"PWN 2 OWN" is a hacking competition that was established last year (2007) at the CanSecWest Computer Security Conference, held in Vancouver, British Columbia (Canada) and is sponsored by TippingPoint's Digital Vaccine Laboratories' Zero Day Initiative.

In the competition, hackers attempt to find and exploit security holes in common consumer software, and the first person/team to successfully exploit a previously unknown security hole (0day vulnerability) wins the competition, and as a prize gets the computer whose security they compromised and a $10,000 Cash prize.

Last year, the competition targeted a single system. This year, competitors could choose to attack one of three systems: A laptop running a fully patched Windows Vista, a laptop running a fully patched Ubuntu Linux, or a fully patched Macbook Air.

The first day had the restriction that only network-level attacks could be performed. The first day of the competition went by without much success.  The second day began with the announcement that attacks on the application layer would be allowed only if the applications attacked were already in the system.

This year, PWN 2 OWN ended 2 minutes after the start of the second day of the competition, when Charlie Miller, famous for an iPhone hack, exploited a 0day vulnerability in Safari running in Mac OS.

To prevent end-users from becoming victims to this vulnerability, Miller signed a Non-Disclosure Agreement, while the vulnerability was reported to Apple according to TippingPoint's Responsible Disclosure policy. 

See Yahoo News Article and the DVLabs Blog for more information...

While this competition shows that monetary gain can be used to improve computing security, the main point that can be gathered from this competition is that security threats are moving from the network level (protocols, such as SMB, as used in Windows File Sharing) to the application level (exploiting vulnerabilities in programs running in a system, Safari in this case), and makes the traditional attack, which a well-configured firewall and Intrusion Detection System can thwart can mitigate or even prevent, irrelevant (network-based attacks were attempted for 24 hours without success and an application-based attack succeeded within two minutes).