Security researchers that want to take a shot a hacking the Mac OS X will get their chance at an upcoming security conference and could take home a fully loaded MacBook Pro.
This week, the organizer of the annual CanSecWest conference announced the show will host a "PWN to Own" contest: Hack a Mac and you can take it home. The contest will place two tricked-out MacBook Pro computers with a default Apple installation on a network to which any attendee can connect and attempt to exploit the systems. The first person to use a unique attack on either of the two systems can take the laptop home, said Dragos Ruiu, the organizer of the CanSecWest.
Ruiu proposed the contest after he became frustrated with the Apple's lack of participation in the security community, its marketing campaign touting the operating system's security track record, and the company's hard-line tactics against some researchers.
"Everyone and his dog is talking about sitting on Mac OS X zero-day (flaws), while Mac users are going around saying they are so secure," Ruiu said in an interview with SecurityFocus. "So I think this contest is a good way to get things hashed out."
Security researchers have increasingly targeted Apple. The company's Mac OS X operating system was put in the spotlight in January when two researchers released daily bugs in Apple software for the entire month.
The company has come to loggerheads with researchers a number of times as well. Last summer, two security researchers--David Maynor and Jon Ellch--allegedly scuttled a part of their presentation on wireless vulnerabilities that would have shown an attack on the native wireless drivers of an Apple laptop because of legal threats by the company. Earlier this month, a Mac OS X security presentation that was scheduled to be given by information-technology specialist Daniel Cuthbert at EUSecWest--a conference also organized by Ruiu--was canceled allegedly due to pressure by Apple.
Cuthbert is the British citizen found guilty in 2005 of violating the United Kingdom's Computer Misuse Act, a judgment widely criticized by security researchers. After he had made a donation on a charity site, Cuthbert performed some simple security checks to assuage his fears that the site was staging a phishing attack.
Cuthbert declined to comment for this article. An Apple representative could not immediately be reached for comment.
The contest, announced on Wednesday, will take place at the CanSecWest conference in Vancouver starting April 18. Ruiu said he believes the systems will not last the duration of the three-day conference, but if they do, they will be given away to the best speaker and best lightening talk.
Posted by: Robert Lemos