pwnium
Latest
Google now rewards Chrome bug hunters all year round
One way to reduce the number of bugs or exploits in your software is to throw it open to some of the best and most devious minds in the industry and ask them to pull it apart. That's what Google has done with its annual Pwnium conference, where it's rewarded researchers with millions of dollars in Chrome-based security bounties. However, the search giant has decided now is the time to do things a little differently. As of this week, the Pwnium competition is shifting from an annual affair to a "year round, worldwide opportunity for security researchers."
Google's ready to give away over $2.7 million to folks that hack Chrome OS successfully
But not if you hack from the comfort of your own home. Instead, you'll have to travel to the CanSecWest security conference in Vancouver this March to showcase your skills at Google's Pwnium 4 competition. For those who aren't familiar, Google's been holding these Pwnium contests for years as a means to crowdsource the finding of security bugs in both the Chrome browser and Chrome OS. This year, like last year, Google's offering $110,000 for each "browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page," and $150k to anyone who can "compromise with device persistence: guest to guest with interim reboot, delivered via a web page." We don't understand exactly what that means, but we feel certain that with so many dollars at stake, there will be no shortage of interested parties who do. Plus, there are "significant" bonuses available for "particulary impressive or surprising" exploits -- so feel free to get creative, folks. Would-be winners should also know that the offers are good for hacks performed on the ARM-based HP Chromebook 11 or the Intel-packing Acer C720, and you've gotta register by 5PM Pacific Time on March 10th to compete. No time like the present, y'all.
Chrome OS fends off all hacks at Pwnium 3, others fall at Pwn2Own
Google's Pwnium challenge followed a familiar pattern in its first two years, with white hat hackers invariably finding a Chrome vulnerability and prompting a round of patches that ultimately made the software stronger. For the Chrome OS-focused Pwnium 3, there's been a slight hiccup: there were no hacks to patch. Despite Google offering a total of $3.14159 million in bounties, entrants couldn't demonstrate a working exploit on the Series 5 550 target machine. That may be a testament to Google's steady security improvements, but it doesn't help discover what holes are left. We'd add that few were left unscathed at the Pwn2Own competition running in tandem -- the regular Chrome browser, Firefox and Internet Explorer all came tumbling down, and Safari may have escaped only because contestants didn't register in advance. Even so, the Chrome OS results may have Chromebook Pixel owners feeling better about their purchases.
Google details Pwnium 3, targets Chrome OS
Google's Chrome security team has taken the wraps off its latest Pwnium competition. This time out, the target is Chrome OS on a Samsung Series 5 550, and as ever, the company's putting its money (and nerd cred) where its mouth is, offering up a $Pi million in rewards (that's a lofty $3.14159 million) for the third round of the competition. Amongst the payouts are $110,000 for a "browser or system level compromise in guest mode or as a logged-in user, delivered via a web page" and $150,000 for a "compromise with device persistence -- guest to guest with interim reboot, delivered via a web page." The company is also putting some weight behind the upcoming Pwn2Own competition, which goes down at CanSecWest in Vancouver in March. More info on both can be found at the source link below.
Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition
The folks in Mountain View are starting to make a habit of getting hacked -- intentionally, that is. Earlier this year, Google hosted an event at the CanSecWest security conference called Pwnium, a competition that challenged aspiring hackers to poke holes in its Chrome browser. El Goog apparently learned so much from the event that it's doing it again -- hosting Pwnium 2 at the Hack in the Box 10th anniversary conference in Malaysia and offering up to $2 million in rewards. Bugging out the browser by exploiting its own code wins the largest award, a cool $60,000. Enlisting the help of a WebKit or Windows kernel bug makes you eligible for a $50,000 reward, and non-Chrome exploits that rely on a bug in Flash or a driver are worth $40,000. Not confident you can break Chrome? Don't let that stop you -- Google plans to reward incomplete exploits as well, noting that it has plenty to learn from unreliable or incomplete attacks. Check out the Chromium Blog at the source link below for the full details.
