CanSecWest 2008 pwn2own: Triple Play!

nice toys for bad girls and boys
CanSecWest Applied Security Conference: Vancouver, British Columbia, Canada:

Three targets, all patched. All in typical client configurations with typical user configurations.You hack it, you get to keep it.

Each has a file on them and it contains the instructions and how to claim the prize. Targets (typical road-warrior clients):

  • VAIO VGN-TZ37CN running Ubuntu 7.10
  • Fujitsu U810 running Vista Ultimate SP1
  • MacBook Air running OSX 10.5.2

My bet is that the MacBook Err is first to go. Not just because it’s a nifty, thin lightweight machine many people crave but because Apple’s security blows. I won’t be surprised if the Fujitsu is last to go unless someone uses an identical expolit in the Apple, much like last year’s vulnerability was cross-platform. Since the Fujitsu will include iTunes, Safari, and QuickTime, I expect whomever pwns the Mac will immediately share the same exploit on the Fujitsu (or vice versa if it’s related to Apple’s insecure software). The rules stipulate one laptop per contestant.

FWIW, my heart would be set on the Fujitsu (on which I’d probably install FreeBSD) even though I’m a diehard ThinkPad fan. I’d take an x300 with its twice-better battery life (not to mention easy battery accessibility) and more USB ports and better connectivity and everything else over the single-battery (you have to disassemble the thing to replace it, which will reportedly take 48 hours at an Apple Store — no carrying spares) MacBook Err and the Vaio and the Fujitsu. Oh yeah, and then there’s the best part of all — the x300 doesn’t come loaded with Mac OSX.

If anyone at Lenovo wants me to review the x300 in a Linux/BSD environment, please contact me. I’d love to see what it can do.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: