The security conference that last year made headlines with a hack challenge whose winner walked away with a US$10,000 prize is reprising the contest next week -- this time with more money at stake, the contest's organizer said.
CanSecWest, which runs March 26-28 in Canada will feature a second "PWN TO OWN" contest that pits researchers against a trio of laptops armed with the latest versions of Windows Vista Ultimate, Mac OS X 10.5 and the Ubuntu Linux distribution, said Dragos Ruiu, the conference's organizer. The first to hack one of the laptops by exploiting a remote pre-authentication code execution vulnerability in a default service on the notebook's operating system will take home the machine and a US$10,000 prize.
3Com's TippingPoint and its bug bounty program, Zero Day Initiative, is providing the cash, as it did last year.
"We wanted it to be a live fire exercise," said Ruiu. "We debated the format of this for months before we came up with the three OS idea."
At last year's CanSecWest, Dino Dai Zovi and his on-site partner Shane Macaulay took honors when they hacked a MacBook running Mac OS X 10.4, Tiger, by exploiting an until-then-unknown QuickTime vulnerability. Their exploit got even more attention when some Apple users refused to accept the results, which in turn opened up an online argument about Mac OS X's security prowess.
"[Last year] was a win-win-win for everybody," said Ruiu, "and it worked out great. Apple got to fix its stuff, TippingPoint got the vulnerability and Dino and Share got the limelight for a little while."
This year's challenge, however, will be much more structured. "Last year we were kind of flying by the seat of our pants," said Ruiu. Next week's revamped contest will be the result of months of planning and work by a number of people, he said, including Lt. Col. Ron Dodge, who teaches at the US Military Academy. "We've been hashing out the details for weeks."