Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 4 MINUTES AGO.
You are here: Home / Data Security / Hacking Chrome Is Worth $20,000
Hacking Google's Chrome Browser Is Worth $20,000
Hacking Google's Chrome Browser Is Worth $20,000
By Barry Levine / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
03
2011
Hacking Google's Chrome browser can pay, and Google is eager to foot the bill. As part of an annual hacking contest, the company is offering a special reward of $20,000 and a Google Chrome Cr-48 notebook for a successful break-in.

The rules are straightforward. The hack will have to be accomplished on a Chrome web browser on the most recent, 64-bit version of Windows 7 or Mac OS X. A "sandbox escape," which will combine the Chrome flaw with another one to affect the computer's system, must be included. According to the rules, the contestant must "pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code." Plug-ins, other than PDF, cannot be used.

$125,00 in Cash Prizes

The PWN2OWN contest will run from March 9 to 11 and will be featured in the CanSecWest Applied Security conference in Vancouver. The full Google prize is only available on the first day of the conference, and each contestant will have 30 minutes. If the hack takes place on later days, the price is $10,000 from the contest sponsor for a non-Google code sandbox escape, and $10,000 from Google for a Chrome-specific bug.

There are also challenges at the conference to hack Apple's Safari, Microsoft's Internet Explorer, or Mozilla Firefox browsers, also running on either 64-bit Windows 7 or Mac OS X. The PWN2OWN contest is organized by The HP TippingPoint Zero Day Initiative, a program for "rewarding security researchers for responsibly disclosing vulnerabilities."

The Zero Day Initiative purchases all the winning vulnerabilities, hands them over to the vendors affected, and publicly discloses the information.

PWN2OWN is now entering its fifth year, and there are cash prizes and bounties in the non-Chrome competitions. Successful IE, Safari or Firefox hacks are rewarded with a $15,000 prize plus a laptop and ZDI reward points for additional bonuses.

In all, there are $125,000 in cash prizes, an increase of $25,000 over last year. HP TippingPoint is funding $105,000, and Google the rest. Laptop prizes include a Sony VAIO, an Alienware m11x, and an Apple MacBook Air 13-inch, in addition to the Google Cr-48.

Mobile-Phone Competition

ZDI is managed by HP TippingPoint, whose Digital Vaccine (DV) Labs is an Austin, Texas-based research organization for vulnerability analysis and discovery. DV Labs develops filters for vulnerabilities validated by ZDI. CanSecWest is an annual conference that focuses on applied digital security.

But browsers aren't getting all the fun. The contest also includes mobile phones, with attempted attacks conducted via a base station on site.

For the mobile-phone section of PWN2OWN, four target devices have been chosen -- the Dell Venue running Windows 7, the iPhone 4 with iOS, the BlackBerry Torch 9800 using BlackBerry 6 OS, and the Android-based Nexus S.

The rules state the hack must "require little or no user interaction and must compromise useful data from the phone." Attacks that could incur authorized cost, such as silently calling long-distance numbers, are acceptable.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN DATA SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.
--- 441