Information Security News
mailing list archives
Plug-in pwning challenge brings Pwn2Own prizes to $US560K
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 22 Jan 2013 00:19:44 -0600 (CST)
By Iain Thomson in San Francisco
22nd January 2013
The organizers of the Pwn2Own hacking competition held at the annual CanSecWest
security conference have upped the prize pool to $US560,000 and will now be
offering prizes for hacking web plug-ins from Adobe and Oracle.
The contest, which dropped mobile phone hacking last year, has added web
plug-in hacking to the prize pool. Contestants get $70,000 apiece for cracking
Adobe Reader and Flash, and $20,000 for getting past Java. Based on the
latter's recent parlous performance in the security arena that price discount
"We've added browser plug-ins as a reflection of their increasing popularity as
an attack vector," said Brian Gorenc, manager of vulnerability research at
Pwn2Own sponsors HP DVLabs. "We want to demonstrate new hacking areas and
design new mitigation techniques."
For the more traditional hacks against browsers, a working Chrome exploit for
Windows 7 will net $100,000, with the same again for an IE10 hack in Windows 8
or $75,000 for breaking IE9 in Windows 7. A Safari exploit in OSX Mountain Lion
is worth $65,000 and Firefox on Windows 7 just $60,000, and all hacks must be
completed in a 30 minute time frame.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Plug-in pwning challenge brings Pwn2Own prizes to $US560K InfoSec News (Jan 22)