TechSpot

Fully patched versions of Firefox, Chrome, IE 11 and Safari exploited at Pwn2Own hacking competition

By Shawn Knight
Mar 20, 2015
Post New Reply
  1. pwn2own firefox chrome safari research zero day cansecwest security researchers hackers hack hacks hwelett-packard zero day initiative

    As in years past, the latest patched versions of the most popular web browsers around stood little chance against those competing in the annual Pwn2Own hacking competition. The usual suspects – Apple Safari, Google Chrome, Mozilla Firefox and Microsoft Internet Explorer – all went down during the two-day competition, earning researchers a collective total of $557,500 in prize money.

    The event, which took place at the CanSecWest conference in Vancouver, was sponsored by the Hewlett-Packard Zero Day Initiative. During the first day, HP awarded $317,500 to researchers that exploited flaws in Adobe Flash, Adobe Reader, Internet Explorer and Firefox.

    eWeek notes that the first reward, paid to a hacker by the name of ilxu1a, was for an out-of-bounds memory vulnerability in Firefox. It took less than a second to execute which earned him a cool $15,000.

    Firefox was exploited twice during the event. Daniel Veditz, principal security engineer at Mozilla, said the foundation was on hand during the event to get the bug details from HP. Engineers are already working on a fix back at home, he added, that could be ready as early as today.

    Another security researcher, JungHoon Lee, managed to demonstrate exploits against Chrome, IE 11 and Safari. As you can imagine, he walked away with quite a bit of money: $75,000 for the Chrome bug, $65,000 for IE and $50,000 for the Safari vulnerability. He also received two bonuses totaling $35,000.

    Permalink to story.

     
  2. VitalyT

    VitalyT Russ-Puss Posts: 3,154   +1,429

    This is one truly great event in the industry, thumbs up, so useful to everyone, except to the hackers who didn't participate.

    I wish I could say it was 100% pure, without any shady agenda, but I would be lying, since hackers expose themselves, they all get into CIA and FBI books for good.
     
  3. Damn, I should get into this.
     
  4. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,505   +2,055

    Why find a real job? That's too much like hard work. This is a great way to make a living, and it's legal too.
     
  5. wastedkill

    wastedkill TS Evangelist Posts: 1,392   +329

    JungHoon Lee Walked in with nothing and came out with a quarter of a million bucks!!!!
     
  6. ikesmasher

    ikesmasher TS Evangelist Posts: 2,557   +862

    Its a perfectly real job. and very respectable too.
     
    Skidmarksdeluxe likes this.
  7. Skidmarksdeluxe

    Skidmarksdeluxe TS Evangelist Posts: 6,505   +2,055

    I was being sarcastic for a change ;) but I have to agree, if you have the talent why not get paid for it, it is legit after all. Not everybody has the skills to do something like this and it's because of them our browsers are safer. :D
     
    mosu and ikesmasher like this.
  8. Jad Chaar

    Jad Chaar TS Evangelist Posts: 6,477   +965

    $225,000 for hacking and finding vulnerabilities?! That is insane! I bet 90% of that money went to Flash exploits :D. Imagine if Java was there :p--they would be giving away billions lmao.
     
  9. OortCloud

    OortCloud TS Booster Posts: 119   +31

    I'm not a hacker myself, but I imagine these are some pretty technical people who are putting an awful lot of effort into this - so (black) hats off to them for earning some money and highlighting issues which can then be fixed before somebody less legitimate finds them.
     
    dms96960 and cliffordcooley like this.
  10. This is like saying become a rockstar instead of getting a real job. It isn't easy to become the best.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...