Hacker contest: Which operating system is safest?
The CanSecWest security conference got underway yesterday (Wednesday). The conference will again play host to a hacker contest the object of which is to hack laptops running fully patched versions of Ubuntu 7.10, Mac OS X 10.5.2 and Windows Vista SP1. The “PWN to OWN” contest, sponsored by security services provider TippingPoint, offers prizes of up to $20,000.
The contest gets easier each day – on the first day attacks on the laptops had to be launched remotely. If any of the contestants had succeeded in penetrating the computer and reading a specified text file, they would have been able to keep the laptop and would have received an additional $20,000.
To gain full access to the system on day two of the contest, exploitation of vulnerabilities in software supplied with the operating systems as standard is also permitted. User interaction, such as following a link in an email or an instant message, is also allowed. The prize fund is, however, halved to $10,000.
It gets even easier on the last day of the conference. Tomorrow, contestants are also permitted to install and attack third party applications. The prize at this stage is reduced to the laptop plus $5,000.
The operating system vendors clearly did their homework well enough that there were no entrants to the contest on Wednesday. The hackers have obviously failed to find a vulnerability in any of the systems that can be exploited remotely without valid login details – just as happened last year. Participants in the “Hack a Mac” contest at CanSecWest 2007 succeeded in discovering critical vulnerabilities in the Safari browser in the then current version 10.4.9 of Mac OS X. In keeping with the “PWN to OWN” slogan, last year’s hackers got to keep the MacBook and $10,000.
- CanSecWest PWN to OWN 2008 (updated), announcement and explanation of the contest from TippingPoint
- Day One: CanSecWest PWN to OWN Results, results from day one of the contest