Re: DEFCON CTF Submissions are in, DC-16 video online!

[Brandon Edwards <drraid () gmail com>]

> If the OS of choice for past years is regarded as a tough nut to
> crack, why should that be dropped for an OS that is more popular but
> generally perceived as easier to compromise?  Isn't that dropping the
> calibre of the game?  Other than making it easier for some competitors
> and a choice of principle for those who elect to avoid non-libre
> software, how is it expected that this will improve the game?

The vulnerabilities in the CTF ran by Kenshoto were not in the OS. It
is not as though people were winning by finding 0day bugs in FreeBSD's
IP stack. The vulnerabilities were introduced through custom services
and occasionally through the use of very broken open source software.
FreeBSD doesn't offer the same degree of anti-exploitation / memory
protection mechanisms as newer Windows releases. It is not as though
"noob exploiters" have an easier time with Windows than FreeBSD - I
would say the opposite is true.

Additionally, and no offense to the FreeBSD users, compromising a
FreeBSD box has mild impact on the real world. Sure, some servers
somewhere run FreeBSD - but most of these are by enthusiasts, even if
for their companies. Forget the golden unicorn ideals of free software
hippie hackerism: the world runs on Windows, some Linux, and some OSX.
Having Windows introduced into the game adds realism.

-Brandon
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave