*** Welcome to piglix ***

Pwn2Own


Pwn2Own is a computer hacking contest held annually at the CanSecWest security conference, beginning in 2007. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. Winners of the contest receive the device that they exploited, a cash prize, and a "Masters" jacket celebrating the year of their win. The name "Pwn2Own" is derived from the fact that contestants must "pwn" or hack the device in order to "own" or win it. The Pwn2Own contest serves to demonstrate the vulnerability of devices and software in widespread use while also providing a checkpoint on the progress made in security since the previous year.

The first contest was conceived and developed by Dragos Ruiu in response to his frustration with Apple's lack of response to the Month of Apple Bugs and the Month of Kernel Bugs, as well as Apple's television commercials that trivialized the security built into the competing Windows operating system. At the time, there was a widespread belief that, despite these public displays of vulnerabilities in Apple products, OS X was significantly more secure than any other competitors.

On March 20, roughly three weeks before CanSecWest that year, Ruiu announced the Pwn2Own contest to security researchers on the DailyDave mailing list. The contest was to include two MacBook Pros that he would leave on the conference floor hooked up to their own wireless access point. Any conference attendee that could connect to this wireless access point and exploit one of the devices would be able to leave the conference with that laptop. There was no monetary reward. Ruiu further outlined that there would be progressively loosened restrictions on what hacks were acceptable over the three days of the conference.

On the first day of the conference, Ruiu asked Terri Forslof of the Zero Day Initiative (ZDI) to participate in the contest. ZDI has a programme which purchases zero-day attacks, reports them to the affected vendor and turns them into signatures for their own network intrusion detection system, increasing its effectiveness. The vulnerabilities sold to ZDI are made public only after the affected vendor has issued a patch for it. Forslof agreed to have ZDI offer to purchase any vulnerabilities used in the contest for a flat price of $10,000.


...
Wikipedia

...