Has GNU/Linux Won Pwn2Own Again?

Dr. Roy Schestowitz

2009-03-20 14:25:30 UTC
Modified: 2009-03-20 14:25:30 UTC

Novell shield

Summary: GNU/Linux is a no-show, but it was last year's winner

A LOT of people may not remember this, but Apple's Mac OS X was the first to fall last year due to a flaw in Safari (proprietary) and Windows Vista was second. Ubuntu GNU/Linux, which was there for people to crack, stayed untouched until the end and thus won. It's a similar story this year, but having already emerged victorious, Mr. GNU/Linux did not bother attending to defend its title. This is of course a mostly tongue-in-cheek statement, but nonetheless, here is the coverage from Heise:

Safari was the first to fall this week at the Pwn2Own 2009 security competition held at the CanSecWest conference in Vancouver, Canada. The competition, sponsored by TippingPoint Technologies, awards a prize for each vulnerability found on various mobile phone platforms and internet browsers. Participants were invited to attack Internet Explorer 8, Firefox and Google Chrome on Windows 7 and Safari and Firefox on Mac OS X, each of which was fully patched.

Heise has another interesting story about Windows Trojans in ATMs

Windows Trojan on Diebold ATMs

Vanja Svacjer, a virus expert for Sophos, has reported his latest find in a blog entry: a Trojan that spies on PINs. The difference is that this example specialises in cash dispensers made by Diebold, which run Windows.

It is utterly foolish to run ATMs on Windows for reasons that we listed before using plenty of evidence.

As a side note, we still try to determine or at least wait for a response from Apple regarding its new headphones. Is the following report truthful? It is being actively challenged.

"Latest iPod Suggests that Apple Still Loves DMCA-Assisted Lock-in

Back in January, we noted that despite Steve Jobs's posturing on the music DRM front, Apple remains a big supporter and user of DRM and DRM-like schemes throughout their product lines. Over at the EFF blog, Fred von Lohmann suggests another potential example. The new iPod Shuffle has no buttons; the controls are on the included headphones.

Until Apple sheds some light it will remain an area that is hard to comment on. ⬆

Recent Techrights' Posts

[Meme] EPO Targets: Targets mean nothing if or when you measure the wrong thing
The EPO is Nowadays Trying to Trick Staff Into Settling Instead of Solving the Underlying Problems of Corruption and Injustice: This seems like a classic case of "divide-and-rule" or using misled/weak people to harm the whole group (or "the village")
Richard Stallman 'Unveils' His January 20 Talk in Montpellier, France: It's free (gratis)
Links 19/01/2025: Gaza Ceasefire and PR Stunt by Fentanylware (TikTok), Faking It by "Going Dark" to Incite American Addicts (Users): Links for the day
They Won't Buy Vista 11 PCs or "Hey Hi" Copilot+++++++ PCs of Microsoft (With TPM): Windows at 8%
No Time Left for President Biden to Pardon Julian Assange: At least they tried
Total Lock-down Ambitions - Part IV - The Latest Examples and the Perils (in Summary): For further reading take a look at Musial's nice outline
Improving Daily Links by Culling Spam, Chaff, and LLM Slop: the Web is getting worse
Links 20/01/2025: Indonesia to Prevents Kids' Access to Social Control Media (Addiction and Worse), Climate News Catchuo: Links for the day
EPO Union Says Monopoly-Granting Targets at EPO "Difficult to Achieve Without Compromising [Staff] Health, Personal Time or the Quality of the Final Products" (Products as in Monopolies, Not Real Products): To those of us (over 99.999% of people impacted by this) who do not work at the EPO the misuse of words like "products" (monopolies are not products) should be disturbing
Links 20/01/2025: More PR Stunts by ByteDance and MLK’s Legacy Disrespected: Links for the day
Gemini Links 20/01/2025: Magnetic Fields, NixOS, and Pleroma: Links for the day
BetaNews Spreads Donald Trump Propaganda, Promotes Scams, and Publishes Fake 'Articles' About "Linux": This is typical BetaNews
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Sunday, January 19, 2025: IRC logs for Sunday, January 19, 2025
[Meme] Hardware RAID and Hardware Raid: We're expecting attacks on the press in Trump's second term (no need to impress anyone for another election cycle) to be far worse than the first
What's Running on the Laptops: 12 months have passed
[Meme] 404, Not Found: Kuhn: I'd like to interject for a moment, we made an alliance with the Microsoft-dominated LF to outsource projects to Microsoft GitHub and rich people gave us money to do this
FOSDEM is Called "FOSDEM" Because of Richard Stallman (RMS): The overlap there seems timely; yesterday RMS spoke in French-speaking (in part) Switzerland where questions in French were accepted
Links 19/01/2025: TikTok (Fentanylware) Now Banned in the US, Convicted Felon Talks to Fentanylware CEO and Pooh-Tin About Undoing the Ban Despite the Supreme Court Unanimously Upholding It: Links for the day
FTC Realises Microsoft Buying Fake 'Clients' to Fake "Revenue" (Microsoft 'Buying' Services and Products From Itself!): Ponzi scheme
Total Lock-down Ambitions - Part III - The Web Browser as DRM Pusher: A lot of "streaming" stuff is DRM
Video: University in Peru Honours Richard Stallman: Tomorrow, January 20, Richard Stallman speaks in France
IBM Termination Story and Information From Microsoft About Mass Layoffs: In 2 weeks of 2025 Microsoft already had 2 waves of layoffs
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Saturday, January 18, 2025: IRC logs for Saturday, January 18, 2025
Links 18/01/2025: Restoring the Great Wall of China and Economic Expansion in China: Links for the day
Guardian Digital (linuxsecurity.com) is Spamming the Web With Microsoft's Promotional LLM Slop About UEFI 'Secure' Boot (Which is Against Real Security): This is an attack on honest journalism
Links 18/01/2025: TikTok's Endgame, "Car Freedom", and Spying in Cars 'Fines' GM (Settlement): Links for the day
January 20: Richard Stallman Talk in Europe: evening time in Europe, around midday in the United States and Canada
Links 18/01/2025: Apple Getting Out of Hey Hi (AI) Slop (Too Much Misinformation), Chaffbots/Chatbots Try to Settle Copyright Infringement Lawsuits: Links for the day
What Fake News Sites Are Doing to GNU/Linux: The LLM slop about Linux serves two purposes
Links 18/01/2025: Microsofters Upset at Microsoft's Ridiculous Rebrands (Excuse for Massive Price Hikes), Chaffbot Company ('Open'AI) Faces More Lawsuits: Links for the day
Gemini Links 18/01/2025: Surge in Illnesses, ctags, and Gemsync: Links for the day
Slopwatch: Too Lazy to Write Real Articles, Offloading to Chatbots Instead (LLM Slop About "Linux"): The Web was already full of garbage before the LLM frenzy. Now it's even worse.
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Friday, January 17, 2025: IRC logs for Friday, January 17, 2025