Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 20th, 2008

New Vulnerabilities For Up To $25000

The CanSecWest conference announced on Tuesday the format for this year’s competition in which security pros can attempt to compromise a laptop computer’s operating system to win the laptop and potentially a cash reward. The first person to compromise one of the notebook computers gets to keep the system and can submit the vulnerability to the Zero-Day Initiative run by 3Com’s Tipping Point. The company pays for responsibly disclosed software flaws and could reward up to $25,000 for a vulnerability.

Dubbed the “PWN2OWN” competition, the contest will give security professionals the opportunity to hack one of three systems: up-to-date versions of Microsoft’s Windows Vista, Apple’s Mac OS X, and Ubuntu Linux. To win the contest, a person must run code on the laptop using a previously unknown vulnerability in the operating system or a major application, such as a Web browser, a plug-in browser program, an instant messaging client, or an e-mail reader.

Each participant can try to attack the systems using a crossover cable by creating an exclusive network connection or, under special circumstances, through a wireless network connection in a remote location. Each contestant will have a 30-minute slot to conduct the attack and can ask that contest officials go to a malicious Web server, read e-mail messages sent by the attacker, or add attackers to instant messaging buddy lists and read their messages. Last year, two security professionals, Shane Macaulay and Dino Dai Zovi, worked together to find a vulnerability and compromise one of the MacBooks. Macauley got the MacBook, Dai Zovi claimed the $10,000.

“These computers are real and fully patched,” Dragos Ruiu, the organizer of CanSecWest, said in an e-mail announcing the contest. “All third party software is widely used. There are no imitation vulnerabilities. Any exploit successfully used in this contest would also compromise a significant percentage of Internet connected hosts.”

The notebook computers being used in the competition include a Sony VAIO VGN-TZ37CN running Ubuntu 7.10 “Gutsy Gibbon,” a Fujitsu U810 running Windows Vista Ultimate Service Pack 1, and an Apple MacBook Air running Mac OS X 10.5.2.
The conference is supposed to take place during March 26-27 in Vancouver.

Share this item with others:

More on CyberInsecure:
  • Apple Patches Multiple Vulnerabilities In Safari 3.1.1
  • Hackers Might Exploit Apple’s iCal Memory Corruption Vulnerability
  • Vulnerabilities In Both Principal London Mayoral Election Candidates Websites
  • New J2ME Security Vulnerabilities Affect Nokia S40 Phones
  • Apple Safari For Windows Critical Vulnerabilities

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: New Vulnerabilities For Up To $25000

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.