Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security

Next Pwn2Own Contest Targets IE8, Firefox, iPhone 64

Windows Secrets writes "After two straight years of taking dead aim at Macbooks and Windows-powered machines, hackers at this year's CanSecWest conference will have shiny new targets: Web browsers and mobile phones. According to CanSecWest organisers, there will be two separate Pwn2Own competitions this year — one pitting hackers against IE8, Firefox 3 and Safari and another targeting Google Android, Apple iPhone, Nokia Symbian and Windows Mobile."
This discussion has been archived. No new comments can be posted.

Next Pwn2Own Contest Targets IE8, Firefox, iPhone

Comments Filter:
  • Unbalanced? (Score:5, Interesting)

    by AKAImBatman ( 238306 ) * <<moc.liamg> <ta> <namtabmiaka>> on Wednesday February 11, 2009 @05:45PM (#26820227) Homepage Journal

    Am I the only one who wonders if the design of this contest doesn't create an unbalanced playing field? It's often struck me that if the computers are "Pwn2Own", then the participants are going to focus more heavily on "pwning" the system they want to take home with them. e.g. Given a choice between a Vaio running Windows and a MacBook Pro running OS X, I know I would rather have the MacBook Pro. Thus I'm not going to try as hard to crack the Windows system because the system I REALLY want is the Mac.

    Maybe it's just me. Maybe there are an equal number of equally talented individuals who's only disagreement is the preference of their machine. But somehow I don't think it's that easy.

    • by quickOnTheUptake ( 1450889 ) on Wednesday February 11, 2009 @05:47PM (#26820265)
      yeah and who the hell wants to be given a copy of IE8 as first prize?
      • Re: (Score:3, Funny)

        by drquoz ( 1199407 )
        For the browser competition, you get the computer it's running on. Or at least that's what I gather; the article accidentally a whole verb. FTA: "CanSecWest organizers plan to Sony VAIO P running Windows 7 as the platform for the contest. The successful hacker gets to keep the machine."
      • Re: (Score:3, Funny)

        second prize: two copies of IE8.

    • Re: (Score:3, Funny)

      by XPeter ( 1429763 ) *

      We all know that Windows Mobile and IE8 will come out on top as they are far superior to the competition.

    • Re: (Score:3, Insightful)

      by jpmorgan ( 517966 )

      But I thought OS X is inherently more secure, and the perceived security has nothing to do with it being a less tempting target than Windows.

      Or at least, that's what everybody tells me...

      • Where there a will there is a way. In this case the will must be stronger.
      • Re:Unbalanced? (Score:5, Insightful)

        by rsmith-mac ( 639075 ) on Wednesday February 11, 2009 @06:31PM (#26820815)

        The current security situation of the platform is not an XOR matter. It is inherently more secure thanks in large part to tested Unix/BSD bits and very few backwards compatibility hacks that later end up used as vulnerabilities, but at the same time there are vulnerabilities that have not been found because not nearly as many people poke at it as they do Windows. If as many people poked at Mac OS X as they did Windows I'm sure we'd see more vulnerabilities in the wild, but I have no reason to believe there would be as many as we see with Windows.

        As for the contest at hand, I'd be shocked if they didn't break it. Browsers are a mess, and this goes for IE8, Firefox, and Safari. They'll most certainly get Safari to trigger a remote code execution situation, the bigger challenge will be finding a local privilege escalation flaw to combine that with to actually own the system.

    • Re: (Score:3, Interesting)

      Actually I think this might be part of the plan. Right now one of the things that might make Windows less desireable is that it is a bit of a security risk and (apparently) not as hard to crack. So the big flashy prize is something that people want because it's supposedly more secure or otherwise better (or at least sells itself that way) and it's going to get a bit more attention. So maybe more people discover security issues for the desired prize during contests like this which vendors can ultimately fix

    • Re:Unbalanced? (Score:5, Interesting)

      by KibibyteBrain ( 1455987 ) on Wednesday February 11, 2009 @06:36PM (#26820867)
      I still think from a game theory perspective, it is best to go after the platform you are best at pwning if you assume all the other participants are about as skilled as you are. This is because time is a factor, and so you are better off making sure you hack first and get something than trying hack the best prize if there is a better chance one of the other hackers is more experienced at it than you. A good chance of getting something bad is usually better than a bad chance of getting something good.
    • That should work, but (at least in past years) they have cash prizes that are worth far more than the machines they're going to get, so that should be mitigates. Also, they've got a small number of machines for a large number of people trying to penetrate them, so as soon as the more desirable machine is gone everyone should focus on the other machines as much as they focused on the most desirable one. Overall, it seems that the desirability of the machines shouldn't affect the outcome too much.
    • On the other hand, I'd personally go for the PC as I know that there's probably 1/2 the competition, and much greater odds for me to win..
    • Re: (Score:2, Informative)

      by Anonymous Coward

      You're working on the premise that these guys value MacBook Pro more than a Sony. I'm pretty sure that they easily afford a MacBook Pro. I'm sure that Motivation here is actually cracking the system rather than owning the laptop.

    • by Kugrian ( 886993 )

      This is good no? Macs still don't get targeted enough in the wild for their weaknesses to be apparent. Windows gets raped. I'm on the 'windows is inherently less secure' side of the fence, but until the market share of OSes reaches a point where it's viable for black hats to attack both MS and Apple (and others ofc, but not relevant here), it's a hard point to prove.

  • 2Own (Score:4, Funny)

    by DanTheStone ( 1212500 ) on Wednesday February 11, 2009 @05:46PM (#26820257)
    You could win own your very own copies of IE8, Firefox 3, and Safari!
    • Re: (Score:1, Funny)

      by Anonymous Coward

      Yeah, I think I'll wait for this year's Pwning4Ponies instead.

  • by Vandil X ( 636030 ) on Wednesday February 11, 2009 @05:59PM (#26820431)
    That would fall in line with their use of a 3rd party wireless card to hack the MacBook. (i.e. using the product in a way most people wouldn't be using it.)
    • Re: (Score:1, Funny)

      by Anonymous Coward

      Last year they didn't accept my precondition that the root password be set to blank before attempting to hack it.

  • by jpmorgan ( 517966 ) on Wednesday February 11, 2009 @06:20PM (#26820685) Homepage

    How much attention does this contest actually get? While there are lots of upstanding people who will participate, I would be surprised if there weren't quite a few talented individuals who will not be participating.

    I mean, if you're a blackhat, an exploit for any of these targets is worth a lot more than a laptop or a mobile phone.

    • by Chabo ( 880571 ) on Wednesday February 11, 2009 @06:48PM (#26820959) Homepage Journal

      The blackhats try to exploit the whole contest so that nobody can win. :)

      Then they continue to use the holes they only they know about.

    • My experience.... (Score:5, Interesting)

      by ebbomega ( 410207 ) on Wednesday February 11, 2009 @07:01PM (#26821107) Journal

      Last year I DJ'd for the CanSecWest dinner party, and I was kinda amused to see that a lot of the people who were at the conference were ex-blackhats anyway. A good number of them had criminal records and were now raking in hella money working on the legit side (a shitload more than they made during their blackhat careers). I even met a couple of them at a 2600 meeting once.

      Hackers are hackers, regardless of which side of the legal coin they fall on. The exploits used are known to anybody with the resources to find them. In fact, last year nobody took home the Linux box not because they couldn't find any exploits, but because there was so much more effort and time involved in breaking the linux systems that everybody just went for the OSX or Windows machines. Versions of this contest probably exist in the blackhat world, but are a lot less publicized because they don't have industry heavyweights like Cisco or Microsoft sponsoring it.

  • Doesn't the underline operating system still assist with the overall security of a browser? ie. can't a more secure OS make escalation of a browser hack more difficult?

    • Re: (Score:2, Interesting)

      by ld a,b ( 1207022 )
      Of course.

      In this case I believe IE8 has a lead in this contest as they all will be running on in Windows, but IE8 will probably get to run in sandbox mode.

      My bets are:

      1- Safari
      2- IE8
      3- Firefox

      or:

      1- Safari
      2- Firefox
      3- IE8
    • Re: (Score:3, Funny)

      by Ironica ( 124657 )

      Doesn't the underline operating system still assist with the overall security of a browser?

      Only if it hasn't been upgraded to the italic operating system.

  • by Chabo ( 880571 ) on Wednesday February 11, 2009 @06:46PM (#26820945) Homepage Journal
  • According to Secunia it had the smallest number of volnurabilities, plus Opera Software somehow likes too boast about security...would be a good contendant and verification of their claims (and don't say that Opera has negligible share, IN YOUR MARKET, there are many where it's quite big (which accidentally are often the healthy ones not dominated by EI/with IE below 50% for some time)

The computer is to the information industry roughly what the central power station is to the electrical industry. -- Peter Drucker

Working...