Pwn2Own hacking contest puts record $560K on the line
Google back as co-sponsor after organizer changes rules
Computerworld - HP TippingPoint, the long-time organizer of the annual Pwn2Own hacking contest, has revamped the challenge for the second year running and will offer cash awards exceeding half a million dollars, more than five times the amount paid out last year, the company said yesterday.
The 2013 edition of the contest will offer $560,000 in potential prize money to hackers who demonstrate exploits of previously-unknown vulnerabilities in Chrome, Firefox, Internet Explorer (IE) or Safari, or the Adobe Reader, Adobe Flash or Oracle Java browser plug-ins.
Prizes will be awarded on a sliding schedule, with $100,000 for the first to hack Chrome on Windows 7 or IE10 on Windows 8. From there, payments will fall to $75,000 for IE9 and slide through a number of targets before ending at $20,000 for Java. Prizes will also be given for exploiting Adobe Flash and Adobe Reader ($70,000 each), Safari ($65,000) and Firefox ($60,000).
About the Java award, Kostya Kortchinsky, a researcher who now works for Microsoft, quickly tweeted, "ZDI giving out $20k for free," referring to the Oracle software's recent vulnerabilities.
Pwn2Own will run March 6-8 at the CanSecWest security conference in Vancouver, British Columbia.
According to Brian Gorenc, a researcher with TippingPoint's DVLabs, HP will sponsor this year's Pwn2Own in conjunction with Google. Last year, Google was initially a co-sponsor, but withdrew over disagreements with TippingPoint about that year's rules.
Google then ran its own hacking contest, dubbed Pwnium, at CanSecWest, where it handed out $120,000 to two researchers for exploiting Chrome.
This year's contest is another revamp of the process and rules, the second in two years. The 2012 challenge used a complicated point system that awarded prizes to the researcher or team of researchers who exploited the most targets during a three-day stretch. It also challenged hackers to devise exploits on the spot.
With 2013's Pwn2Own, TippingPoint has essentially dumped last year's model and returned to earlier contest rules: Researchers will draw their order of appearance before the contest begins, each will have 30 minutes to try his or her luck, and the first to exploit a given target wins the prize.
Another change from last year is that researchers must provide TippingPoint with a fully-functional exploit and all the details of the vulnerability used in the attack. That's different from last year, when Google backed out because Pwn2Own did not require hackers to divulge full exploits, or all of the bugs used, so that vendors, including Google, could then fix the flaws.
The rule changes and the large infusion of cash hint that Google returned to Pwn2Own sponsorship only after it convinced TippingPoint to revise the exploit disclosure policy. Yesterday, Google declined to comment on whether it would again run a Pwnium contest at CanSecWest, but did confirm it will host its Chrome-specific challenge at some point in 2013.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Three Best Practices to Help Government Agencies Overcome BYOD Challenges This paper highlightschallenges facing government IT in a BYOD environment and discusses strategies for network preparation, ongoing support, and securing information to enable...
- Review: Box beats Dropbox - and all the rest - for business Box trumps Dropbox, Engyte, Citrix ShareFile, EMC Syncplicity, and OwnCloud with rich mix of file sync, file sharing, user management, deep reporting and...
- Analyst Report-Mixed All Flash Arrays Delivers Safer Higher Performance What is the impact of an all-flash array with enterprise features and reliability on the mainstream data center? In the mainstream environment, storage...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
On-Demand Webcast: 7 Reasons to Choose VoIP
Thinking about a new phone system for your business?
Be sure to watch this informative webcast. Steve Strauss, small business columnist for USA...
All Cybercrime and Hacking White Papers |