Friday, January 18, 2013

Pwn2Own 2013 Going To Be Bigger Than Ever With Record $560K In Prize Money

This year's Pwn2Own hacking contest promises to be bigger and better than ever with HP TippingPoint, the long-time organizer of Pwn2Own, revamping the challenges and offering cash awards exceeding half a million dollars.

For the 2013 content HP’s DVLabs Zero Day Initiative (ZDI) is expanding the focus of the annual Pwn2Own competition beyond vulnerabilities in the web browser alone. Instead this year focusing not just on the browser itself but browser based plug-ins which are often the target of malicious attacks. Hackers will be allowed to target and demonstrate exploits of previously-unknown vulnerabilities in Chrome, Firefox, Internet Explorer (IE) or Safari as well as popular add-ons like the Adobe Reader, Adobe Flash or Oracle Java browser plug-ins.

HP ZDI is offering more than half a million dollars (USD) in cash and prizes during the competition for vulnerabilities and exploitation techniques in the below categories. The first contestant to successfully compromise a selected target will win the prizes for the category.
  • Web Browser
    • Google Chrome on Windows 7 ($100,000)
    • Microsoft Internet Explorer, either
      • IE 10 on Windows 8 ($100,000), or
      • IE 9 on Windows 7 ($75,000)
    • Mozilla Firefox on Windows 7 ($60,000)
    • Apple Safari on OS X Mountain Lion ($65,000)
  • Web Browser Plug-ins using Internet Explorer 9 on Windows 7
    • Adobe Reader XI ($70,000)
    • Adobe Flash ($70,000)
    • Oracle Java ($20,000)
The targets will be running on the latest, fully patched version of the Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations, as this is how a majority of users will have them configured. As always, the vulnerabilities utilized in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win. A given vulnerability may only be used once across all categories.

The contest will take place the 6th, 7th, and 8th of March in Vancouver, British Columbia during the CanSecWest 2013 conference. You can follow along as the contest plays out and get real-time updates by following either @thezdi or @Pwn2Own_Contest on Twitter or search for the hash tag #pwn2own.

For more details checkout: DVLabs Pwn2Own 2013

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you