CanSecWest is just around the corner, and TippingPoint just announced some additional incentives to the PWN to OWN contest. Like last year, TippingPoint is giving cash prizes away, but this year they are giving away at least $20,000!
For those that aren’t familiar with the contest, several machines are setup, with the latest OS patches from the vendor, and running a handful of popular software. And the first person to exploit the machine wins that device! This year three targets are available. A VAIO VGN-TZ37CN running Ubuntu 7.10, a Fujitsu U810 running Vista Ultimate SP1, and a MacBook Air running OSX 10.5.2.
In addition to the laptop prizes, TippingPoint’s Zero Day Initiative (ZDI) is offering three different cash prizes. A remote pre-authentication code execution vulnerability in a default service enabled will score you $10,000. A client side application vulnerability that results in system control will score you $5,000. And at the end of the contest, they will give away another $5,000 to the best bug submitted. The rules and fine print is on TippingPoint’s DVLabs blog.
Last year Dino Dai Zovi uncovered an Apple QuickTime flaw, and won a MacBookPro and several thousands of dollars. What will go down this year? Ryan Naraine predicts vista will fall first via a client vulnerability and then the macbook via quicktime. This is only the second year of the contest, and I’m sure many people will come prepared. So it will be very interesting to watch what develops.