Vista Ultimate SP1 vs. OS X Leopard 10.5.2 vs. Ubuntu 7.10

Without a doubt, in the face-off between Windows, Mac OS X and Linux, the platforms' strong and weak points contribute to the subjective superiority of one product over the others. The top operating system is ultimately a combination of marketing and consumer perspective. But once in a while the three platforms are thrown in the same arena together against a common challenge. It is the case of CanSecWest Vancouver 2008 where the security of Windows Vista Ultimate Service Pack 1 RTM, Mac OS X Leopard 10.5.2 and Ubuntu Linux 7.10 will be tested in a hacking contest. Essentially hackers will have two days at their disposal to own one of the three boxes made available by the conference's organizers for a shoot at no less than $25,000 worth of prizes.

"This year's contest will begin on March 26th, and go during the presentation hours and breaks of the conference until March 28th. The main purpose of this contest is to present new vulnerabilities in these systems so that the affected vendor(s) can address them. Participation is open to any registered attendee of CanSecWest 2008. Once you extract your claim ticket file from a laptop (note that doing so will involve executing code on the box, simple directory traversal style bugs are inadequate), you get to keep it. You also get to participate in 3com / Tipping Point's Zero Day Initiative, with the top award for remote, pre-auth, vulnerabilities being $25k," revealed Dragos Rui, the organizer of CanSecWest Vancouver 2008 via Security Blanket.

Hackers will be able to take turns, 30 minutes each at three machines, namely VAIO VGN-TZ37CN running Ubuntu 7.10; Fujitsu U810 with Windows Vista Ultimate SP1 and a MacBook Air with Mac OS X 10.5.2 Leopard. Rui stated that the first contestant to hack a box gets to keep it.

"These computers are REAL and FULLY patched. All third party software is widely used. There are no imitation vulnerabilities. Any exploit successfully used in this contest would also compromise a significant percentage of Internet connected hosts. Instead, players choose to use their exploits here, at CanSecWest PWN2OWN 2008. All successful exploits will be turned over to the appropriate vendor and patched before details are made public," Rui added.