PWN to Own Take 2

The folks over at CanSecWest will once again be hosting their popular PWN to OWN contest at this years con. I wrote about last year’s contest that was won after a spl0it was found in Quicktime that allowed the attacker to PWN the Mac laptop. This year they are also putting up an Ubuntu and Vista box. They haven’t mentioned what the configuration will be, what aps will be installed etc… but it doesn’t really matter. This exercise will prove nothing other than that the CanSecWest organizers know how to be media whores (hey, even I’m writing about it). Even if one or two of the boxes get owned it will not prove that one OS is more secure than the other. OS Security is proven (or disproved) over the types and severity (not number or frequency) of vulnerabilities found over the long term. So while this contest will likely get a lot of press, especially if someone is successful and owns one of the boxes, in the long run it really doesn’t mean anything.