Browse > Home / Blog article: Security Conference Contemplates Three-Way Contest

Security Conference Contemplates Three-Way Contest

By Dave Nixon

February 6, 2008

One year after providing hackers withthea chance of cracking a Mac, the promoters of the Canadian CanSecWest security event are positioned to launch a new hacking contest.

This year they are considering expanding the variety, “We’re thinking of having a contest where we have Vista and OS X and Linux … and see which one goes first,” said Dragos Ruiu, the principal organiser of CanSecWest

With the triumphant hacker winning the computer and a cash prize, last year show organisers invited attendees to hack into a Macintosh laptop. Security researcher Dino Dai Zovi identified a QuickTime flaw that permitted him to run illicit software on the Mac. Dai Zovi shared the contest accolade with a friend at the show, Shane Macaulay, who assisted him succeed in his attack. Macaulay kept the Macbook Pro while Dai Zovi pocketed the US$10,000 donated by 3Com’s Tipping Point division in exchange for technical details on the bug.

The event was not without disapproval nonetheless: Gartner criticised the contest saying it was a “risky endeavour” and security company ISS condemned the major sponsor Tipping Point for its involvement.

It became apparent that the QuickTime bug affected the Windows operating system too, but Ruiu said that Dai Zovi’s hack assisted in changing the industry’s perception of the Mac OS, which has is reputed for being much more secure than Windows. “We were trying to point out that there was a security issue with Mac stuff here, and everybody was trying to play ostrich.”

Ruiu and Dai Zovi say that last year’s contest helped start an outbreak of Mac-related security research, but according to TippingPoint Manager of Security Response Terri Forslof, it also illustrated a security industry axiom: “Given enough time and motivation, everything can be broken,” she said. “When TippingPoint agreed to purchase whatever vulnerability was used to win the contest for $10,000, it added an appropriate level of motivation. That’s how it works.”

Ruiu isn’t convinced that he’ll operate the three-way hacking competition this year. That’s because he has a more ostentatious, clandestine hacking contest proposal that may or may not pan out, he said.

Either way, he promised “an interesting spectacle.”

Click here to discuss this: Security Forums

Filed Under Computer Security, IT Security 
Tagged:



Add to Bookmarks:

ADD TO DEL.ICIO.US     ADD TO DIGG     ADD TO FURL

ADD TO STUMBLEUPON     ADD TO YAHOO MYWEB     ADD TO GOOGLE     ADD TO SPURL


Related posts to "Security Conference Contemplates Three-Way Contest":



Comments

Got something to say?





Visited 291 times, 1 so far today