Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
Home CRM Systems Customer Service Business Intelligence Sales & Marketing More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
Microsoft/Windows
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Web Browsers and Chromebook Fall in Hacker Contests
Web Browsers and Chromebook Fall in Hacker Contests

By Barry Levine
March 15, 2014 1:30PM

Bookmark and Share
The big takeaway from the Pwn2Own hacker contest was that even the most secure software can be compromised. In connection with the Pwn2Own competition, Google ran its own Pwnium contest, challenging hackers to find security holes in Chromebook computers, which it has always touted as being "built to be secure from the ground up."
 



None of the major Web browsers are impervious to focused hacker teams. All four were successfully hacked in the Pwn2Own contest that took place this past week in Vancouver.

The two-day hackathon, which concluded Thursday, is backed by Hewlett-Packard and run by its Zero-Day Initiative. The contest organizers offered up to $1.085 million in prizes; $82,500 of that money went to charity and the rest to eight research teams.

The objects of the hackers' attention: Apple's Safari, Google's Chrome, Microsoft's Internet Explorer, and Mozilla's Firefox desktop browsers, plus Adobe's Reader and Flash plug-in. The Google, Microsoft and Flash entries had all been refreshed with security updates right before the contest.

Team Winnings of $400,000

Chaouki Bekrar, Chief Executive and Chief Researcher at Vulpen Security, told news media that the big takeaway from the contest was that "even the most secure software can be compromised by a team of researchers with enough resources." His team took home the most ever won by a Pwn2Own team -- $400,000.

The security vulnerabilities are reported to the software's maker, which can then close that particular barn door. Additionally, software makers watch for others' vulnerabilities, to make sure their products are not similarly susceptible.

Software makers are also reducing the time it takes them to patch reported issues. As recently as 2012, the average time for a security bug fix to be released was 180 days, but now that's been cut by a third to about 120.

Additionally, the number of submitted exploits by research teams this year was a record-setting 16. One team, the Keen Team from China, received $65,000 for successfully breaking into Safari and Flash. Members of that team have committed to donating some of their prize money to a Chinese charity set up for families of passengers on the missing Malaysian Airlines plane.

Google's Pwnium Shows Chromebooks Also Vulnerable

A team from Google, which is co-sponsoring the contest, took down Safari and won $32,500. The contest organizer, Zero-Day Initiative, nabbed Explorer and brought home $50,000. The teams donated their winnings to the Red Cross in Canada.

While many teams successfully reached their targets, a white whale still swims out there in hackerland. A grand prize of $150,000 was offered but not won for a hack appropriately called the Exploit Unicorn. It requires system-level code execution on a Windows 8.1 x 64 machine, in Explorer 11 x 64 and with an Enhanced Mitigation Experience Toolkit bypass.

Google also held its own Pwnium security hackathon in Vancouver on Wednesday, awarding $2.7 million in prizes. The highlight of that competition was a successful exploit of the HP Chromebook 11, which netted a $150,000 prize for well-known researcher George Hotz. He also received $50,000 for one of the Firefox hacks in Pwn2Own.

The technology giant must have had mixed feelings though, since it has been promoting the security of Chromebooks as being "built to be secure from the ground up." In a post on the Google Chrome Developers blog, the company noted that, in the past two years of the Pwnium contest, it has invited hackers to target the Chromebook. And this week, they did just that -- successfully.
 

Tell Us What You Think
Comment:

Name:

Fran M:

Posted: 2014-03-18 @ 7:47am PT
Finally the reporters clarified the language to give the precise meaning to this work ------ researcher!!!! GREAT!!!

Ronen:

Posted: 2014-03-18 @ 12:48am PT
@R Khan - Well said!

R Khan:

Posted: 2014-03-18 @ 12:41am PT
@Jeff Nelson
The reason chrome has been singled out is because of their one liner... "built to be secure from the ground up."

So even if there are 20 exploits in 1 day for other browsers they won't get much attention as they are not saying they are "built to be secure from the ground up."

Jeff Nelson:

Posted: 2014-03-16 @ 12:22pm PT
1 exploit in Chromebook every 3 months or so, vs 3 exploits a day on every other platform...



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Microsoft/Windows
1.   Lenovo Still in Small Windows Tablets
2.   How Chrome Eats Your Battery Life
3.   Are These Layoffs Best for Microsoft?
4.   Microsoft Axes Android Phones
5.   Microsoft Will Lay Off 18,000 Workers


advertisement
Review: Microsoft's Surface Pro 3
Is it a tablet and laptop replacement?
Average Rating:
Bing Lets Europeans Be 'Forgotten'
Following in Google's footsteps.
Average Rating:
Microsoft Announces $199 Laptop
Taking on Google's Chromebooks.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Juniper DDoS Solution Aims at High-IQ Networks
In the face of more complex attacks, Juniper Networks is boosting its DDoS Secure solution to help companies mitigate the threats with more effective security intelligence throughout the network fabric.
 
Large-Volume DDoS Attacks Hit Record in 2014
The number of distributed denial-of-service (DDoS) attacks set a record in the first half of 2014, according to a report by Arbor Networks. The number of attacks over 20 GB/sec doubled.
 
U.N.: Nations Hide Rise in Private Digital Snooping
Governments on every continent are hiding an increasing reliance on private companies to snoop on citizens' digital lives, the U.N. human rights office says, with grave concerns about privacy.
 

Enterprise Hardware Spotlight
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 
Another Day, Another Internet of Things Consortium Is Born
In the emerging Internet of Things, zillions of devices will be talking to each other. Samsung, Intel and Dell just formed a consortium to ensure each thing can understand what others are saying.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Business Intelligence | Sales & Marketing | Contact Centers | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.