By Tracey Capen
CanSecWest 2010’s hacker competition results in public defeat for Apple’s iPhone and three of the leading Internet browsers.
Apple, Microsoft, and other vendors are certain to release patches in the next few months for these holes, but what’s a user to do in the meantime?
Security conferences offer forums for top security specialists to share the latest malware threats anddefenses. But CanSecWest’s (Canadian Security West) most-popular event is Pwn2Own, a competition for white-hat hackers. The winner is the first contestant to defeat a browser’s defenses and take over a personal computer. This year’s Pwn2Own included smart phones for the first time.
The most-interesting revelations at this beat-the-browser match were the contestants’ ability to circumvent Microsoft’s Address Space Load Randomization (ASLR) and Data Execution Prevention (DEP) security controls and their success in hacking Apple’s immensely popular iPhone.
Ironically, the competition has another aspect pre-eminent with malware authors — money. In addition to bragging rights, winning this year’s Pwn2Own included $100,000 in prize money put up by security company TippingPoint.