PWN2OWN

As reported here and here, it is kind of good to see that Linux was the only operating system left standing in the end. If we read into how the hacking competition was conducted, it becomes quite clear that the Open Source way of doing things is probably the best way to do things.

For many years, the main selling point for the Open Source way was the fact that anyone could look and modify the source code of computer programmes, freely. The logic behind this is that with many eyeballs looking at the code, the chances of spotting errors is higher. This is also the logic behind peer-review in science.

In this particular competition, three different laptops were configured and the hackers were challenged to break into the system “as-is” and if they succeeded, they would walk home with some cash and the laptop that they broke into. Surprisingly, the first one to fall was the AirBook. You could possibly consider that the AirBook, being such a beautiful machine, would have attracted the most attempts. But that still doesn’t change the fact that it fell so quickly.

Some slightly more technical people will, at this point, quote that OSX is based on an Open Source operating system, Darwin, which is itself a descendent of FreeBSD. But then, there are many parts of OSX that is proprietary, like the graphical user interface running on top of Darwin. Also, it is reported that the culprit that caused the downfall of the AirBook, was actually a piece of software by Adobe.

Then the rules were relaxed further to allow the machines to be compromised using any pre-installed software on the system. This caused the Windows machine to be breached, again due to a problem with a piece of software from Adobe. On the last day, the rules were relaxed further, to allow the machines to be compromised using any commonly installed 3rd party software. And surprisingly, the Linux machine held on without being compromised.

Instead of gloating on the strengths of Linux, I would just like to point out that there is a correlation between openness and security. When I was a boy, I was once told by a Debian developer that, security by obscurity is not security at all. That totally confounded me at the time but I have since learned the wisdom of such words.

A truly secure system is one that is thoroughly open, that you could fiddle with as much as you’d like, and still remain secure. The Linux operating system is developed on an open platform. All the various bits running on top of it are also bound by the same rules. Even random 3rd party software are often developed along the same lines. So, openness breeds security.

Advertisements

Published by

Shawn Tan

Chip Doctor, Chartered Engineer, Entrepreneur, Law Graduate.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s