Next Pwn2Own Contest Targets IE8, Firefox, iPhone

← Back to Stories (view on slashdot.org)

Next Pwn2Own Contest Targets IE8, Firefox, iPhone

Posted by timothy on Wednesday February 11, 2009 @10:43AM from the better-there-than-in-the-wild dept.

Windows Secrets writes "After two straight years of taking dead aim at Macbooks and Windows-powered machines, hackers at this year's CanSecWest conference will have shiny new targets: Web browsers and mobile phones. According to CanSecWest organisers, there will be two separate Pwn2Own competitions this year — one pitting hackers against IE8, Firefox 3 and Safari and another targeting Google Android, Apple iPhone, Nokia Symbian and Windows Mobile."

8 of 64 comments (clear)

Min score:

Reason:

Sort:

Unbalanced? by AKAImBatman · 2009-02-11 10:45 · Score: 4, Interesting

Am I the only one who wonders if the design of this contest doesn't create an unbalanced playing field? It's often struck me that if the computers are "Pwn2Own", then the participants are going to focus more heavily on "pwning" the system they want to take home with them. e.g. Given a choice between a Vaio running Windows and a MacBook Pro running OS X, I know I would rather have the MacBook Pro. Thus I'm not going to try as hard to crack the Windows system because the system I REALLY want is the Mac.
Maybe it's just me. Maybe there are an equal number of equally talented individuals who's only disagreement is the preference of their machine. But somehow I don't think it's that easy.

--
Javascript + Nintendo DSi = DSiCade
1. Re:Unbalanced? by decipher_saint · 2009-02-11 11:25 · Score: 2, Interesting
  
  Actually I think this might be part of the plan. Right now one of the things that might make Windows less desireable is that it is a bit of a security risk and (apparently) not as hard to crack. So the big flashy prize is something that people want because it's supposedly more secure or otherwise better (or at least sells itself that way) and it's going to get a bit more attention. So maybe more people discover security issues for the desired prize during contests like this which vendors can ultimately fix (making it an even better product).
  In fact, seeing more concentrated efforts to crack the Mac might be an indication of what's to come. After all if the desired prize is relative to the desires of the upcoming consumer market for the next few years getting to know the soft spots will be valuable for at least some parties.
  Either all that or I've hit that state of delirium after the caffeine has worn off...
  
  --
  crazy dynamite monkey
2. Re:Unbalanced? by KibibyteBrain · 2009-02-11 11:36 · Score: 5, Interesting
  
  I still think from a game theory perspective, it is best to go after the platform you are best at pwning if you assume all the other participants are about as skilled as you are. This is because time is a factor, and so you are better off making sure you hack first and get something than trying hack the best prize if there is a better chance one of the other hackers is more experienced at it than you. A good chance of getting something bad is usually better than a bad chance of getting something good.
3. Re:Unbalanced? by Serious+Callers+Only · 2009-02-11 19:00 · Score: 2, Interesting
  
  OS X has yet to be owned remotely. Correct me if I'm wrong here, I'd like to heat about it.
  You are wrong.
  The original jailbreaking of the iPhone was based on a tiff handling vulnerability in the Safari browser - this could be exploited remotely until the hole was fixed, simply by visiting a website.
  http://www.iphone-hacks.com/2007/10/10/iphone-111-jailbroken-again-using-tiff-exploit/
  I would be surprised if there are not more holes in the Safari browser which ships with the iPhone (and its desktop equivalent), indeed I've read about a few more since (can't be bothered to look them all up just now) and expect to see the iPhone compromised.
  Here's another more recent which could be costly by calling unknown numbers :
  http://www.pcadvisor.co.uk/news/index.cfm?newsid=10113
  Or another, allowing access to data :
  http://www.techradar.com/news/phone-and-communications/mobile-phones/iphone-macs-vulnerable-to-safari-hack-attack-154585
  Now OS X has been less vulnerable to worms spreading automatically compared to Windows historically (not so much compared to Vistia), has some good security policies in place like the lack of services on by default, firewall and a sane use of password dialogs, but that doesn't make it immune. Apple has not been as vigilant or communicative in this area as they should be.
Wonder if it requires the iPhone to be jailbroken by Vandil+X · 2009-02-11 10:59 · Score: 4, Interesting

That would fall in line with their use of a 3rd party wireless card to hack the MacBook. (i.e. using the product in a way most people wouldn't be using it.)

--
Up, Up, Down, Down, Left, Right, Left, Right, B, A, START
Re:Isn't the OS still important? by ld+a,b · 2009-02-11 11:49 · Score: 2, Interesting

Of course.

In this case I believe IE8 has a lead in this contest as they all will be running on in Windows, but IE8 will probably get to run in sandbox mode.

My bets are:

1- Safari
2- IE8
3- Firefox

or:

1- Safari
2- Firefox
3- IE8

--
10 little-endian boys went out to dine, a big-endian carp ate one, and then there were -246.
My experience.... by ebbomega · 2009-02-11 12:01 · Score: 4, Interesting

Last year I DJ'd for the CanSecWest dinner party, and I was kinda amused to see that a lot of the people who were at the conference were ex-blackhats anyway. A good number of them had criminal records and were now raking in hella money working on the legit side (a shitload more than they made during their blackhat careers). I even met a couple of them at a 2600 meeting once.
Hackers are hackers, regardless of which side of the legal coin they fall on. The exploits used are known to anybody with the resources to find them. In fact, last year nobody took home the Linux box not because they couldn't find any exploits, but because there was so much more effort and time involved in breaking the linux systems that everybody just went for the OSX or Windows machines. Versions of this contest probably exist in the blackhat world, but are a lot less publicized because they don't have industry heavyweights like Cisco or Microsoft sponsoring it.

--
Karma: Non-Heinous
Spose so, but... by ebbomega · 2009-02-12 07:53 · Score: 2, Interesting

If a conglomorate offers you a six+ figure salary to do what you essentially do for fun, are you really going to say no?

--
Karma: Non-Heinous