Google will pay $ 20,000 for the first scientist who succeeds in its Chrome browser to exploit this year’s competition Pwn2Own piracy.The price is the largest ever to face the annual challenge, which begins for the fifth time in the CanSecWest security conference in Vancouver, British Columbia, March 9.
In Pwn2Own this year, researchers sky exploits against machines running Windows 7 or Mac OS X, as they try to download Microsoft Internet Explorer, Mozilla Firefox, Apple Safari and Chrome.
The researchers first to hack IE, Firefox and Safari will receive $ 15,000 and the computer running the browser. Prices are $ 5,000 higher than those given for the use of browsers in the last contest Pwn2Own, and three times the 2009 price.
“We’ve raised the bar this time and the total allocated to cash prices rose to a whopping $ 125,000,” said Aaron Portnoy, director of HP TippingPoint Security Research Team.
TippingPoint, which is once again sponsoring Pwn2Own, set the rules of the contest on Wednesday, a blog written by Portnoy.
New this year is the involvement of Google. The company is the first browser to put your kitten in prize money. “Praise to the Google Security Team for the initiative to approach us here,” says Portnoy.
Chrome rules are slightly different than other browsers, since it is only one of four that uses use “sandbox” anti-military. Sandbox to isolate the system processes to prevent or at least seriously to prevent malicious software to evade the question – in this case, Chrome – the destruction of your computer.
To operate a sandbox program such as chromium, researchers have not one but two vulnerabilities: one to allow attack code to escape the sandbox, and second to exploit flaws in Chrome.
other software developers have followed in the footsteps of Chrome tries to make applications more secure. Last year, for example, Adobe has added a sandbox – it is part of the work of Google – its popular Reader software.
Exit with Google $ 20,000 the first day Pwn2Own a researcher to locate and exploit two vulnerabilities in the code from Google. Only on the second and third days of the competition, researchers can use a bug not Chrome, it is said in Windows, out of the sandbox. A successful attack on the second and third days will still put $ 20,000 into the pocket of the researcher, but only $ 10 000 coming from Google, TippingPoint will pony up the $ 10,000 more.
Google Pwn2Own participation in this year may be a sign of trust that Chrome can not hack. While Chrome was one of the objectives of Pwn2Own browser since 2009, no researcher has used the browser and grabbed the money.
IE, Firefox and Safari, have fallen each of the attackers over the past two years, sometimes embarrassingly short period of time. In 2009, a researcher – computer German major, who gave only his first name, Nils – hit the trifecta by using all three browsers, and take home $ 15,000 for a total of $ 5,000 for each hack.
Charlie Miller, the only scientist who has won three consecutive years Pwn2Own not guilty last week to try again, but Wednesday saw the $ 20,000 for Chrome.
“Pwn2Own now offers 20k to attack Chrome, Twitter, says Miller.” It must be tough, cheerful Mac OS X is not a sandbox in the browser. ”
Miller is an authority on Mac hacking – it was co-author of Hacker’s Guide Mac with Dino Dai Zovi, a 2007 winner Pwn2Own – and used the Safari last three years. As he pointed out that Safari is not sandboxed.
TippingPoint will also launch a mobile tracks piracy Pwn2Own next month that will allow scientists are trying to use smartphones running IOS Apple, Google Android, Microsoft Windows 7 Phone and RIM BlackBerry OS.
successful attack smartphone will be awarded $ 15,000.
0 comments:
Post a Comment