Threat Center Security News Hacking Contest
Hacking Contest Print E-mail
Written by Rebecca Mints   
Tuesday, 18 March 2008 18:00
CanSecWest, a security conference held in Vancouver, British Columbia, is holding another contest this year called "PWN to Own." The competition is to see who can exploit a preauthentication code-execution vulnerability in a default service on one of three notebooks: one running Windows Vista Ultimate, one Mac OS X 10.5 and the last with Ubuntu Linux. First prize is $10,000 and the winner also gets to keep the machine they hack.

Dragos Ruiu, the conference's organizer said "We wanted it to be a live-fire exercise," and "We debated the format of this for months before we came up with the three-OS idea."

This is the second time CanSecWest has held such a contest. Last years winners were Dino Dai Zovi and Shane Macaulay. They hacked a Mac running OS X 10.4 (Tiger) by exploiting a QuickTime vulnerability. After their hack became public some Apple users refused to believe that their system was hackable and there was quite an uproar.

This year's contest is going to be more regulated than the last. According to Ruiu, "Last year, we were kind of flying by the seat of our pants." Many months of planning have gone into this year's contest as well. In this contest the machines will only be accessable by a crossover cable. Wireless or Bluetooth attacks will be verified off-site. Last year a hack via a wireclaim was found to be bogus. In addition, hackers will only be allowed 30 minutes before they have to step aside and let someone else have a crack at it. TippingPoint, the company flipping the bill for the lucky winners has also upped the ante: $5000 goes to anyone exploiting a zero-day vulnerability from a list of client-side apps and also another $5000 for the "best bug." Some of the client side apps are Adobe's Flash and PDF file format, Microsoft's IE and Outlook, Mozilla's Firefox, Apple's Safari and Mail, Skype and Java. Oddly, Apple's QuickTime is not on the list.

Hackers vs. Windows, Mac, Linux next week in big-money contest

WTW Threat Level