South African entrepreneur Mark Shuttleworth is renowned as the first person from an independent African country to visit space, but he is also respected in the software community as the driving force behind the open source Ubuntu Linux distribution.
Now his Ubuntu operating system has emerged as the most secure at the hacking contest held at the ninth CanSecWest security conference in Vancouver, Canada, in March 2008. The purpose of the hacking contest is to uncover previously unknown bugs in various types of software so that the relevant vendor can rectify them. All registered attendees were allowed to participate, some of them the smartest hackers around.
Ubuntu 7.10, running on a Sony VAIO laptop, was pitted against Windows Vista Ultimate SP1 running on a Fujitsu laptop, and Mac OSX 10.5.2 (Leopard) running on a MacBook Air. Each system featured the latest version of all software and was fully patched with the most current security updates.
Hackers were required to exploit software vulnerabilities that allowed them to take control of the machines. Once this had been achieved, they had to extract the contents of a specific file on the machine to claim victory. Winners received a cash prize and also took home the laptop.
Bringing out the big guns
The competition took place over three days. On the first day only network attacks were allowed. The cash prize for this achievement was $20 000, but there were no winners at this stage.
Day two saw the attack broadened to include default installed client-side applications – applications that are installed with the operating system. These could be attacked by visiting a malicious website, or following a link through email or a vendor supplied instant messenger client. This was the stage at which the first machine went down – the MacBook Air running OSX Leopard. The prize for this stage was $10 000.
Security researcher Charlie Miller took less than two minutes to exploit a flaw in Safari, Apple’s native web browser. Miller, who recently hacked Apple’s iPhone, took Safari to a website that contained malicious code and that allowed him to seize control of the machine remotely. Apple has been notified of the bug and is now working on the issue.
On the final day popular third-party applications such as Skype and open source instant messenger client Adium were added to the competition. At this stage the second laptop was compromised through Flash, proprietary software from Adobe. The software company is now working on a patch for the bug. The winner, software security consultant Shane Macaulay, took the machine and $5 000.
At the end of the three days only the Sony laptop running Ubuntu 7.10 was intact. However, Shane Macaulay reportedly claimed that his Flash exploit could speedily be adapted for any of the three operating systems.
The latest version of Ubuntu, 8.04, is set for release at the end of April 2008. Both server and desktop variants are said to be easier to use and to deploy. Security features include a new firewall application and extra protection against malicious code such as rootkits, which are programmes used by hackers to gain access to information contained in operating systems – they can even mask their presence.
For the first time the system will include a Windows installation option, which will allow users to install Ubuntu 8.04 from inside Windows just like they would install any other application, without having to set aside a new partition.
A born entrepreneur
Born in Welkom, Free State, Mark Shuttleworth holds a Bachelor of Business Science in finance and information systems from the University of Cape Town, as well as an honorary doctorate from that same institution.
Shuttleworth founded internet security and digital certificate specialist company Thawte in 1995. He sold Thawte to VeriSign in 1999, earning R3.5-billion at the time. Since then he has founded business incubator HBD Venture Capital, and Canonical Inc, which promotes and supports free software.
In 2004 Shuttleworth, through Canonical, funded the development of Ubuntu – he had been involved in the development of another Linux distribution, Debian, in the 1990s. Ubuntu is based on Debian.
He has also set up the Shuttleworth Foundation to fund education and open source software projects in South Africa, as well as the Ubuntu Foundation to ensure the long-term maintenance of Ubuntu independently of Canonical.
On 25 April 2002 Shuttleworth became a cosmonaut aboard the Russian Soyuz TM-34 mission at a personal cost of about $20-million. His 10 days in space followed one year of training and preparation, including a seven-month sojourn in Star City, Russia.
Shuttleworth is regarded as the first citizen of an independent African country to enter space. Patrick Baudry, an astronaut in the mid-1980s, was also born in Africa. At the time of Baudry’s birth, though, Cameroon was a French colony and so the astronaut was classed as a French citizen.
- Mark Shuttleworth
- Ubuntu Foundation
- First African in Space
- Gagarin Cosmonaut Training Centre