Subscribe to
Computerworld Laptops 1, Hackers 0 as $20,000 prize goes unclaimed in hack challenge
'Pwn to Own's' first day ends with no break-in; $10,000 at stake today
Active Comments
 The Security Zone
With the mobility of employees and the ease with which external devices can be brought in and out of a network, continuing to build your security plan for network servers and clients is a must. Fortunately, there is much that organizations can do to protect themselves from attacks - internal and external. Having the right policies, procedures and server configurations is critical... Learn more in The Security Zone See All Zones
|
March 27, 2008 (Computerworld) The first day of a hacker challenge that pits researchers against a trio of laptops, with thousands of dollars in prize money on the line, ended without a winner, the contest sponsor said Thursday.
"We had only one attempt at the remote configuration of the machines," said Terri Forslof, manager of security response at 3Com Corp.'s TippingPoint unit. The vulnerability research company put up the prize money for "Pwn to Own," the hacker contest being held at CanSecWest, a security conference that opened Wednesday in Vancouver, British Columbia. "There was a lot of limelight and attention, newspapers, TV and radio broadcasts, and so I'm not sure if that played a part in scaring people away."
All three laptops running the latest versions of Windows Vista Ultimate, Mac OS X 10.5 and the Ubuntu Linux remained standing by day's end, Forslof reported.
Pwn to Own's rules for Wednesday required researchers to break into one of the three machines using a remote code-execution exploit of a zero-day -- or previously unknown -- vulnerability. At stake: the laptop and a cash prize of $20,000.
When the challenge resumes at 12:30 p.m. PDT, the laptops' exposure to attack will be expanded: Hackers will be allowed to attack any client-side applications installed by default on the computers. That means exploits relying on duping a user into following a link in an e-mail or visiting a malicious Web site -- the typical way criminals compromise computers in the real world -- will be permitted starting this afternoon. The prize for second-day exploits, however, drops to $10,000, half the amount on the table yesterday.
After consulting with the CanSecWest organizers, TippingPoint simplified the prize awards just before the conference opened to make it a "best of the best" challenge that offered only one cash prize per laptop. To balance the reduction in the number of prizes, TippingPoint doubled the dollar amounts of the top two awards. For instance, when the second-annual Pwn to Own was conceived, TippingPoint set $10,000 as the top prize and said it would issue multiple $5,000 awards.
If no one hacks into a machine today, several popular third-party applications will be added to the laptops, giving researchers more ways to break in. The case prize drops to $5,000 on Friday.
But Forslof expects to be handing out a check today. "I've heard a lot of buzz, a lot of talk about this vulnerability or that one that people say they have," she said.
Last year's CanSecWest made headlines with the debut of Pwn to Own, which was won by Dino Dai Zovi and Shane Macaulay when they hacked the one MacBook in the challenge. Their exploit of an unknown QuickTime vulnerability made even more news when some Apple users refused to accept the results and claimed that the attack was bogus.
This year's contest features three systems: a Sony Vaio VGN-TZ37CN running Ubuntu 7.10, a Fujitsu U810 notebook running Windows Vista Ultimate SP1 and an Apple MacBook Air running OSX 10.5.2.
Today's Top Stories
Resource Alerts
Webcasts
Web Threats Don't Discriminate
The Secure Web Gateway. Mission Critical For Business
Dynamic Data Center and Virtualization Drives Operational Excellence at Emory Healthcare
Editor's Picks
Clues point to Jan. 13 release of Windows 7 beta
Microsoft releases Vista SP2 beta
Obama's DHS pick may find support for raising H-1B cap at confirmation hearing
IBM wants info from Apple execs in Papermaster case
License server glitch exposes SonicWall users to e-mail security threats
Report: Former AOL chief exec tries to raise funds to buy Yahoo
 Fired up about IT? Join Sharkbait and share your true tales of IT. SharkBait is the place for you to sound off about everything IT – the good, the bad, and the rest of the weird stuff you deal with every day.New baits 
|
|
 |
|
Patrick Thibodeau: Satellite images of U.S military bases Which is more important? Helping terrorists or protecting military bases? Answer: protecting Web 2.0 ... [more] |
|
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
|
||||||
|
