Overclock.net › Forums › Industry News › Software News › [TPoint]Vista hacked in PWN-to-OWN
New Posts  All Forums:Forum Nav:

[TPoint]Vista hacked in PWN-to-OWN

post #1 of 76
Thread Starter 
Quote:
Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. Not only is he the official winner of the Fujitsu laptop, but also $5,000 from us. Shane received some assistance from his friends Derek Callaway (also from Security Objectives) and Alexander Sotirov. If you'll also remember, Shane Macaulay was Dino Dai Zovi's on-site team member at last year's PWN to OWN event in which they ultimately took the top prize.
source

Ubuntu wins
OC in progress...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PII x3 720 BE @3.8ghz TA790gx 128m GTS 250 @ 800/1944/1230 2gb Gskill DDR2 1066 
OSPowerCase
W7/xp Corsair 400CX CM Mystique 
  hide details  
Reply
OC in progress...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PII x3 720 BE @3.8ghz TA790gx 128m GTS 250 @ 800/1944/1230 2gb Gskill DDR2 1066 
OSPowerCase
W7/xp Corsair 400CX CM Mystique 
  hide details  
Reply
post #2 of 76
The rules said you were only allowed to use software that came preinstalled.
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
Reply
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
Reply
post #3 of 76
Quote:
7:30pm PST Update - Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. Not only is he the official winner of the Fujitsu laptop, but also $5,000 from us. Shane received some assistance from his friends Derek Callaway (also from Security Objectives) and Alexander Sotirov. If you'll also remember, Shane Macaulay was Dino Dai Zovi's on-site team member at last year's PWN to OWN event in which they ultimately took the top prize.

The new Adobe Flash 0day vulnerability that Shane exploited has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Adobe who is now working on the issue. Until Adobe releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability. You will be able to track the vulnerability on the Zero Day Initiative upcoming advisories page.
OSX was hacked because of Safari, and Vista because of Flash. I think the rules need to be revised....the hacking occurred because of an application, not the OS itself.

Also, I want to see a competition between hacking Vista x86 and Vista x64. I think the results would be a bit different, and this competition used Vista x86.
Optimus Prime
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 Gigabyte P35-DS3R eVGA 8800GTS 650/2000 2x2GB G. Skill DDR2 1000 
Hard DriveOptical DriveOSMonitor
7200.10 RAID0 (640GB) Pioneer DVD +/- RW Vista Ultimate x64 Acer 22" WS + 17" LCD 
KeyboardPowerCaseMouse
Logitech G15 Silverstone OP 650 Modified P180 for W/C Razer Death Adder 
Mouse Pad
Razer Mantis Speed 
  hide details  
Reply
Optimus Prime
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 G0 Gigabyte P35-DS3R eVGA 8800GTS 650/2000 2x2GB G. Skill DDR2 1000 
Hard DriveOptical DriveOSMonitor
7200.10 RAID0 (640GB) Pioneer DVD +/- RW Vista Ultimate x64 Acer 22" WS + 17" LCD 
KeyboardPowerCaseMouse
Logitech G15 Silverstone OP 650 Modified P180 for W/C Razer Death Adder 
Mouse Pad
Razer Mantis Speed 
  hide details  
Reply
post #4 of 76
Thread Starter 
I guess they changed the rules =/

Most general use computers have adobe flash player installed either way, and all macs come preinstalled with safari so if you're going for a realistic simulation of the average computer then this is valid imo.
OC in progress...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PII x3 720 BE @3.8ghz TA790gx 128m GTS 250 @ 800/1944/1230 2gb Gskill DDR2 1066 
OSPowerCase
W7/xp Corsair 400CX CM Mystique 
  hide details  
Reply
OC in progress...
(13 items)
 
  
CPUMotherboardGraphicsRAM
PII x3 720 BE @3.8ghz TA790gx 128m GTS 250 @ 800/1944/1230 2gb Gskill DDR2 1066 
OSPowerCase
W7/xp Corsair 400CX CM Mystique 
  hide details  
Reply
post #5 of 76
Quote:
Originally Posted by bdattilo View Post
OSX was hacked because of Safari, and Vista because of Flash. I think the rules need to be revised....the hacking occurred because of an application, not the OS itself.
agreed,
doesnt really show the integrity of the OS at all,
    
CPUMotherboardGraphicsRAM
i5 2500k Asus P67-M Pro HD 4890 2x4gb Gskill DDR3 16000 
Hard DriveOptical DriveOSMonitor
60gb Force 3 SSD + 1TB Caviar Black Samsung 22X DVD Windows 7 x64 Ultimate LG IPS 23" 
KeyboardPowerCaseMouse
Razer Black Widow Ultimate Silverstone 700W Corsair 600T Logitech G500 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i5 2500k Asus P67-M Pro HD 4890 2x4gb Gskill DDR3 16000 
Hard DriveOptical DriveOSMonitor
60gb Force 3 SSD + 1TB Caviar Black Samsung 22X DVD Windows 7 x64 Ultimate LG IPS 23" 
KeyboardPowerCaseMouse
Razer Black Widow Ultimate Silverstone 700W Corsair 600T Logitech G500 
  hide details  
Reply
post #6 of 76
Quote:
Originally Posted by bdattilo View Post
OSX was hacked because of Safari, and Vista because of Flash. I think the rules need to be revised....the hacking occurred because of an application, not the OS itself.
Well the Mac hack was done to a 1st party application while the vista machine was hacked using a 3rd party application. This in no way means that Vista is more secure but it just goes to show you nothing is "unhackable" as the mac marketing team claims.
The Beast
(14 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k ASRock Z170 Gaming K6+ ASUS GTX 1080 Ti Strix G.Skill Tridentz DDR4 3200MHZ 2x8GB 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 500GB Corsair GTX H110i Windows 10 Pro 64bit 28" Samsung 4K 
KeyboardPowerCaseMouse
Corsair Strafe RGB EVGA 1000W G2 Phanteks Evolv ATX Tempered Glass edition G700s 
  hide details  
Reply
The Beast
(14 items)
 
  
CPUMotherboardGraphicsRAM
i7 6700k ASRock Z170 Gaming K6+ ASUS GTX 1080 Ti Strix G.Skill Tridentz DDR4 3200MHZ 2x8GB 16GB 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 500GB Corsair GTX H110i Windows 10 Pro 64bit 28" Samsung 4K 
KeyboardPowerCaseMouse
Corsair Strafe RGB EVGA 1000W G2 Phanteks Evolv ATX Tempered Glass edition G700s 
  hide details  
Reply
post #7 of 76
Quote:
Originally Posted by bdattilo View Post
OSX was hacked because of Safari, and Vista because of Flash. I think the rules need to be revised....the hacking occurred because of an application, not the OS itself.
An OS would be hard to hack if it had no software accessing the network. Anyway, on the first day it was only over-the-network attacks, which I suppose means there's no software installed. Nobody won, so it must be hard.

On the second day, browsers were probably authorized and that's how OSX's Safari got hacked. And Flash and other extensions were probably installed on the 3rd day.

These are part of the rules. Each day brings more vulnerabilities but lesser cash prizes.
Omicron Lyrae
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X3 720 BE @3.6 Asus M4A785TD-V EVO Sapphire HD5770 V2 OCZ 2x2GB Gold DDR3-1333 
Hard DriveOptical DriveOSMonitor
Samsung Spinpoint F3 1TB Sony Lightscribe DVD-RW Windows 7 Professional 64-bit AOC F22+ 1080p 
KeyboardPowerCaseMouse
Cherry Scissor Switch Flat Keyboard OCZ StealthXstream 600W Cooler Master Elite 334 Microsoft Sidewinder 
  hide details  
Reply
Omicron Lyrae
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II X3 720 BE @3.6 Asus M4A785TD-V EVO Sapphire HD5770 V2 OCZ 2x2GB Gold DDR3-1333 
Hard DriveOptical DriveOSMonitor
Samsung Spinpoint F3 1TB Sony Lightscribe DVD-RW Windows 7 Professional 64-bit AOC F22+ 1080p 
KeyboardPowerCaseMouse
Cherry Scissor Switch Flat Keyboard OCZ StealthXstream 600W Cooler Master Elite 334 Microsoft Sidewinder 
  hide details  
Reply
post #8 of 76
Quote:
Originally Posted by bdattilo View Post
OSX was hacked because of Safari, and Vista because of Flash. I think the rules need to be revised....the hacking occurred because of an application, not the OS itself.

Also, I want to see a competition between hacking Vista x86 and Vista x64. I think the results would be a bit different, and this competition used Vista x86.
So what if they used an application ... honestly. Who uses a OS with no applications running?
post #9 of 76
At least it took longer than 2 minutes

Honestly, the only secure computer is one which is unplugged and buried under 6 feet of concrete. No computer being used is "unhackable".
     
CPUMotherboardGraphicsRAM
Q9450 @ 3.0 Gigabyte GA-P45-UD3P Evga 9800GTX+ 800/1943/1200 2x2GB OCZ 1066 LV 
Hard DriveOptical DriveOSMonitor
Vertex 2 40gb + 750gb Seagate 7200.10 Lite-On 24x DVD+-RW Windows 7 x64 LG 22" 1680x1050 
PowerCase
Corsair HX520w modular Coolermaster CM-690 
CPUMotherboardRAMHard Drive
Sempron LE-1250 Gigabyte GA-MA78GPM-DS2H 2GB (2x1GB) Corsair Ballistix 1066 2x750GB Western Digital RE2 Green power 
OSPowerCase
Windows Home Server w/ PP3 Ultra 400w modular Antec 300 
  hide details  
Reply
     
CPUMotherboardGraphicsRAM
Q9450 @ 3.0 Gigabyte GA-P45-UD3P Evga 9800GTX+ 800/1943/1200 2x2GB OCZ 1066 LV 
Hard DriveOptical DriveOSMonitor
Vertex 2 40gb + 750gb Seagate 7200.10 Lite-On 24x DVD+-RW Windows 7 x64 LG 22" 1680x1050 
PowerCase
Corsair HX520w modular Coolermaster CM-690 
CPUMotherboardRAMHard Drive
Sempron LE-1250 Gigabyte GA-MA78GPM-DS2H 2GB (2x1GB) Corsair Ballistix 1066 2x750GB Western Digital RE2 Green power 
OSPowerCase
Windows Home Server w/ PP3 Ultra 400w modular Antec 300 
  hide details  
Reply
post #10 of 76
Quote:
Originally Posted by Stephen Chan View Post
I guess they changed the rules =/

Most general use computers have adobe flash player installed either way, and all macs come preinstalled with safari so if you're going for a realistic simulation of the average computer then this is valid imo.
My point exactly, unless they changed it this team cheated. Also Adobe sucks at programming from what i have seen.

Quote:
At least it took longer than 2 minutes

Honestly, the only secure computer is one which is unplugged and buried under 6 feet of concrete. No computer being used is "unhackable".
Take pliers and rip off your LAN interface. (And/or wifi and other connection methodes.) Then your 100% secure.
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
Reply
Lee XT
(17 items)
 
  
CPUMotherboardGraphicsRAM
AMD FX-6300 Asus M5A97 SAPPHIRE Radeon HD 7850 AMD 4GB DDR3 1333MHZ 
RAMRAMRAMHard Drive
AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ AMD 4GB DDR3 1333MHZ OCZ Vertex 4 256GB 
CoolingOSMonitorKeyboard
Corsair H80 Windows 8.1 Pro MCE Dell P2414H WHXV7  Microsoft Generic 
PowerCaseMouseMouse Pad
Ultra 600W Limited Edition NZXT Black Steel Razer Deathadder Razer Goliath 
Audio
Realtek HD Audio 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [TPoint]Vista hacked in PWN-to-OWN