Thursday, March 27, 2008

PWN To Own or PWN2OWN, Hack Vista, MAC OS X or Linux

Latest challange in the hacker world: Linux versus Mac OS X versus Vista. All three targets, all patched. All in typical client configurations with typical user configurations. Waiting for anyone to hack PWN it. You hack it, you get to keep it. Keep what?

The Three Targets (typical road-warrior clients):

  • VAIO VGN-TZ37CN running Ubuntu 7.10
  • Fujitsu U810 running Vista Ultimate SP1
  • MacBook Air running OSX 10.5.2

This year's contest started on March 26th, and continue through the presentation hours and breaks of the conference until March 28th. The main purpose of this contest is to present new vulnerabilities in these systems so that the affected vendor(s) can address them. Participation is open to any registered attendee of CanSecWest 2008.

So far Laptops are still standing according to a DVLabs post;
"Today's first day of CansecWest's PWN to OWN contest is now officially over, and we can report that all three laptops are still standing without having been compromised. At 2:45pm local time today, to much fanfare, Aaron made the official announcement of the contest's opening to the CanSecWest crowd. "

Once you extract your claim ticket file from a laptop (note that doing so will involve executing code on the box, simple directory traversal style bugs are inadequate), you get to keep it. You also get to participate in 3com / Tipping Point's Zero Day Initiative, with the top award for remote, pre-auth, vulnerabilities being increased this year. Fine print and details on the cash prizes are available from Tipping Point's DVLabs blog.

Lets go PWNing

tag: , , , , , ,

No comments: