While it put up a strong fight, the notebook running Windows Vista Ultimate finally failed the annual CanSecWest hacker challenge Friday when a security researcher successfully exploited a critical error located in Adobe Systems Flash Player.
A Fujitsu U810 running Windows Vista was the second system to be hacked, leaving a Sony Vaio notebook running the Ubuntu distribution of Linux to emerge unclaimed at the contest's end.
The Vista hack was part of the three-day 2008 "Pwn to Own" hacker challenge, held at the CanSecWest conference in Vancouver, B.C. March 26-28. The contest included three laptops -- a MacBook Air running OS X 10.52, the Sony Vaio running Ubuntu 7.10, and the Fujitsu U810 running Vista Ultimate SPI -- running the "most up to date and patched installations," which were pitted against each other to determine which machine is most hack resistant.
Researcher Shane Macaulay won a $5,000 cash prize for breaking into a Fujitsu U810 running Vista when he exploited an unidentified Adobe Flash Player vulnerability. Macaulay was assisted by Derek Callaway, of Security Objectives, and Alexander Sotirov, an independent researcher.
Friday's triumphant hack was the contest's second successful exploit. Charlie Miller, an analyst for Security Evaluators LLC, won the notebook and a $10,000 cash prize when he infiltrated a MacBook Air on Thursday by exploiting a vulnerability in the Safari Web browser. No one, however, claimed the first day's prize of $20,000, which required the researchers to remotely exploit the detected vulnerabilities without any user interaction.
The contest was kicked off on Wednesday when all three machines were exposed to viruses and other malware before the contestants attempted to exploit the vulnerabilities.
According to the Tipping Point Website, the purpose of the contest was to "responsibly unearth new vulnerabilities within these systems so that the affected vendors can address them." All subsequent exploits were handed over to the affected vendors following the challenge.
Altogether, the hackers were required to "read the contents of a designated file on each system through exploitation of a zero-day code execution vulnerability." The first contestant to hack into a system was allowed to keep the notebook, in addition to receiving designated cash prizes. 3Com's Tipping Point Technologies Zero Day Initiative put up the cash prizes for the players.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
