The third and final day of the PWN to OWN contest at the CanSecWest security conference begins today, March 28th at 12:30pm local time (PST) in Vancouver. Yesterday, on day two of the contest, the MacBook Air was successfully compromised first and won by a team from Independent Security Evaluators, also winning $10,000 from us (the Zero Day Initiative).
As of today, since the Vista and Ubuntu laptops are still standing unscathed, we are now opening up the scope beyond just default installed applications on those laptops; any popular 3rd party application (as deemed popular by the judges) can now be installed on the laptops for a prize of $5,000 upon a successful compromise. For a refresher on the full rules and cash prizes, check out the PWN to OWN contest guidelines.
2:30pm PST Update: Its been two hours so far, and both Vista and Ubuntu laptops are still standing. Stay tuned...
7:30pm PST Update - Vista Laptop was Won!: Congratulations to Shane Macaulay from Security Objectives - he has just won the Fujitsu U810 laptop running Vista Ultimate SP1 after it was installed with the latest version of Adobe Flash. Not only is he the official winner of the Fujitsu laptop, but also $5,000 from us. Shane received some assistance from his friends Derek Callaway (also from Security Objectives) and Alexander Sotirov. If you\'ll also remember, Shane Macaulay was Dino Dai Zovi\'s on-site team member at last year\'s PWN to OWN event in which they ultimately took the top prize.
Above pictured is Aaron from TippingPoint on the left officiating in front of the Fujitsu laptop, while Shane Macaulay and his pwnage assistant Alexander Sotirov (next from left to right) refine the Adobe Flash exploit.
So at the end of the last day of the contest, only the Sony VAIO laptop running Ubuntu was left standing.
The new Adobe Flash 0day vulnerability that Shane exploited has been acquired by the Zero Day Initiative, and has been responsibly disclosed to Adobe who is now working on the issue. Until Adobe releases a patch for this issue, neither we nor the contestants will be giving out any additional information about the vulnerability. You will be able to track the vulnerability on the Zero Day Initiative upcoming advisories page.
Above pictured is Charlie Miller whose team won the MacBook Air and $10,000 on day two of the contest.
Above pictured is winner Shane Macaulay on the right showing off the spoils of victory with his friend Alexander Sotirov on the left.
We want to thank the organizers of CanSecWest and everyone who helped out with the PWN to OWN contest, especially Dragos Ruiu, Ron Dodge, Tim Rosenberg, Dwight Hobbs, and Chris Owen. See you next year!