During the third day of the “PWN TO OWN” event, a contest of hackers determined to break systems at CanSecWest, Windows Vista was compromised from a Flash flaw.
The contest, which saw a MacBook Air get hacked on Thursday, relaxed the rules even further. On the first day of the contest, only the operating system could be targeted, but on the second day that was expanded to include standard applications. An undisclosed Safari flaw led to the MacBook Air’s downfall through the OS X operating system.
On Friday, hackers could target any “popular” piece of third-party application software that computer users might locate on a system. The Fujitsu laptop, running Windows Vista Ultimate, was compromised by a previously undiscovered flaw in Adobe’s Flash software.
Hackers Shane Macaulay, Derek Callaway and Alexander Sotirov, were able to compromise and gain control of the Windows Vista laptop, which also means they get to keep it. However, since the rules had been relaxed, they only get $5,000; the MacBook Air winners collected $10,000.
Winners had to sign a nondisclosure agreement immediately after a successful hack, so that the nature of the flaw could be disclosed to the vendor to prepare for security fixes. Once Adobe patches the flaws in Windows Vista, the problem will be disclosed.
CanSecWest is the world’s most advanced conference focusing on applied digital security. The annual event brings both industry and hackers to test security in several operating systems.
The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field.