Google stakes Pwnium hacking contest to $3.14M in potential prizes
New cooperative approach with Pwn2Own has Google pitching researchers on hacking Chrome OS
Computerworld - Google today announced it would again host its Pwnium hacking contest at a March security conference, but boosted the maximum amount it will pay to $3.14 million and changed the target to its browser-based operating system, Chrome OS.
Dubbed Pwnium 3, the challenge will pit researchers against its still-struggling-for-relevance Chrome OS, rewarding those who can hack the operating system with individual prizes of $110,000 and $150,000.
Google capped the total up for grabs at $3.14159 million, giving multiple researchers a chance at prize money. The "3.14159" comes from the first six digits of the value of Pi.
Each hacker able to compromise Chrome OS or the browser that is its foundation -- Chrome -- from an exploit-serving website will receive $110,000 said Chris Evans, an engineer with the Chrome security team, in a Monday entry on the Chromium project's blog.
Researchers who manage to accomplish what Evans called a "compromise with device persistence," meaning that the hijack survives a reboot of the Chrome OS-powered notebook, will receive the larger award of $150,000.
"We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems," said Evans.
Pwnium 3 will take place March 7 at CanSecWest, the Vancouver, British Columbia, security conference where Google will also partner with HP TippingPoint's Zero Day Initiative (ZDI) bug bounty program to host Pwn2Own. That contest, with $560,000 in total cash prizes, will focus on Web browsers, including Chrome, Microsoft's Internet Explorer (IE) and Mozilla's Firefox, as well as plug-ins from Adobe and Oracle.
The contest cooperation at CanSecWest will be quite different this year than in 2012, when Pwn2Own and Pwnium were rivals. Google inaugurated Pwnium then after it withdrew its financial support from Pwn2Own after it and HP couldn't agree on the rules -- specifically, whether researchers would be required to divulge full exploits and hand over all the vulnerabilities they used to hack a browser.
"This year, we've teamed up with ZDI by working together on the Pwn2Own rules and by underwriting a portion of the winnings for all targets," said Evans about the new understanding between Google and HP TippingPoint. "The new rules are designed to enable a contest that significantly improves Internet security for everyone. At the same time, the best researchers in the industry get to showcase their skills and take home some generous rewards."
Both Pwn2Own and Pwnium will require winners to provide functional exploit code and details on all the vulnerabilities put into play.
Pwnium 3's $3.14 million cap is more than three times the $1 million Google said it would pay if necessary in 2012, and more than 50% above the $2 million it staked at a second challenge that took place in Kuala Lumpur, Malaysia, last October.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Is Your Big Data Solution Production-Ready? Read "Is Your Big Data Solution Production-Ready?" now, and discover best practices and actionable steps to implementing a production-ready big data solution.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts