Establishing Digital Trust: Don't Sacrifice Security for Convenience
In a recent blog post, Google software engineer Chris Evans announced that hacker Pinkie Pie won the company's highest bug bounty of $60,000 (and a Chromebook) for finding a full Chrome exploit during the Pwnium 2 competition at Hack in the Box 2012.
"The teen researcher ... is a second-time winner of the contest, having been awarded a previous $60,000 prize in March for subverting the Chrome browser," redOrbit reports.
"In case you’re curious, the hacker is only identified by his handle 'Pinkie Pie' because his employer doesn’t authorize his activity, noted Wired in March," writes TechCrunch's Sarah Perez. "(And yes, 'Pinkie Pie' refers to the My Little Pony TV show, which has quite the following on Reddit)."
"Google labeled the discovery 'critical' and called it 'another beautiful piece of work,'" writes VentureBeat's Meghan Kelly. "The company promises it will not release details about any of the vulnerabilities discovered during Pwnium unless the majority of users have been patched."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"All told, it took just 12 hours from the time Pinkie Pie's attack was demonstrated to the time Google engineers released a fix," writes Ars Technica's Dan Goodin. "If that's not a record, it's better than the weeks or months it can take Mozilla, Microsoft, and Apple to patch their browsers against similarly devastating bugs."
"The $60,000 prize is reserved for full Chrome exploits, those in 'Chrome / Win7 local OS user account persistence using only bugs in Chrome itself,'" Infosecurity reports. "Hackers also can win $40,000 for a Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug would qualify."