Pwn2Own Contest Results

The results are in at the Pwn2Own Contest held at the CanSecWest conference in Vancouver. The competition pitted a fully-patched version of Windows Vista with SP1 versus Mac's Leopard OS and Linux's Ubuntu. The idea of the contest is that if you can find an exploit in and take control of one of the three machines' OSes on the first day, then you win $20,000 USD plus the machine that you hacked. On the second day, they drop the bounty to $10,000 USD and open up some common third party software. Finally, the third day drops the prize to $5000 and opens up a large pool of commonly used software. As a testament to the robust security of all three OSes, none of the competitors attempted to crack them on the first day.

On day two, Independent Security Evaluators sniped Leopard via an unknown vulnerability in Apple's Safari browser. On day three, Shane Macaulay tagged Vista through Adobe's Flash software which is one of the most common pieces of software found on Windows machines of all varieties. Needless to say, that's a gigantic security hole that can potentially affect a multitude of Windows users, so if you're a Win-nut, you might want to stay away from any unknown flash applications until the security patch is released. For the Mac users--well, most of you never listen to common sense anyway, so hopefully your illustrious company will repair your damaged egos with the appropriate patch.

What about Ubuntu? Still untouched. Why? Because black-hats know that Windows machines and Macs are easier. Seriously, why bother with Linux when black-hats AND white-hats are locking the thing down for their own good? All the money is with the other two machines. Also, you can think of it this way: if you hacked the Ubuntu machine, you'd get a machine plus something you could download for free--with Windows and Leopard, you get the added monetary bonus of an overpriced OS.