pwn 2 own pool

CanSecWest will give round 2 of their PWN 2 OWN contest. If you can hack a box, you keep the box. This year they will offer up patched versions of Windows Vista, Mac OS X, and Ubuntu. They will also allow browser, email, and IM application attacks. I understand an out-of-the-box, fully-patched attack, but I guess one can argue “typical configuration” of those apps. So, thinking inside the box, I would expect the challenges to be centered on privilege escalation, finding something running as root level, hijacking something root-executable due to poor file access security.

Anyone ready to start a pool on which order and how these boxes will be pwned?

Order of pwnage
1. Ubuntu Linux – Ubuntu, the bloated desktop OS for Linux, is really not what you want representing Linux, but it matches the desktop use of the other two entries. Unfortunately, I think Ubuntu is the least vetted when it comes to security, and will be the first to fall. I wouldn’t be surprised to hear about poor file system permissions that lets userland replace something normally invoked by root. Or maybe an outdate package of something or other.

2. Mac OS X – I think everyone will still love to pwn the Mac and keep it in its place, making it a prime target. I suspect inherent flaws in the apps used will cause this breakdown, much like QuickTime last year.

3. Windows Vista – This might depend on the timing of patches, but I think Vista combined with IE7 will prove somewhat formidible, especially if the user is not an admin.

Most common attack vector
Web browsing – Browse to my site and get pwned! I think this will be, far and away, the most common attack vector and likely the approach used by the successful attacks. This might not result in attacking a flaw in the browser itself, but will involve the browser in some way.

2 thoughts on “pwn 2 own pool

  1. I should clarify. 🙂 I think Ubuntu is a bit bloated compared to other Linux distros. If any Linux distro has some hole, I’d expect it to be something brand new, or Ubuntu.

Comments are closed.