Hacking Contest Pits MacBook Air Against Vista, Ubuntu

 
 
By Ryan Naraine  |  Posted 2008-02-22
 
 
 

Organizers of the annual CanSecWest security conference have expanded the PWN 2 OWN hacking contest to pit fully patched laptops running Mac OS X, Windows Vista and Ubuntu against some of the world's smartest hackers.

Last year, the contest was aimed specifically at two MacBook Pro machines and was won by Dino Dai Zovi, a New York-based researcher who exploited a QuickTime zero-day vulnerability.

This year, CanSecWest organizer Dragos Ruiu says there will be three targets: A MacBook Air, running the latest OS X, fully patched with typical configuration; A Sony VAIO VGN-TZ37CNB, running Ubuntu, latest release; and a Fujitsu U810, with a fully patched Windows Vista installation.

"The victory conditions will be the contents of specific, specially planted files on each system, to be extracted by winners," Ruiu said.

The hacker who successfully takes control of any of the machines gets to keep the laptop and any associated prizes for the exploits used, he explained.

At last year's conference, TippingPoint's Zero Day Initiative added a $10,000 cash bounty to the pot that was eventually won by Dai Zovi.

This year, the attack surface will be widened to include some of the most commonly used desktop applications.

For example, an attacker can find and exploit holes in the three main browsers-Internet Explorer, Mozilla and Safari-or vulnerabilities in mail clients like Microsoft Outlook, Apple's Mail.app or Mozilla Thunderbird.

It will also include instant messaging clients like Skype, MSN Messenger, Adium or Pidgin. "They are all in scope," Ruiu said.

Ronald Dodge, associate dean, information and education technology at the United States Military Academy, will serve as the judge for the contest.

Rocket Fuel