Pwn2Own 2011 coming March 9 with $125,000 prize pool

[Matthew DeCarlo]

TippingPoint has announced the fifth annual Pwn2Own competition, an event that challenges hackers to find security flaws in software such as web browsers. Pwn2Own 2011 will take place on March 9, 10 and 11 in Vancouver, BC during the CanSecWest conference and the contest is backed by a $125,000 prize pool that will be distributed among participants who successfully exploit applications. TippingPoint will front $105,000 of the prize money, while the remaining cut comes courtesy of Google.

On day one, contestants will have a chance to win Google's $20,000 prize along with the CR-48 running ChromeOS by hacking the company's Chrome browser. Participants will have to escape the browser's sandbox using vulnerabilities solely within Google-written code. If that proves too challenging, things will be tamed down on the following days. Event organizer ZDI will offer $10,000 for escaping the sandbox using non-Google code and Google will grant $10,000 for finding a bug in Chrome.

Competitors who successfully exploit Internet Explorer, Safari or Firefox will bag a $15,000 cash prize as well as a laptop. Hackers will also get an opportunity to have their way with various mobile phone platforms including iOS on an iPhone 4, Windows Phone 7 on a Dell Venue Pro, Blackberry 6 on a Blackberry Torch 9800, and Android on a Nexus S. Successfully compromising any of those targets will secure the participant $15,000 in cash, the device itself, and 20,000 ZDI reward points.

It's worth mentioning that Chrome went unscathed during Pwn2Own 2010, while Safari, Internet Explorer 8 and Firefox were all compromised in the first day. Participants received $10,000 for exploiting browsers last year, so it should be interesting to see if Google's sponsored $20,000 cash prize leads to the exploitation of Chrome this year. That's quite the sum when compared to the company's usual $3,133.70 reward for discovering critical vulnerabilities in Chrome -- a bounty that is rarely claimed.

Permalink to story.

https://www.techspot.com/news/42270-pwn2own-2011-coming-march-9-with-125000-prize-pool.html

 

[princeton]

I think it's a great idea. It entices hackers to use their skills to help software developers instead of exploiting them for not so legal activities.


"Competitors who successfully exploit Internet Explorer" I hope it isn't every competitor. They might write a lot of checks.

 

[Matthew DeCarlo]

That isn't the full sentence: "Competitors who successfully exploit Internet Explorer, Safari or Firefox will bag a $15,000 cash prize as well as a laptop."

Multiple competitors exploiting multiple browsers. I assume they won't cut a check for every person that finds a flaw in IE, just the first or it's not much of a competition.

 

[princeton]

That isn't the full sentence: "Competitors who successfully exploit Internet Explorer, Safari or Firefox will bag a $15,000 cash prize as well as a laptop."

Multiple competitors exploiting multiple browsers. I assume they won't cut a check for every person that finds a flaw in IE, just the first or it's not much of a competition.

True true. I'm surprised opera isn't on the list though.

 

[Matthew DeCarlo]

Yeah, it's a bummer Opera isn't included. There's a little info about that on Wikipedia:

"The Opera web browser was left out of the contests as a target: The ZDI team argues that Opera has a low market share and that Chrome and Safari are only included "due to their default presence on various mobile platforms". It's also been suggested that Opera is left out because many of the hackers themselves use Opera daily."

http://en.wikipedia.org/wiki/Pwn2Own#Criticism

 

[treeski]

I wonder if they will be looking only at the full release versions of Firefox and IE, or if they will also include Firefox 4 beta ad IE9 beta.