Google ups ante for Chrome hack at revamped Pwn2Own
HP's revised hacking contest to offer $60K top prize, debut on-site exploit writing
Computerworld - HP TippingPoint, the long-time sponsor of the annual Pwn2Own hacking contest, has dramatically revamped the challenge and will be awarding a first prize of $60,000 this year, four times 2011's top reward.
Google will also significantly increase the money it potentially will pay to people able to hack its Chrome browser at the contest.
Pwn2Own will take place over a three-day stretch in early March at the Vancouver, British Columbia-based CanSecWest security conference.
Four desktop browsers -- the most up-to-date editions of Chrome, Apple's Safari, Microsoft's Internet Explorer and Mozilla's Firefox -- will feature as this year's targets, said Aaron Portnoy, the leader of HP TippingPoint's security research team and the organizer of Pwn2Own.
Rather than take a target off the table after a researcher successfully exploits it -- as has been done at past Pwn2Owns -- this year the contest will use a point schedule that lets everyone try their hand.
More importantly, researchers will be challenged to devise exploits on the spot.
"The first morning of the contest we'll announce two vulnerabilities per target that have been patched and give [researchers] a basic proof-of-concept," said Portnoy. "Until now, Pwn2Own has never been much of spectator sport."
The on-site exploit writing should change that, as researchers or teams of researchers will be awarded 10 points per hack on the first day, nine points on the second and eight points on the third.
While those scores will be much less than the 32 points awarded for each new browser "zero-day" -- or previously unpatched -- vulnerability revealed and exploited at Pwn2Own, they make it possible, said Portnoy, for someone to win the big money by adding one or more on-site exploits to the zero-day(s) they bring with them.
The on-site exploits will take aim at older versions of the four browsers that were available during 2011. Microsoft's Internet Explorer 8 (IE8) will likely be one of the targets. for instance.
The top-scoring researcher or team will take home $60,000, triple the maximum Pwn2Own has given in the past. The second-place prize will be $30,000, and third place will collect $15,000.
Last year, the biggest cash prize was $15,000, which went to the first researcher able to hack one of the desktop or mobile browsers put in the spotlight.
Among the other changes, said Portnoy, is the elimination of the random drawing that decided the order in which researchers took on targets.
"That really wasn't fair to competitors," said Portnoy, noting that the first in line had a decided advantage because once exploited, a browser was removed from the contest.
"We won't have any winners until end the end of the third day," Portnoy added.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts