You right remember in March last year we posted about Charlie Miller at the PWN2OWN contest owning the MacBook Air in under 2 minutes.

Guess what? He’s done it again! This time though he’s even faster clocking in at under 10 seconds. No one else stood a chance. He walked off with the prize again, $5000 and the MacBook that he hacked.

Of course he wrote the exploit before hand, but still impressive!

Charlie Miller, a security researcher who hacked a Macintosh in two minutes last year at CanSecWest’s PWN2OWN contest, improved his time today by breaking into another Macintosh in under 10 seconds.

Miller, an analyst at Independent Security Evaluators in Baltimore, walked off with a $5,000 cash prize and the MacBook he hacked.

“I can’t talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched,” said Miller on Wednesday, not long after he had won the prize. “It probably took five or 10 seconds.” He confirmed that he had researched and written the exploit before he arrived at the challenge.

It guess it might be a Safari exploit, but I guess if you keep your ears open you’ll hear about it soon enough.

I wonder if he’ll be able to pull the same trick again next year, with his record so far I’d say it wouldn’t be a large stretch of imagination.

The PWN2OWN rules stated that the researcher could provide a URL that hosted his exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware. “I gave them the link, they clicked on it, and that was it,” said Miller. “I did a few things to show that I had full control of the Mac.”

Two weeks ago, Miller predicted that Safari running on the Macintosh would be the first to fall.

PWN2OWN’s sponsor, 3Com Corp.’s TippingPoint unit, paid Miller $5,000 for the rights to the vulnerability he exploited and the exploit code he used. As it has at past challenges, it reported the vulnerability to on-site Apple representatives. “Apple has it, and they’re working on it,” added Miller.

Interestingly another researcher later broke into a Sony laptop that was running Windows 7 by exploiting a vulnerability in Internet Explorer 8. So Safari and IE8 both fell!

What with all the claims from Microsoft that IE8 is so secure…I guess that pissed on their bonfire didn’t it?

This year’s PWN2OWN also has a section for mobile operating systems, the prize is larger too at $10,000. If you want to join you can have a crack at Windows Mobile, Google’s Android, Symbian, and the operating systems used by the iPhone and BlackBerry.

Source: Computer World (Thanks Navin)

Similar to the Hacker Challenge in 2006, it is being run by a U.S. company performing security testing and security metric research. The purpose of this challenge is to evaluate the effectiveness of software protections. The results of this effort will be used to improve protection measures.

There will be three distinct, yet related, phases to this contest. The first phase will be a hacker challenge, for which anyone can register to participate. The second stage of the contest will be a market (based on the Phase 1 challenge). Participation in this second phase will be by invitation only, based on performance in the first phase. The third phase of the contest will be a more challenging hacker challenge; this phase may or may not be invitation-only. There are opportunities to earn money in all three phases of the contest.

All file downloads and uploads necessary for the contest will be possible after the participant has logged in. The market will also be visible, at the appropriate time, after logging in.

You can read more here.

http://www.hackerchallenge.org/

All payments are in U.S. dollars, and will be made anonymously via PayPal with prizes up to $50,000USD for the three phases.

You can register here.

The first round results of the Linux Reverse Engineering Hacker Challenge are out!

http://www.hackerchallenge.org

It was expected that an intermediate hacker with Linux experience should be able to defeat the protection(s) in less than 10 hours. Participants may earn up to $4100 USD.

A total of 93 individuals registered to participate in the first Hacker Challenge. Individuals were compensated for defeating the protection and submitting a report that summarized how the defeat was executed. All individuals who defeated the protection and submitted a sufficient report were compensated with $500, while a partial defeat which was accompanied by a complete report was compensated with $200 (all payments in US dollars, with payments made anonymously via PayPal). Special payments were made for the first three successful defeats, as well as the top-three highest-quality reports

The competition is apparently run by a US based company anonymously and all payouts are made via PayPal.

We are a US company performing security testing and security metric research. This activity is being funded by a component of the US government.

The purpose of this project is to evaluate the effectiveness of software anti-piracy protections. The results of this effort will be used to improve our protection measures.

Perhaps something to do with the RIAA or DMCA as they are evaluating anti-piracy measures.

This is a security testing activity. All software and software anti-piracy measures were developed exclusively for use in this effort. No commercial protections were used in the development of this test.

Do watch out for the next competition from Hacker Challenge!