CanSecWest has again produced enlightening results. ZDNet records the latest breach of Windows 7: Hacker exploits IE8 on Windows 7 to win Pwn2Own. In case you’ve been sleeping, these are Microsoft’s latest offerings. The more things change, the more they remain the same.
I should also note that Peter Vreugdenhil bypassed the two core elements of Microsoft’s security plan: ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). It took him just two weeks to implement.
In case you’re getting smug on your Mac, note that another hacker, Charlie Miller, hacked Safari for the third year in a row. Hardly constitutes a challenge. Others hacked and hijacked iPhones.
Caveat Emptor!
Advertisement
Subscribe to Reformed Musings
Just as I was reading your blog, I noticed another blog that explained why Linux is so hard to hack. The site is technical, so I’ll just put up the link:
http://cristalinux.blogspot.com/2010/03/understanding-viruses-in-linux.html
By: ubuntulady on March 27, 2010
at 1:55 am
I found one post – http://blogs.zdnet.com/security/?p=995 – where the author claims the only reason Ubuntu wasn’t hacked is that no one cares about it. My response to that is – bring it on! Let’s see the hack. Talk is easy. Actually doing something is hard work.
By: ubuntulady on March 27, 2010
at 2:08 am
Agreed. Talk is cheap. AppArmor and/or SELinux make Linux a fortress, an AppArmor has been implemented in Ubuntu at the kernel level by default since at least Hardy. Just straight Ubuntu with a hardware firewall that virtualizes ports serves me very well.
By: reformedmusings on March 27, 2010
at 9:18 am
Great link in your first comment. Additionally, the introduction of AppArmor into the kernel to tighten up applications’ access outside their own areas and GccSsp to catch buffer overflows greatly enhances Ubuntu’s security. But like the commenters point out, nothing is idiot proof.
By: reformedmusings on March 27, 2010
at 9:43 am
I’ve never figured out how to use a firewall. I know rootkits are extremely rare in Linux and viruses can’t replicate – but I’ve always wondered just how much security I should have on my home computer.
By: ubuntulady on March 27, 2010
at 11:42 pm
I have a FIOS router with a built-in firewall that’s my primary line of defense. Before that I had a Linksys router w/firewall. That’s a good start.
In Linux, I’ve primarily used Guard Dog under KDE. It provides a GUI for the built-in iptables firewall in Linux. I haven’t messed w/the software firewall in Gnome yet. ufw is the terminal program to set the firewall. Firestarter is the recommended GUI tool, but the last time I used it a few years ago, it crashed badly.
By: reformedmusings on March 28, 2010
at 8:50 am
You’ve given me a lot of information. Thank you.
By: ubuntulady on March 28, 2010
at 8:03 pm
You’re welcome. I loaded Firestarter today and played with it a bit. It’s much better than it used to be, but still doesn’t handle VPN or resource sharing on the local network very well.
By: reformedmusings on March 28, 2010
at 9:05 pm
I’ll see if I can get it to work for me. I last tried GUFW, which is so cryptic I couldn’t figure out how to do anything at all.
By: ubuntulady on March 28, 2010
at 9:11 pm
That’s why I’ve gravitated to the GUIs like Guarddog and Firestarter. I don’t have the time to decode all the settings to use anything else. You still need some basic port knowledge if you have a home LAN, but that’s not too bad.
By: reformedmusings on March 28, 2010
at 9:15 pm
I’ll have to work on the port knowledge. I am definitely going to try Firestarter.
By: ubuntulady on March 28, 2010
at 9:23 pm