New Vulnerabilities For Up To $25000
The CanSecWest conference announced on Tuesday the format for this year’s competition in which security pros can attempt to compromise a laptop computer’s operating system to win the laptop and potentially a cash reward. The first person to compromise one of the notebook computers gets to keep the system and can submit the vulnerability to the Zero-Day Initiative run by 3Com’s Tipping Point. The company pays for responsibly disclosed software flaws and could reward up to $25,000 for a vulnerability.
Dubbed the “PWN2OWN” competition, the contest will give security professionals the opportunity to hack one of three systems: up-to-date versions of Microsoft’s Windows Vista, Apple’s Mac OS X, and Ubuntu Linux. To win the contest, a person must run code on the laptop using a previously unknown vulnerability in the operating system or a major application, such as a Web browser, a plug-in browser program, an instant messaging client, or an e-mail reader.
Each participant can try to attack the systems using a crossover cable by creating an exclusive network connection or, under special circumstances, through a wireless network connection in a remote location. Each contestant will have a 30-minute slot to conduct the attack and can ask that contest officials go to a malicious Web server, read e-mail messages sent by the attacker, or add attackers to instant messaging buddy lists and read their messages. Last year, two security professionals, Shane Macaulay and Dino Dai Zovi, worked together to find a vulnerability and compromise one of the MacBooks. Macauley got the MacBook, Dai Zovi claimed the $10,000.
“These computers are real and fully patched,” Dragos Ruiu, the organizer of CanSecWest, said in an e-mail announcing the contest. “All third party software is widely used. There are no imitation vulnerabilities. Any exploit successfully used in this contest would also compromise a significant percentage of Internet connected hosts.”
The notebook computers being used in the competition include a Sony VAIO VGN-TZ37CN running Ubuntu 7.10 “Gutsy Gibbon,” a Fujitsu U810 running Windows Vista Ultimate Service Pack 1, and an Apple MacBook Air running Mac OS X 10.5.2.
The conference is supposed to take place during March 26-27 in Vancouver.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.