The promoters of the Canadian CanSecWest security event are set to introduce a new hacking contest one year after they offered hackers a chance of cracking a Mac. This time round, they're considering expanding the range - "We're thinking of having a contest where we have Vista and OS X and Linux ... and see which one goes first," said Dragos Ruiu, the principal organiser of CanSecWest"
Last year, show organisers invited attendees to hack into a Macintosh laptop, with the successful hacker winning the computer and a cash prize. Security researcher Dino Dai Zovi found a QuickTime bug that allowed him to run unauthorised software on the Mac. Dai Zovi split the contest prize with a friend at the show, Shane Macaulay, who helped him pull off his attack. Macaulay got to keep the Macbook Pro while Dai Zovi pocketed the US$10,000 put up by 3Com's Tipping Point division in exchange for technical details on the bug.
The event was not without criticism though: Gartner attacked the contest saying it was a "risky endeavour" and security company ISS slagged off the principal sponsor Tipping Point for its collusion.
It turned out that the QuickTime bug affected the Windows operating system too, but Ruiu said that Dai Zovi's hack helped change the way the industry thinks about the Mac OS, which has a reputation for being far more secure than Windows. "We were trying to point out that there was a security issue with Mac stuff here, and everybody was trying to play ostrich."
Ruiu and Dai Zovi say that last year's contest helped kick off a flurry of Mac-related security research, but according to TippingPoint Manager of Security Response Terri Forslof, it also illustrated a security industry truism: "Given enough time and motivation, everything can be broken," she said. "When TippingPoint agreed to purchase whatever vulnerability was used to win the contest for $10,000, it added an appropriate level of motivation. That's how it works."
Ruiu isn't certain that he'll run the three-way hacking contest this year. That's because he also has a grander, top-secret hacking contest idea that may or may not pan out, he said.
Either way, he promised "an interesting spectacle."