Laptops 1, Hackers 0 as $20,000 prize goes unclaimed in hack challenge
'Pwn to Own's' first day ends with no break-in; $10,000 at stake today
Computerworld - The first day of a hacker challenge that pits researchers against a trio of laptops, with thousands of dollars in prize money on the line, ended without a winner, the contest sponsor said Thursday.
"We had only one attempt at the remote configuration of the machines," said Terri Forslof, manager of security response at 3Com Corp.'s TippingPoint unit. The vulnerability research company put up the prize money for "Pwn to Own," the hacker contest being held at CanSecWest, a security conference that opened Wednesday in Vancouver, British Columbia. "There was a lot of limelight and attention, newspapers, TV and radio broadcasts, and so I'm not sure if that played a part in scaring people away."
Pwn to Own's rules for Wednesday required researchers to break into one of the three machines using a remote code-execution exploit of a zero-day -- or previously unknown -- vulnerability. At stake: the laptop and a cash prize of $20,000.
When the challenge resumes at 12:30 p.m. PDT, the laptops' exposure to attack will be expanded: Hackers will be allowed to attack any client-side applications installed by default on the computers. That means exploits relying on duping a user into following a link in an e-mail or visiting a malicious Web site -- the typical way criminals compromise computers in the real world -- will be permitted starting this afternoon. The prize for second-day exploits, however, drops to $10,000, half the amount on the table yesterday.
After consulting with the CanSecWest organizers, TippingPoint simplified the prize awards just before the conference opened to make it a "best of the best" challenge that offered only one cash prize per laptop. To balance the reduction in the number of prizes, TippingPoint doubled the dollar amounts of the top two awards. For instance, when the second-annual Pwn to Own was conceived, TippingPoint set $10,000 as the top prize and said it would issue multiple $5,000 awards.
If no one hacks into a machine today, several popular third-party applications will be added to the laptops, giving researchers more ways to break in. The case prize drops to $5,000 on Friday.
But Forslof expects to be handing out a check today. "I've heard a lot of buzz, a lot of talk about this vulnerability or that one that people say they have," she said.
Last year's CanSecWest made headlines with the debut of Pwn to Own, which was won by Dino Dai Zovi and Shane Macaulay when they hacked the one MacBook in the challenge. Their exploit of an unknown QuickTime vulnerability made even more news when some Apple users refused to accept the results and claimed that the attack was bogus.
This year's contest features three systems: a Sony Vaio VGN-TZ37CN running Ubuntu 7.10, a Fujitsu U810 notebook running Windows Vista Ultimate SP1 and an Apple MacBook Air running OSX 10.5.2.
Read more about Security in Computerworld's Security Topic Center.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!