Pwn2Own, Pwnium Attract Dollars and 0-Days by the Bushel
The new year is barely two months old and it's already been a brutal one for the disclosure of new vulnerabilities. Java, Adobe Reader, Flash, Google Chrome and a number of other widely deployed applications have all been hit with a slew of serious bugs in just the last few weeks. And that's likely to get worse this week as researchers convene in Vancouver for the Pwn2Own and Pwnium hacking contests.
The two contests are run in conjunction with the CanSecWest conference, and they have produced a large volume of interesting attacks and vulnerabilities in the last few years. Pwn2Own is the older of the two competitions and began humbly enough in 2007, with researchers competing to hack a new MacBook laptop with the promise of the laptop and $10,000 if you succeeded in compromising the machine. It took a full day for the winning team to emerge, and when they did, it was Shane Macaulay and Dino Dai Zovi, who had worked in tandem, with Dai Zovi in New York and Macaulay in Vancouver.
And what software did they attack to win? Java.