Posts tagged: PWN2OWN

Jan 26 2014

Google Pwnium 4 Invites Hackers to Attack Chrome OS at CanSecWest

google pwnium 4 Google holds regular competitions to encourage involvement in improving the security of the Chromium project. Contests like Pwnium helps to better patch specific exploits and issues to make Chromium even more secure.

This year Pwnium 4 will once again set sights on Chrome OS, and will be hosted in March at the CanSecWest security conference in Vancouver.

With a total of $2.71828 Million USD in the pot, Pwnium rewards will be issued for eligible Chrome OS exploits at the following levels:

— $110,000 USD: browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page.
— $150,000 USD: compromise with device persistence: guest to guest with interim reboot, delivered via a web page.

Past Pwnium competitions have focused on Intel-based Chrome OS devices, but this year researchers can choose between an ARM-based Chromebook, the HP Chromebook 11 (WiFi), or the Acer C720 Chromebook (2GB WiFi) that is based on the Intel Haswell microarchitecture. The attack must be demonstrated against one of these devices running the then-current stable version of Chrome OS.

Participants need to register in advance for a timeslot. To register, e-mail pwnium4@chromium.org. Registration will close at 5:00 p.m. PST Monday, March 10th, 2014. Only exploits demonstrated on time in this specifically-arranged window will be eligible for a reward.

More Info:
The Chromium Blog : Announcing Pwnium 4 Targeting Chrome OS
Pwnium4@CanSecWest2014 : Official Rules
Chromium OS : Developer Guide

Mar 26 2009

Researcher cracks Mac in 10 seconds at PWN2OWN, wins $5k

Charlie Miller, a security researcher who hacked a Macintosh in two minutes last year at CanSecWest’s PWN2OWN contest, improved his time today by breaking into another Macintosh in under 10 seconds.

Miller, an analyst at Independent Security Evaluators in Baltimore, walked off with a $5,000 cash prize and the MacBook he hacked.

“I can’t talk about the details of the vulnerability, but it was a Mac, fully patched, with Safari, fully patched,” said Miller on Wednesday, not long after he had won the prize. “It probably took five or 10 seconds.” He confirmed that he had researched and written the exploit before he arrived at the challenge.

The PWN2OWN rules stated that the researcher could provide a URL that hosted his exploit, replicating the common hacker tactic of enticing users to malicious sites where they are infected with malware. “I gave them the link, they clicked on it, and that was it,” said Miller. “I did a few things to show that I had full control of the Mac.”

Two weeks ago, Miller predicted that Safari running on the Macintosh would be the first to fall.

PWN2OWN’s sponsor, 3Com Corp.’s TippingPoint unit, paid Miller $5,000 for the rights to the vulnerability he exploited and the exploit code he used. As it has at past challenges, it reported the vulnerability to on-site Apple representatives. “Apple has it, and they’re working on it,” added Miller.

Source: ComputerWorld