Since its inception in 2007, the Pwn2Own computer hacking contest has been challenging the vulnerability of mobile phones and web-related software. In 2010, the fruit of two full days of hacking came down to the exploitation of the following web browsers: Safari 4 on Mac OS X, Internet Explorer 8 on Windows 7, and Firefox 3.6 on Windows 7. The winners walked away with the successfully hacked computer, plus a cash prize, but they left one Godly browser intact: Google Chrome. Even the savviest of web nerds shied away, despite the the hefty $10,000 prize offered to crack Chrome's sandbox. Nobody even tried.
All heil Google.
This year Google is feeling extra cocky. They've upped the ante, offering a large cash prize of $20,000 to anybody who can hack a Windows 7 machine in the Chrome web browser by "popping the browser and escaping the sandbox using vulnerabilities purely present in Google-written code." Chrome is the only one of the four browsers that uses a "sandbox", a security mechanism for separating running programs, in order to prevent malware from escaping and contaminating the computer.
Google's generous offer is likely an indication of their confidence that Chrome can't be hacked, and they may be right. Even through Chrome has been a target at Pwn2Own for the past two years, not one contestant has successfully exploited the browser. Google fairly states:
"We think the Chrome browser has a strong security architecture, and Chrome has fared well in past years at Pwn2Own. But we know that web browsers from all vendors are very large pieces of software that invariably do have some bugs and complex external dependencies. That's why the Chromium Security Reward program exists, along with our newer web application reward program. As a team comprised largely of security researchers, we think it's important to reward the security community for their work which helps us learn. Naturally, we'll learn the most from real examples of Chrome exploits."
Chrome OS, however, isn't on the table. Since it's still in "beta", Google appears to lack the confidence it could stand up to hackers.
The contest will be taking place on the 9th, 10th, and 11th of March, 2011 in Vancouver, BC during the CanSecWest conference. Pre-registration for the event has closed, but on-site registration is still available if the targets have not yet been compromised.
Photos by Driven by Technology and Tech Spot.
SOURCE Chromium Blog VIA zdnet.
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
3 Comments
Seems as if no one's getting 20K... there was only two hackers and one never shower and the other dropped out. Why isn't anyone interested in 20K? I don't get it.
because the hack is not worth 20k
one of my friend hacked crhome about a month ago he said he will get more than 1million by seeling the information than getting a 20 k so yeah not worth it.
Share Your Thoughts