Chrome hacked at Pwnium, "Pinkie Pie" does it again

By on October 11, 2012, 5:30 PM

For the second time this year, hacker "Pinkie Pie" gave Google a run for its money -- and won. The clever hacker exploited yet another vulnerability in Chrome during the second Pwnium conference this year, netting himself (or perhaps herself) a cool $60,000 cash award. 

Pwn2Own, a contest which pits hackers against a variety of systems and software, served as the inspiration for Google's Pwnium contest. Google was once a huge Pwn2Own sponsor, but rule changes and a divergence of interests led to the company to offer its own event instead, birthing their very own challenge: Pwnium.

Google uses Pwnium exclusively to discover new Chrome vulnerabilities and very promptly releases patches once the exploits are revealed. In fact, Google patched Pinkie Pie's vector of attack just 10 hours after it was unearthed.

Earlier this year, Pinkie Pie and fellow cohort Sergey Glazunov received a $60,000 prize for finding a way to escape Chrome's much-touted sandbox feature. A "sandbox" serves as a barrier against would-be hackers, preventing nefarious individuals from making changes beyond the confines of the software itself. 

"Pinkie Pie" is a pseudonym, of course, and yes -- its origin can be traced to the wildly popular children's show My Little Pony. The hacker's real name remains a public mystery, purportedly due to a potential conflict with his employer.

Google offers three types of awards: $60,000 for each "full exploit", $40,000 per "partial exploit" and $20,000 as "Consolation award" -- the consolation prize is for hacks not specific to Chrome. This year's total prize pool was $2,000,000.




User Comments: 8

Got something to say? Post a comment
psycros psycros said:

Sharing is caring...even with exploits, it seems!

psycros psycros said:

Sharing is caring...even with exploits, it seems!

It also occurs to me that if this person keeps winning they could probably spell it <I>Ponyum.</I>

Camikazi said:

Sharing is caring...even with exploits, it seems!

It also occurs to me that if this person keeps winning they could probably spell it <I>Ponyum.</I>

Bronium!

ramonsterns said:

Sharing is caring...even with exploits, it seems!

It also occurs to me that if this person keeps winning they could probably spell it <I>Ponyum.</I>

I will commit Sudoku.

Xclusiveitalian Xclusiveitalian said:

I really like this route, chrome becomes safer, and a clever hacker gets paid for his talent. All is good.

ikesmasher said:

And pinkie pie will be back next year for more money.

9Nails, TechSpot Paladin, said:

If I used the handle "Pinkie Pie", I'd hide my real name/true identity as well! LOL! What was he thinking when there are endless characters on TV that you could assume for a virtual identity?

Umm, Mr. Pinkie, grats on your hack! I still find that level of software engineering to be sorcery and magic. And to find a way to break Google's software is a crowning achievement.

TJGeezer said:

9Nails doth protest too much. Is "9nails" Pinkie Pie's other secret identity? TV teaches us always to suspect those who point away towards others. This cries out for further investigation.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.