Two former winners will line up later today at the Pwn2Own hacking contest to take another crack at thousands of dollars in prizes for exploiting fully-patched browsers.

Charlie Miller, who has taken home cash two years running , and a German hacker known only by his first name of "Nils," are scheduled to try their hands today at breaking into notebooks equipped with Safari and Firefox.

In a videotaped drawing last week to select the order that participants will try their luck, Miller, an analyst at Baltimore-based Independent Security Evaluators, grabbed the No. 2 spot. Miller will attempt to hack into a MacBook Pro notebook running Mac OS X 10.6, aka Snow Leopard, equipped with the latest version of Safari. Nils, a computer science student from Germany, drew the No. 3 and No. 9 spots, and will try to also bust into the Mac if Miller falters. Later in the contest, he's slated to attack Mozilla's Firefox 3.6.2 on a PC running Windows 7.

At last year's Pwn2Own, which is in its fourth year at the CanSecWest security conference in Vancouver, British Columbia, Nils walked off with $15,000 after successfully exploiting Microsoft's Internet Explorer 8 (IE8), Firefox and Safari. Miller took home $5,000.

The rules for this year's contest are slightly different. In 2009, 3Com TippingPoint, the security company that sponsors Pwn2Own, paid $5,000 for each unknown browser vulnerability exploited, with no limit on the number each hacker could use or how many times one browser could be breached. Today, TippingPoint will pay out $10,000 for each of the four browser challenges, with a limit of four winning vulnerabilities and a total of $40,000 in possible prizes.

Pwn2Own newcomer Peter Vreugdenhil will attempt to exploit IE8 on Windows 7 today. Vreugdenhil, a freelance vulnerability researcher from the Netherlands, apparently has an exploit able to bypass Windows 7's DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) security mechanisms, according to both the contest organizer and Vreugdenhil. "Let's hope ASLR in Vancouver works the same as in NL," Vreugdenhil teased via Twitter last week after the placement drawing. Vreugdenhil will go fourth in the contest.

Earlier, Aaron Portnoy, security research team lead with TippingPoint and Pwn2Own's organizer, said that a long-time contributor to the company's bug bounty program, who he didn't name at the time, would be armed with an IE8 exploit he called "impressive ... from a technical standpoint."

Miller was suitably impressed. On his own Twitter feed last week, he said, "If he pwns ie8 on win 7 w/o jit spray, he'll deserve [single name status]," Miller wrote, referring to a type of heap spraying attack that has been used to bypass DEP and ASLR. JIT spraying, however, requires Flash, which won't be available on the first day of Pwn2Own.

Winners in the browser track also receive the machine they exploited. This year's systems include a MacBook Pro 15-in. notebook, a Hewlett-Packard Envy Beats 15-in., a Sony Vaio 13-in. and an Alienware M11x 11-in.