There were several $10,000 prizes at stake — as well as some free mobile phones — but at the end of the three-day Pwn2Own smartphone hacking contest at the big CamSecWest conference in Vancouver, British Columbia, which closed on Friday, none of the devices had been cracked.

The contest, sponsored by 3Com’s (COMS) TippingPoint computer security division, pitted some of the world's sharpest hackers and computer security experts against five smartphones: an Apple (AAPL) iPhone, a Research in Motion (RIMM) BlackBerry and phones running on Google’s (GOOG) Android, Microsoft’s (MSFT) Windows Mobile and Nokia’s (NOK) Symbian operating systems.

Although the rules were relaxed each day to make hacking easier, the phones managed to withstand the few attempts that were made to "pwn" them — Internet-gamer slang meaning to conquer or gain ownership.

The Web browsers were not so lucky. In a separate contest, now in its third year, the security barriers of Apple's Safari, Mozilla's Firefox and Microsoft's Internet Explorer were breached in the first day — Safari's in less than 10 seconds using an exploit prepared before the contest. The latest version of Microsoft's Web browser — IE8 — fell even before the browser's official release. Only Google's Chrome survived day one. See here.

It's not clear why the smartphones did so well and the browsers so badly. It may be that the devices are too new to have been studied closely. "There's a lot we don't know yet about them," Charlie Miller, the man who cracked Safari so quickly, told CNet's Elinor Mills (link). In fact, there were very few attempts made. Tipping Point's twitter feed mentioned only two: one against a BlackBerry and another against a Nokia phone running Symbian.

But there's no question that smartphones are vulnerable to attack. SearchSecurity.com reports that during one conference presentation a team from Core Security Technologies, a Boston-based penetration testing company, demonstrated how to crack into the iPhone, Google Android and Windows Mobile devices using something called a simulated stack overflow vulnerability.

According to Alfredo Ortega, one of the Core researchers, the iPhone had the most security features, making it the most difficult to crack. Windows Mobile, he said, was the easiest to defeat. (link)

When it’s not running contests, TippingPoint operates its ZeroDay Initiative, in which it pays computer security specialists — also known as “white hat hackers” — a bounty for previously undiscovered vulnerabilities in return for a promise not to exploit them.

TippingPoint, in turn, notifies the vendor and simultaneously develops a patch that it offers to its security clients. Once the vendor has developed its own patch, TippingPoint and the vendor coordinate public disclosure. The researcher can either be given credit for the discovery or, if he or she prefers, remain anonymous.

See also: White hat hackers target the iPhone

Below the fold: the rules of the contest as posted on the CamSecWest website here.

More

UPDATE: Microsoft's own tests find IE8 faster than Firefox. See links to pdfs here. Independent reports treat the company's tests somewhat skeptically. See here and here.

- – -

I have not tested Internet Explorer 8 — the new version of Microsoft's (MSFT) industry-leading Web browser, which was released here on Thursday. And since Microsoft has made it clear that it has no intention of writing a version for the Apple (AAPL) Macintosh, I may never use it.

However, I've gone through the promotional videos and read some of the early reviews, starting with Walt Mossberg's in the Wall St. Journal, and I gather it's a significant advance over IE7 with some fine new features and none of the obvious flaws Vista had coming out of the box. But it has a fundamental problem. As Walt puts it in the last graph of his laudatory review, damning IE8 with faint praise:

"If it were faster, I would say it was the best browser currently available for Windows." (link)

Microsoft's new browser, according to Mossberg (who is backed up by independent tests  — see here and here), is slower than Firefox, Google’s (GOOG) Chrome, and even the Windows version of Apple’s Safari 4. Which makes me wonder whether IE8 might do for Microsoft's dominant position in the Web browser market what Vista did for Microsoft's monopoly position on the PC desktop.

What am I talking about? Let's go to the pie charts below the fold.

More

On March 18, along with the latest version of iTunes and QuickTime, Apple slipped a copy of Safari 3.1 into the Software Update it sent to millions of Windows users — even though strictly speaking the first non-beta version of Safari for Windows was a new program and not an "update."

Critics, among them longtime Apple supporters, excoriated the company for what was widely viewed as an uncharacteristic sleight of hand. They called it "disgraceful," "malware" and a violation of the "trust relationship great companies have with their customers." (See for example here)

What they didn't call it was effective. But data released on Thursday by Net Applications show that the brief experiment worked rather well. During the month that it lasted, the percentage of Safari for Windows users among Net Applications' clients, which had never climbed above .07%, grew three-fold, to .21%.

It might also have helped that the program was getting good reviews, although it's not clear how many Microsoft (MSFT) Windows users would ever have tried Apple's (AAPL) Web browser if it hadn't been shoved in their face.

On April 18, Apple revised its Software Update protocol. New programs are now clearly marked as such and the box to accept them is unchecked by default.