The organisers of the CanSecWest security conference are talking about giving attendees to this year's event a prize for hacking the two platforms, and another shot at the Mac OS, to "see which one goes first", said Dragos Ruiu, the principal organiser of CanSecWest.
Last year, security researcher Dino Dai Zovi spent a sleepless night hacking his Mac in order to take the prize at the show's first PWN to OWN contest. Dai Zovi found a QuickTime bug that allowed him to run unauthorised software on the Mac once the computer's browser was directed to a specially crafted web page.
Dai Zovi split the contest prize with a friend at the show, Shane Macaulay, who helped him pull off his attack. Macaulay got to keep the Macbook Pro, while Dai Zovi pocketed the $10,000 put up by 3Com's TippingPoint division in exchange for technical details on the bug.
It turned out that the QuickTime bug affected the Windows operating system too, but Ruiu said that Dai Zovi's hack helped change the way the industry thinks about the Mac OS, which has a reputation for being far more secure than Windows. "We were trying to point out that there was a security issue with Mac stuff here, and everybody was trying to play ostrich."
Ruiu and Dai Zovi say that last year's contest helped kick off a flurry of Mac-related security research, but according to TippingPoint Manager of Security Response Terri Forslof, it also illustrated a security industry truism: "Given enough time and motivation, everything can be broken," she said. "When TippingPoint agreed to purchase whatever vulnerability was used to win the contest for $10,000, it added an appropriate level of motivation. That's how it works."
Shortly after last year's contest, Gartner published a research paper warning that such challenges are "risky endeavours" that could put sensitive vulnerability information out in the public domain.
That hasn't stopped CanSecWest from pressing forward with this year's event.
Ruiu isn't certain that he'll run the three-way hacking contest this year. That's because he also has a grander, top-secret hacking contest idea that may or may not pan out, he said.
Either way, he promised "an interesting spectacle".
For more PC security news, reviews and tutorials, see Security Advisor