Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
Eliminate costly downtime!
Find out how with Free White Paper
& enter to win a Samsung Galaxy Note

www.apc.com
Microsoft/Windows
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Web Browsers and Chromebook Fall in Hacker Contests
Web Browsers and Chromebook Fall in Hacker Contests

By Barry Levine
March 15, 2014 1:30PM

Bookmark and Share
The big takeaway from the Pwn2Own hacker contest was that even the most secure software can be compromised. In connection with the Pwn2Own competition, Google ran its own Pwnium contest, challenging hackers to find security holes in Chromebook computers, which it has always touted as being "built to be secure from the ground up."
 



None of the major Web browsers are impervious to focused hacker teams. All four were successfully hacked in the Pwn2Own contest that took place this past week in Vancouver.

The two-day hackathon, which concluded Thursday, is backed by Hewlett-Packard and run by its Zero-Day Initiative. The contest organizers offered up to $1.085 million in prizes; $82,500 of that money went to charity and the rest to eight research teams.

The objects of the hackers' attention: Apple's Safari, Google's Chrome, Microsoft's Internet Explorer, and Mozilla's Firefox desktop browsers, plus Adobe's Reader and Flash plug-in. The Google, Microsoft and Flash entries had all been refreshed with security updates right before the contest.

Team Winnings of $400,000

Chaouki Bekrar, Chief Executive and Chief Researcher at Vulpen Security, told news media that the big takeaway from the contest was that "even the most secure software can be compromised by a team of researchers with enough resources." His team took home the most ever won by a Pwn2Own team -- $400,000.

The security vulnerabilities are reported to the software's maker, which can then close that particular barn door. Additionally, software makers watch for others' vulnerabilities, to make sure their products are not similarly susceptible.

Software makers are also reducing the time it takes them to patch reported issues. As recently as 2012, the average time for a security bug fix to be released was 180 days, but now that's been cut by a third to about 120.

Additionally, the number of submitted exploits by research teams this year was a record-setting 16. One team, the Keen Team from China, received $65,000 for successfully breaking into Safari and Flash. Members of that team have committed to donating some of their prize money to a Chinese charity set up for families of passengers on the missing Malaysian Airlines plane.

Google's Pwnium Shows Chromebooks Also Vulnerable

A team from Google, which is co-sponsoring the contest, took down Safari and won $32,500. The contest organizer, Zero-Day Initiative, nabbed Explorer and brought home $50,000. The teams donated their winnings to the Red Cross in Canada.

While many teams successfully reached their targets, a white whale still swims out there in hackerland. A grand prize of $150,000 was offered but not won for a hack appropriately called the Exploit Unicorn. It requires system-level code execution on a Windows 8.1 x 64 machine, in Explorer 11 x 64 and with an Enhanced Mitigation Experience Toolkit bypass.

Google also held its own Pwnium security hackathon in Vancouver on Wednesday, awarding $2.7 million in prizes. The highlight of that competition was a successful exploit of the HP Chromebook 11, which netted a $150,000 prize for well-known researcher George Hotz. He also received $50,000 for one of the Firefox hacks in Pwn2Own.

The technology giant must have had mixed feelings though, since it has been promoting the security of Chromebooks as being "built to be secure from the ground up." In a post on the Google Chrome Developers blog, the company noted that, in the past two years of the Pwnium contest, it has invited hackers to target the Chromebook. And this week, they did just that -- successfully.
 

Tell Us What You Think
Comment:

Name:

Fran M:

Posted: 2014-03-18 @ 7:47am PT
Finally the reporters clarified the language to give the precise meaning to this work ------ researcher!!!! GREAT!!!

Ronen:

Posted: 2014-03-18 @ 12:48am PT
@R Khan - Well said!

R Khan:

Posted: 2014-03-18 @ 12:41am PT
@Jeff Nelson
The reason chrome has been singled out is because of their one liner... "built to be secure from the ground up."

So even if there are 20 exploits in 1 day for other browsers they won't get much attention as they are not saying they are "built to be secure from the ground up."

Jeff Nelson:

Posted: 2014-03-16 @ 12:22pm PT
1 exploit in Chromebook every 3 months or so, vs 3 exploits a day on every other platform...



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Microsoft/Windows
1.   China Puts Microsoft Under the Lens
2.   Win Phone 8.1 Update Already on Way
3.   Yammer Moved to Office 365
4.   Can One Size Windows OS Fit All?
5.   Microsoft CEO Sees 'Bold' Plan Ahead


advertisement
China Puts Microsoft Under the Lens
Official anti-monopoly probe launched.
Average Rating:
Microsoft CEO Sees 'Bold' Plan Ahead
With unified Windows for all platforms.
Average Rating:
Design Central to Microsoft Future
New ethos a break from functional past.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Tor Internet Privacy Service Warns Users It Was Breached
You may never have heard of the Tor Project, but the Internet privacy service is making headlines. Tor’s devs say users might be victims of an attack launched against the project earlier this year.
 
Canadian Government Charges China With Cyberattack
The government of Canada is not happy with China. Canadian officials have accused "a highly sophisticated Chinese state-sponsored actor" of launching a cyberattack on its National Research Council.
 
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 

Enterprise Hardware Spotlight
AMD's ARM-Based Opteron Out in $3K Dev Kit
It's dubbed "Seattle" and it's AMD's first 64-bit ARM-based Opteron processor. The low-power chip is being released as part of AMD’s Opteron A1100-series developer kit, and aimed at high-end data center needs.
 
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
 
Dell, BlackBerry Not Sweating Apple-IBM Alliance
IBM's recent move to partner with Apple to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unperturbed for now.
 

Mobile Technology Spotlight
Virgin Mobile Offers Custom Smartphone Plans
As the wireless carrier wars continue heating up, Virgin Mobile just threw the customization coal onto the fire. The firm has debuted a no-annual-contract plan with rates based on individual use.
 
Collaboration Provider Asana Revamps Mobile App
Asana, a collaboration software provider started by a Facebook founder, is now out with a rebuilt native iOS mobile app. It replaces one that even the company admits was not up to par.
 
Facebook: You Will Use Messenger, and You Will Like It
Starting this week, Facebook users with Android and iOS phones will be forced to use the separate Messenger app to send Facebook messages. Pending messages will still be visible in the main app.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.