TippingPoint Digital Vaccine Laboratories
DID YOU KNOW... The ZDI has published over 1100 high-risk vulnerabilities since the inception of the program.

Day One: CanSecWest PWN to OWN Results

Today's first day of CansecWest's PWN to OWN contest is now officially over, and we can report that all three laptops are still standing without having been compromised.  At 2:45pm local time today, to much fanfare, Aaron made the official announcement of the contest's opening to the CanSecWest crowd. 

As a reminder, the rules today allowed only for a contestant to use a remote pre-auth 0day to win a laptop and cash prize.  On day two of the contest, which begins at 12:30pm local time tomorrow, the attack surface will be expanded to all default-installed client side applications on the laptops as well. This means any exploit that involves following a link through email, vendor supplied IM client, or visiting a malicious website. The contest will also continue to honor any remote pre-auth exploits as well.  Click here for a refresher on the full rules and cash prizes.

Rumor has it that the laptops' fates wont be as kind on day two of the contest. Check back here tomorrow and stay tuned...

Update - check our main blog index for updates on days two and three of the contest.

Tags: zdi,cansecwest,pwn2own
Published On: 2008-03-26 21:30:08

Comments post a comment

  1. Dave Lindhout commented on 2008-03-27 @ 08:43

    Thank you for providing this coverage. It's probably less exciting to watch than a chess match, but I find the whole thought process interesting. Keep up the GREAT work.

  2. Anonymous commented on 2008-03-27 @ 16:09

    Waiting expectantly for news of Day 2

Links To This Post

  1. Hacker Super Bowl pits Mac OS vs. Linux, Vista | InfoWorld | News | 2008-03-27 | By Robert McMillan, IDG News Service
    linked on 2008-03-27 @ 12:54 Show Comment

    By late Wednesday -- the first day of the contest, nobody had even tried to hack the three laptops. This wasn't exactly a surprise to the contest's organizers because on day one attackers were only allowed to use network-based attacks that involved no user interaction. Those type of attacks are extremely rare these days.