How long can a Mac survive the hacker jungle?

At this year's CanSecWest 2007 conference in Vancouver, BC, a "PWN to OWN" contest will pit security researchers against a MacBook Pro in an experiment to see how well a default Mac OS X install can survive hacker scrutiny.

The contest is the brainchild of CanSecWest organizer Dragos Ruiu, who was motivated in part by Apple's general anti-disclosure stance and the Mac commercials that trivializes security to the masses with humor.

"So, let's see how well a default OSX install really does in a room full of security researchers. How long can a default OSX install survive? How much Apple 0day is really floating out there undisclosed?," Ruiu said in an e-mail announcing hte contest.

He describes the contest as a "practical experiement" that makes "a political point."

Ruiu plans to set up two loaded MacBook Pro machines on this own access point with default installs and with the latest security updates applied. "[Hackers] will be able to walk up to it and connect to the AP ethernet or go in over WiFi. If you exploit it, you get to go home with it," Ruiu said.

The contest is limited to one per person (the same vulnerability can't be used twice) and will have certain victory conditions -- SSH connection out of the machine and contents of a file on the hard-drive.

"It will be interesting to see exactly how long they last in the "jungle" as it were. If they last the three days, they become the prizes for best lightning talk and best speaker as selected by the audience," Ruiu said of his "quantitative experiment on the real security of OSX."

CanSecWest is one of the main stops on the annual security conference calendar. It runs from April 18-20, 2007. Scheduled speakers this year include Microsoft's Mark Russinovich, Mozilla's Window Snyder, Symantec's Jim Hoagland, HD Moore of BreakingPoint Systems and Ron Gula from Tenable.