Pwn2Own hacking contest winds down after paying a record $480K

Google, Mozilla rush out fixes for flaws revealed by researchers

By , Computerworld |  Security

On Thursday, Pwn2Own continued with the Vupen team researchers successfully exploiting the Adobe Flash Player browser plug-in. George Hotz, a 23-year-old best known for "jailbreaking" the iPhone and the Sony PlayStation 3 -- and now being sued by Sony for the latter -- later brought down Adobe Reader. Vupen and Hotz each received $70,000 for their Adobe vulnerabilities and hacks.

Oracle's Java was also hacked yesterday by Ben Murphy, making a total of four exploits of the under-assault software that's plagued users with a rash of "out-of-band," or emergency, updates this year. Murphy, like each of the others who cracked Java, earned $20,000.

Pwn2Own's total award payout for the two days was $480,000, a record for the contest, which is now in its eighth year. The Vupen team took home over half of that, $250,000, for its exploits of IE10, Firefox, Flash and Java.

But Google's Pwnium 3, which also ran Thursday at CanSecWest, the same Vancouver, British Columbia security conference that hosted Pwn2Own, came up empty-handed.

"Pwnium 3 has completed and we did not receive any winning entries," a Google spokeswoman said in an email late Thursday. "We are evaluating some work that may qualify as partial credit."

Pwnium had attracted pre-contest attention for its large awards -- up to $150,000 for each hack, with Google committing to a maximum payout of as much as $3.14 million -- and its focus on Chrome OS, the browser-based operating system that powers laptops such as the $249 Samsung Chromebook and Google's own $1,299 Chromebook Pixel.

ZDI called an end to the contest Thursday, even though no researcher had attempted to take down the one remaining target, Apple's Safari browser running on OS X Mountain Lion.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness