Hackers vs. Windows, Mac, Linux next week in big-money contest

CanSecWest amps up 'PWN to Own' challenge with more prizes

For example, the laptops will be accessible only via a cross-over cable, and any wireless- or Bluetooth-based attacks will be verified off-site, said Ruiu, to make sure there isn't a repeat of last year, when someone claimed to have nicked the exploit over a wireless connection during the challenge and let it loose on the Web. The claim was later discovered to be bogus.

Also unlike last year, each hacker or hacker team gets just 30 minutes before the next in line gets a crack. "And Shane [Macaulay] and Dino [Dai Zovi] will be there, going head-to head," said Ruiu. "Last year, no one was really prepared for [the contest], but I've heard of a couple of people who will come loaded for bear.

"It should be a fairly colorful environment," he said.

And perhaps more profitable. TippingPoint has upped its contribution to the hacking contest. In addition to offering a US$10,000 prize to the first person or persons who hack one of the laptops with a remote code execution exploit, it will also provide a US$5,000 prize to any zero-day vulnerability exploited in a long list of client-side applications on the notebooks, as well as a US$5,000 bonus to the "best bug" during the contest.

The client-side applications up for prizes, according to a blog post by Terri Forslof, TippingPoint's, manager of security response, include Adobe's Flash and PDF file format, Microsoft's IE and Outlook, Mozilla's Firefox, Apple's Safari and Mail, Skype and Java. A notable absence: Apple's QuickTime.

"[The] winning entries must be true zero-day," said Forslof. "They may not have already been submitted to the affected vendor or to third parties."

"I think this will be a lot of fun," Ruiu concluded. "There's always a lot of uncertainty in an exercise like this."

Show Comments