When you have a head to head multi-system laptop security contest, it would seem, to most people at least, that the machines that are the most secure would be the ones that have the biggest set of resources would be the winner. After all the companies who have multi-million dollar security departments and hundreds of minds toiling endlessly to fix those problems, or lose their jobs for gross negligence if they fail to fix the problem should in theory at least, should result in having the more secure systems, coming from the big players in the industry.
Of course we
all know that the reality of a situation is not the same as the theory, and in the in’s and out’s of the real world, sometimes the little guys can prevail, with the built in advantage of speed and freedom from the shackles of the endless levels of managerial approvals and corporate reviewers that can slow the progress of innovation and keep as many good ideas sitting in the inbox as well as the bad.
Penetration testing, of the fine art and subtle science of doing everything and anything that you can do, even the illegal and unethical, to get into a computer system or network, not to do anything that will damage the network but to expose the vulnerabilities that lie dormant in the system waiting for someone with less than ethical intentions to exploit. It is a necessary and important part of the IT security world, and in the grand tradition of all things that are technical it can be a very competitive area.
How competitive you ask? There are now annual penetration testing contests where scores of testers, ranging from paid professionals who work with private companies to college students who want to prove that they are up and coming in the field can have a chance to toy with the latest systems and show off their skills. Many times the top performers who get into the systems first win prizes of sweet new technology toys and a cash prize.
It is at one of these competitive events, held in Canada that a Linux distribution, which goes by the name of Ubuntu took home the grand prize. At a convention of security professionals, which goes by the name of CanSecWest, Ubuntu was the only system not to be taken down during the 3 day event.
The Ubuntu machine was pitted against two formidable foes, a brand new Vista laptop to represent the Microsoft group and a Macbook air to represent the mobile technology from Apple. Both of those systems managed to stand up to the direct attacks to the system allowed on the first day, but fell when the system penetrators were allowed to make attacks that relied on the failure of an end user to recognize a threat or clicking on a link that allows an end user inadvertently give access to a system.
The Linux system survived all the types of attacks that were allowed. This included the direct attacks, social networking attacks and over network attacks. No one was able to gain control of the system.