Thursday, February 28, 2013

ChromeOS in the House at CanSecWest Pwn2Own 2013

Let it not be said that Linus Torvalds has any difficulty getting his point across.  We have witnessed his sharp, caustic, sometimes quite harsh 'shock jock' exchanges with both awe and respect many times over.

Charlie wins Apple via pwn2own
Charlie wins Apple via pwn2own (Photo credit: ggee)
Very recently, a 'chit chat' was had regarding SecureBoot routines possibly becoming part of the Linux Mainline Kernel which was met with a strong rebuttal from Linus who made it clear in no uncertain terms--no secureboot signing code in the kernel will ever happen.   NEVER!

Recalling another incident, a few years back, and this one is a 'classic', Linus Torvalds wrote:





"...[O]ne reason I refuse to bother with the whole security circus is that I think it glorifies - and thus encourages - the wrong behavior.It makes "heroes" out of security people, as if the people who don't just fix normal bugs aren't as important.
In fact, all the boring normal bugs are way more important....Security people are often the black-and-white kind of people that I can't stand. I think the OpenBSD crowd is a bunch of [self-stimulating] monkeys...."

Clear?  Eeeeek.

You get the idea.

Anyhow, in about a week the CanSecWest 2013 Conference begins, and, in keeping with tradition, a yearly Pwn2Own Contest is held to let all comers have their programming hacks put to test against Browsers running on the Microsoft Windows and Apple OSX operating system platforms.

Chromebook Pixel
Chromebook Pixel (Photo credit: Stratageme.com)
It has been, shall we say, a veritable 'dog and pony' show with the stakes for a winning security exploit  also rising each year by leaps and bounds.  The regular purse for this year's contest has about 3/4 million dollars in the pot for various category winners' pay-outs.

However, a major change for this year's contest is the entry of the first Linux-based operating system unit, the venerable Google Chromebook running Chrome OS.  Yes, you read that correctly--Linux is now going to strut its stuff.  And strut it will.

Google is so confident in the security-hardened ChromeOS that they have set their purse at (pi) $3.14 million dollars worth of prizes for finding security vulnerabilities and executing a successful exploit proof of concept in any of their products running on ChromeOS, OSX or Windows platforms.

That is quite a large incentive for hackers to take a serious interest in cracking the ChromeOS armor, but, I am wagering that the end of the 'Shooting Fish in a Barrel' era has come in 2013 and I predict that not one exploit will succeed in hacking ChromeOS whatsover.  NONE. NIL.

Stayed tuned--Pwn2Own 2013 begins on March 6, 2013.

--Dietrich
Enhanced by Zemanta

0 comments:

Post a Comment