Thanks to Adobe’s Flash!
Vista Laptop was Won!: Congratulations to the team of Shane Macaulay and Derek Callaway (both from Security Objectives) and Alexander Sotirov! – they have just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. Not only are they the official winner of the laptop, but also $5,000 from us. The new Adobe Flash 0day vulnerability that they exploited has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Adobe who is now working on the issue. Until Adobe releases a patch for this issue, neither we nor the three contestants will be giving out any additional information about the vulnerability. You will be able to track the vulnerability on the Zero Day Initiative upcoming advisories page.
So at the end of the contest, only the Sony VAIO laptop running Ubuntu was left standing.
All the more reason to uninstall Adobe web based software and rely on something else.
The third and final day of the PWN to OWN contest at the CanSecWest security conference begins today, March 28th at 12:30pm local time (PST) in Vancouver. Yesterday, on day two of the contest, the MacBook Air was successfully compromised first and won by a team from Independent Security Evaluators, also winning $10,000 from us (the Zero Day Initiative).
As of today, since the Vista and Ubuntu laptops are still standing unscathed, we are now opening up the scope beyond just default installed applications on those laptops; any popular 3rd party application (as deemed “popular” by the judges) can now be installed on the laptops for a prize of $5,000 upon a successful compromise. For a refresher on the full rules and cash prizes, check out the PWN to OWN contest guidelines.
Check back on this page for the latest updates throughout the last day of the contest, including pictures from the PWN to OWN awards ceremony that will be held at the end of the conference today.
Firefox will be one of the common apps installed on both the remaining laptops. (Fingers crossed.) Some others include Skype, Acrobat (oh dear), MSN Messenger, and possibly Office. They should have kept the Mac Air in the running just for fun.
“That huge bundle of damning emails and documents Microsoft produced as part of the Vista-capable lawsuit is full of fascinating information about how the company developed, planned, and launched Vista, but the latest juicy nugget to come out if it suggests that a lot of problems faced by the troubled operating system are actually NVIDIA’s fault — nearly 30% of logged Vista crashes were due to NVIDIA driver problems, according to Microsoft data included in the bundle.”
I switched from an nVidia card to to an ATI card that fit in my mini-form a while back, so far it’s been completely stable. If you have a Dell XPS 210, I highly recommend the Vision Tek X1300 or its successors. It fits the case just fine, the fan is silent with the case sealed up, and I’ve yet to have any crashes related to video drivers since installing it. No overheating problems either as far as I can tell. The card is recommended by Dell as an upgrade – you can purchase it through the “Accessories and Upgrades” section of the Dell Vista Support Center.