exploited
Latest
Google teases hackers with $2 million in prizes, announces Pwnium 2 exploit competition
The folks in Mountain View are starting to make a habit of getting hacked -- intentionally, that is. Earlier this year, Google hosted an event at the CanSecWest security conference called Pwnium, a competition that challenged aspiring hackers to poke holes in its Chrome browser. El Goog apparently learned so much from the event that it's doing it again -- hosting Pwnium 2 at the Hack in the Box 10th anniversary conference in Malaysia and offering up to $2 million in rewards. Bugging out the browser by exploiting its own code wins the largest award, a cool $60,000. Enlisting the help of a WebKit or Windows kernel bug makes you eligible for a $50,000 reward, and non-Chrome exploits that rely on a bug in Flash or a driver are worth $40,000. Not confident you can break Chrome? Don't let that stop you -- Google plans to reward incomplete exploits as well, noting that it has plenty to learn from unreliable or incomplete attacks. Check out the Chromium Blog at the source link below for the full details.
Google's paying $20,000 to hack Chrome -- any takers?
So far, Chrome is the only browser of the big four -- Safari, Firefox, and Internet Explorer being the other three -- to escape the Pwn2Own hacking competition unscathed the past two years. (Sorry Opera aficionados, looks like there's not enough of you to merit a place in the contest... yet.) Evidently, its past success has Google confident enough to pony up a cool $20,000 and a CR-48 laptop to anyone able to find a bug in its code and execute a clean sandbox escape on day one of Pwn2Own 2011. Should that prove too daunting a task, contest organizer TippingPoint will match El Goog's $10,000 prize (still $20,000 total) for anyone who can exploit Chrome and exit the sandbox through non-Google code on days two and three of the event. For those interested in competing, Pwn2Own takes place March 9th through 11th in Vancouver at the CanSecWest conference. The gauntlet has been thrown -- your move, hackers.
iPhone SMS database hacked in 20 seconds, news at 11
It's a story tailor-made for the fear-mongering subset of news media. This week, a pair of gentlemen lured an unsuspecting virgin iPhone to a malicious website and -- with no other input from the user -- stole the phone's entire database of sent, received and even deleted text messages in under 20 seconds, boasting that they could easily lift personal contacts, emails and your naughty, naughty photos as well. Thankfully for us level-headed souls, those gentlemen were Vincenzo Iozzo and Ralf-Philipp Weinmann, security researchers performing for the 2010 Pwn2Own hacking contest, and their $15,000 first prize ensures that the winning formula will go to Apple (and only Apple) for further study. Last year, smartphones emerged from Pwn2Own unscathed even as their desktop counterparts took a beating, but this makes the third year in a row that Safari's gotten its host machines pwned. That said, there's no need for fear -- just a healthy reminder that the Apple logo doesn't give you free license to click links in those oh-so-tempting "beta-test the new iPad!" emails.
