Establishing Digital Trust: Don't Sacrifice Security for Convenience
Google recently announced plans for its third Pwnium competition, with a new focus on the Chrome operating system.
"Google will award up to $3.14159 million total to contestants who are able to compromise the Linux-based OS, committing about $1 million more than it put up for the second Pwnium, and $2 million more than it put up for the first Pwnium," writes Threatpost's Christopher Brook. "Google security researcher Chris Evans said on the Chromium Blog the company will offer $110,000 for a 'browser or system level compromise in guest mode or as a logged-in user, delivered via a web page' and $150,000 for a 'compromise with device persistence -- guest to guest with interim reboot, delivered via a web page.'"
"But if past practice holds true again this year, Google won't write checks totaling anywhere near $3 million," writes Computerworld's Gregg Keizer. "At the first Pwnium of March 2012, the search giant paid out $120,000 to two researchers for exploiting Chrome; the Malaysian edition's single award was a $60,000 payoff to 'Pinkie Pie,' one of the two hackers who took home the same amount seven months earlier."
"Hackers attempting these challenges will have to use a base Wi-Fi model of the Samsung Series 5 550 Chromebook," writes WebProNews' Zach Walton. "You are allowed to use any installed software, including the kernel and drivers. You can also use a virtual machine if you do not have the required hardware."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"In order to claim the cash, researchers must provide Google with the full list of vulnerabilities used in the attack, along with any code used," writes The Register's Iain Thomson. "Partial prizes will be offered for semi-successful hacks, at the Chocolate Factory's discretion."
"The Pwnium 3 competition will take place at CanSecWest in Vancouver, BC, on March 7, the same venue where this year’s browser-focused Pwn2Own competition will also take place from the 6th to the 8th," writes TechCrunch's Frederic Lardinois.