14 DAY TRIAL // At the CanSecWest conference in downtown Vancouver, the stakes for the "pwn-2-own" hack-a-Mac contest have just been raised by quite a bit.
Initially, the successful hacking of the machines would have resulted in ownership of the MacBook that you managed to break into. However, it seems that it was felt that the prize was not compelling enough to draw widespread interest. Now, TippingPoint, which runs the Zero Day Initiative bug bounty program, is offering to pay $10,000 to the hacker who commandeers one of two MacBooks.
The CanSecWest home page states, "Gentlemen_Start_Your_PWNing: The 2.3Ghz 15" Macbook Pro is on 192.168.0.42 and can be yours if you follow the instructions in the home of the default user, and the 2.3Ghz 17" Macbook pro is on 192.168.0.43 and can be yours if you follow the instructions in the filesystem root (this one will need admin compromise)."
Both of the machines have been updated with all available security updates, including the one that Apple just released, but have no additional security setting or software.
If two MacBooks and $10,000, not to mention the respect of the community that goes with it, is not enough motivation for hackers and crackers, one has to wonder what is. So far, everything has been quiet, and, if similar previous challenges are anything to go by, things will continue to be quiet. This might not be a bad time to reflect upon Bill Gates statement about OS X security: "Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally." If nothing happens today, that won't really mean anything, because we all know this is a security leap year.