When the Pwn2Own contest began in 2007, it was dismissed by some in the industry as nothing more than a publicity stunt meant to inflate the egos of researchers while embarrassing software vendors. But as the fifth edition of the hacker challenge gets underway at the CanSecWest conference here this week, it has evolved into a display of some of the few things that are actually good and right with the security community.
The contest began as essentially a timed competition to see who could find and exploit a vulnerability in a fully patched MacBook Pro running the most current version of OS X. Researchers went at the machines for hours, trying to find a new bug and develop a reliable exploit for it. Win, and you got not only the computer that you'd exploited but a nice $10,000 cash prize. There were different thresholds for different machines, but both the 15-inch and 17-inch MacBooks lived through the first day of the contest without being compromised.

Not so the next day. Researcher Dino Dai Zovi, who wasn't at the conference, found a new flaw in the Java implementation in QuickTime and called his friend Shane Macaulay, who was in Vancouver. Dai Zovi developed a browser-based exploit for the bug and Macaulay implemented it at the conference. The pair took down the 15-inch MacBook and the cash. Dai Zovi stayed up most of the night working on the bug and exploit, but within a few hours he had a reliable exploit, a new MacBook and some nice walking around money. Not a bad night's work.

The link for this article located at ThreatPost is no longer available.