV5200fx. Both are very poor drivers despite being officially supported by the manufacturer. The intel driver is about 5 years behind the rest of the world, and the nvidia driver is an afterthought for the company.
myclApr 10, 2008
actually, it's:Linux>Windows=Macsbut:Linux "fanboys">Windows "fanboys">Mac fanboys (real fanboys)seriously, there is nothing more annoying than a mac fanboy that makes a perfectly good os look bad.
myclApr 10, 2008
dude, the prize money (for the first couple of days) is worth more than any of the laptop. highly doubt the main aim is to get the laptop they desired. besides, prefer a fujitsu over a vaio? and how do you know if ubuntu had trouble with the vaio wifi?
myclApr 10, 2008
actually the mac *did* get hacked out of the box