14 DAY TRIAL // A Mac OS X hack is more expensive than a Windows Vista hack. But only officially! Let me explain. The organizers of CanSecWest are hosting a Hack a Mac contest with two Apple MacBook Pro computers acting as targets for the hackers. The person that will success in hacking either of the two MacBook Pro will get to take the computer home along with $10,000 in cash.
"We've announced that we will be having a contest "PWN to OWN" where two, pimp, loaded up, Apple Macbook Pro's will be set up on their own AP (with security updates but otherwise default) and attendees will be able to connect to the ethernet or WiFi. The first to exploit it (there are victory conditions, and progressive rules over the three days) gets to go home with it. (Limit one per person, Can't use the same vuln on both.) If they survive the three days in the "jungle," they become prizes for best lightning talk and best speaker," reads a message posted on the CanSecWest Vancouver 2007 official website.
The contest is comparable to the Quarterly Vulnerability Challenge debuted by iDefense Labs in the first quarter of 2007. The Quarterly Vulnerability Challenge came to an end on March 31 2007, and it paid $8,000 for remote arbitrary code execution vulnerabilities in Windows Vista or in Internet Explorer 7. Considering that the actual Windows Vista vulnerabilities were rewarded with only $8,000, the Mac OS X flaws are more expensive. However, iDefense also promised to pay anything from $2,000 to $4,000 for working exploit code for the vulnerabilities submitted.
One detail that needs to be mentioned is that back in mid December 2006, following the business availability of Windows Vista, hackers were selling Windows Vista zero-day exploits for no less than $50,000 on the underground market.