PWN2OWN at CanSecWest 2009

Feb 20, 2009 10:33 GMT  ·  By

A hack contest scheduled for mid-March 2009 will throw Internet Explorer 8, Firefox, Safari and Opera into the same arena and make them excellent items of prey for white hackers. The annual CanSecWest conference has reached the tenth edition, a milestone that will catalyze a convergence of security researchers to the Sheraton Wall Center hotel in downtown Vancouver, British Columbia between March 16-20, 2009. CanSecWest's “infamous” PWN2OWN will also be held in 2009, but with a new twist. If in the past the hacking contest had pit standard installs of fully patched Linux distributions, Windows, and MacOS X against white hackers, this year around it will be the turn of the four most popular browsers on the market.

At the same time, PWN2OWN will look further out than just browsers. In addition to letting IE8, Firefox, Safari and Opera be hacked, PWN2OWN will also focus on breaking mobile phone operating systems. The second PWN2OWN will have Android, iPhone, Symbian, Windows Mobile and RIM as its indisputable stars. At the same time, Windows 7, the next iteration of the Windows client, which is currently moving from Beta to Release Candidate, will also be present in the competition, but only a tad better than just a simple spectator. According to the organizers, Windows 7 will be the platform for the browser PWN2OWN hacking contest.

“There will be 2 Pwn2Own competitions this year: a) Browsers (IE8, FireFox, Safari, Opera), b) Mobile (Android, iPhone, Symbian, Windows Mobile, RIM). One of the prizes for the Browser competition will be a Sony VAIO P (now successfully running Windows 7). It will also be the platform for tests,” reveals an announcement on the CamSecWest official website.

At CanSecWest 2008's PWN2OWN hackers had a chance to test the security of default installations of Linux, Windows and OS X, patched with the most recent updates. The hacking context involved a VAIO VGN-TZ37CN running Ubuntu 7.10; a Fujitsu U810 running Vista Ultimate SP1 and a MacBook Air running OSX 10.5.2. It took Charlie Miller, Jake Honoroff, and Mark Daniel from Independent Security Evaluators just two minutes to hack the Max OS X box on the first day of the contest. Vista SP1 lasted until the second day of the competition and was hacked via a vulnerability in Adobe Flash.