safari and flash pwned at cansecwest

CanSecWest is over and that also means the Pwn 2 Own contest is over. I did a quick faux-prediction a few weeks ago thinking the kill order would be Ubuntu, OSX, Vista. I’m a little surprised that Ubuntu survived unscathed even through the last day. I’m not surprised OSX or Vista were owned, particularly through applications (Safari in OSX and Flash in Vista). I think this means Ubuntu just isn’t important enough to pwn yet, though I’m surprised by that since I figured many researchers to be Linux-friendly. Perhaps more are on Macs and Windows than the secuirty clubs would like to admit. 🙂

A fun contest, although I’d hesitate entirely to trumpet the results to back any sort of “xxx OS is more secure” arguments. The real benefit is increasing interest in doing these sorts of things on the good side of the fence before the bad side of the fence does them. It also appears to get Apple to patch their crap… Besides, this is fun for our community, and we really need more fun and back-papping in the field.

Speaking of predictions, I’m kicking myself a bit for not getting into any NCAA Tournament pools this year, having picked 5 of the elite 8, all final fours, and am still confident in UNC over UCLA in the final. Of course, not a ton of broken brackets this year, so I expect lots of people would have been up there with me. I’ve been very busy lately and didn’t research much before the games, so opted not to ante up to anything this year.