Story at Matasano. "About an hour ago, security researcher Shane Macaulay leveraged a clientside exploit to bind a remotely-accessible shell on the fully-patched MacBook used by the PWN 2 0WN contest at CanSecWest. The vulnerability and exploit were developed last night by Dino Dai Zovi, in the wake of an announcement by 3Com establishing a $10,000 bounty on successful exploitation of one of the contest MacBooks. Said Dino: I think I may have set the land-speed record. Shane keeps the laptop, Dino keeps the reward. Details about the specifics of the vulnerability to follow at a later date."