Just to clarify for everybody, the crossover cable negates the functionality of ipfw because the target computer is accessing the internet via the wireless connection of the attackers computer.
This is wrong.
The rules of the context forbid use of wireless. Contest entries that rely on wireless vulnerabilities will only be conducted at a remote undisclosed location.
The contest organizers have gone to some lengths to avoid the possibility of eavesdroppers collecting the attack data and analyzing it to reveal how the attack is conducted, thus revealing essential clues to the vulnerability. Frankly, this seems to me to be the reason for using a crossover cable: it can't be eavesdropped on. Even routers, switches, or hubs could conceivably be compromised, so the simplest solution, a straight wire (aka crossover cable), is used in place of anything else.
The crossover cable is used primarily to connect the attacker to the target with no intervening attack or leakage points. This also means the attacker acts as the target's gateway to the internet (again, read the rules and look for "gateway"). This means that the attacker has the ability to mount a man-in-the-middle attack, if they wish. However, the judges will not click links, nor perform any other action other than running requested programs and performing specific actions (read the rules).
The target computer is exposed to the attacking computer. Essentially the target computers traffic is being passed through the attackers computer.
Those statements are true. Obvious, given the contest rules, but true.
I believe to make this type of network connection in OSX that the system detects the type of connection and bridges the security features to make it work assuming that this type of connection is the want of the user.
That sounds like nonsense to me. The target computer (Mac or otherwise) has no special knowledge of the crossover cable, except at the hardware level. This makes sense, because other than switching which wires to send or receive on, the crossover cable makes no difference: bits on the wire are still just bits on the wire.
If the target knows about the internet, it's because the attacker's computer is acting as the internet gateway for the target. In other words, the attacker is acting as DHCP server, or router, subnet gateway, or whatever the configured internet connection is. There is nothing in OS X (or any other OS) that can possibly know or detect whether its DHCP server or router is a compromised attacker acting as a man-in-the-middle, unless the attacking software contains a mistake and reveals this in some way.
This is why PWN2OWN is not real world relevant in relation to any OS, but even less relevant to systems running ipfw, such as Mac OSX, Linux, and BSD.
I was totally wrong in my explanation about the relationship between ipfw and crossover cable in previous posts, but the essential elements of what I was saying are true.
What are the essential elements you think are true?
I'm assuming you know Mac OS X hasn't had ipfw active by default for quite some time. Assuming it will be active for the contest is a leap of faith on your part.
It's unclear to me from the contest rules whether ipfw will be enabled or not, and if enabled, how it might be configured. I say this because despite being inactive by default in recent OS releases, there are third-party products that manage ipfw rules in a simplified way, and it would not be unreasonable for the defender to use one of those products.
In any case, ipfw has no special defenses against mitm attacks, so it's unclear what you expect it to defend against.
