
The contest, which starts March 9, pits researchers against four browsers -- Apple's Safari, Google's Chrome, Microsoft's Internet Explorer (IE) and Mozilla's Firefox -- as well as against smartphones running Apple's iOS, Google's Android, Microsoft's Windows 7 Phone and RIM's BlackBerry OS.
As the Pwn2Own contest gets closer, browser vendors are toughening up their browsers for the upcoming onslaught. Recent releases of the Firefox 3.5.17 and 3.6.14, and Thunderbird 3.1.8 have patched a number of vulnerabilities in the browsers that could have been exploited during the contest.
This comes just a little while after Google patched a number of vulnerabilities in its own Chrome browser, in advance of the competition. A total of $125,000 are at stake this year out of which $20,000 comes from Google themselves, for those who can crack the Google Chrome browser.
The order in which researchers will tackle a target is assigned by a random drawing, and the contest is winner-take-all: Only the first to hack a browser or Smartphone walks off with the money.
And that has Charlie Miller, an analyst for the Baltimore-based consulting firm Independent Security Evaluators (ISE), -- and the only researcher to have won at Pwn2Own three years running.

Aaron Portnoy, manager of TippingPoint's security research team and the organizer of Pwn2Own for each of its five years, won't distribute cash prizes for all successful hacks this year -- a practice it did in 2008, when it gave $5,000 for each zero-day exploit-- it will pay for bugs that researchers don't get a chance to use.

ZDI does not disclose its bug bounty fee schedule, but awards “reward points"-- akin to frequent flier miles -- that contributors can cash in for one-time payments.
Pwn2Own is scheduled to run March 9-11 at CanSecWest a security conference held each year in Vancouver, British Columbia.
No comments:
Post a Comment
share your thought on the above post......