14 DAY TRIAL // Hackers will take turns at breaking into computers running Windows 7, Windows Vista, Windows XP and Mac OS X Snow Leopard via browser-related security holes at this year’s Pwn2Own contest held at the CanSecWest security conference in Vancouver, starting on March 24th 2010. This year, the Pwn2Own organizers have also set up a special hack contest for mobile platforms, including Apple iPhone 3GS and RIM Blackberry Bold 9700. The main sponsor of the Pwn2Own contest, TippingPoint Zero Day Initiative (ZDI) is offering no less than $100,000 in prizes for the white hackers that will be able to break into the computers and devices selected as targets.
“In keeping with tradition the first portion of the event will attempt to bring to light the current security posture of market-leading web browser and operating system pairings. The multifaceted web browser continues to occupy a critical presence on the client-side attack surface,” stated Aaron Portnoy, a researcher within TippingPoint's security research group. “The second portion of Pwn2Own 2010 offers bounties for vulnerabilities affecting mobile phones. The increased presence and capabilities of smart phones has brought with it the same security issues and attention traditionally reserved for non hand-held platforms.”
As usual, the hack contest will last for a total of three days. From debut to finish Pwn2Own will offer security researcher a chance to break into the four most popular browsers available to end users, running on top of two of the most popular operating systems worldwide. No less than $40,000 are reserved for browser hacks, as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari will be thrown together in the lion’s den.
In Day 1, hackers will attempt to hack Internet Explorer 8 on Windows 7, Firefox 3 on Windows 7, Google Chrome 4 on Windows 7 and Apple Safari 4 on MacOS X Snow Leopard. Day 2 will have hackers target IE7 on Windows Vista, Firefox 3 on Windows Vista, Google Chrome 4 on Windows Vista and Apple Safari 4 on MacOS X Snow Leopard. In day 3, the following browsers will serve as targets for attacks: IE7 on Windows XP, Firefox 3 on Windows XP, Google Chrome 4 on Windows XP and Apple Safari 4 on MacOS X Snow Leopard.
“$60,000 of the total $100,000 cash prize pool is allotted to the mobile phone portion of the contest, each target is worth $15,000. A successful hack on these targets must result in code execution with little to no user-interaction. Expect updates on the rules as the contest approaches. The current target list is as follows: Apple iPhone 3GS, RIM Blackberry Bold 9700, a Nokia device running Symbian S60 (likely the E62), a Motorola phone running Android (likely the Droid),” Portnoy stated.
Internet Explorer 8 (IE8) RTW is available for download here (for 32-bit and 64-bit flavors of Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008).
Firefox 3.6 Final for Windows is available for download here.
Google Chrome 4.0 Stable is available for download here.
The latest release of Opera 10 is available for download here.