the-frontline

Pwn2Own organisers claim Google's $1m alternative hackathon set to flop

02 Mar 2012

Who wouldn't be tempted by a $1m cash pot for spotting flaws in Google's flagship Chrome browser? Well, the answer – according to some – is the very computer scientists with the necessary hacking skills to crack the browser that Google is hoping to attract.

This pointed barb was chucked Google's way after it admitted that it had withdrawn its offer of sponsorship for the infamous Pwn2Own browser hacking contest, which takes place at the CanSecWest conference on

Google it seems was unhappy that some entrants might be able to make off with the Pwn2Own booty, without having to divulge the secrets of the exploits that succeeded against its browser.

Instead, Google has set up its own Chrome-hacking competition, complete with $1m in cash prizes to hand out – with top prizes of $60,000 for full Chrome exploits.

But the organisers of the Pwn2Own contest have hit back at what they see as a misrepresentation of their contest.

In a blog post, the Zero Day Initiative team point out that the Pwn2Own competition has a long history of handing out rewards for the disclosure of so-called code execution vulnerabilities.

The organisers also demand that teams also demonstrate any so-called sandbox escapes they use in the competition – but they are not required to provide full disclosure of these types of exploit.

These second type of exploit are both rare – and potentially very lucrative for hackers, the organisers wrote:

“We strongly believe that those considering participating in Pwn2Own would not do so without a considerable reward [for sandbox escapes].”

They also had some harsh words about Google's alternative competition.

“It is fair to say that a sophisticated sandbox-escape exploit could certainly wreak more than $60,000 worth of damage in the enterprise space,” they wrote.

“That is why such an exploit against Chrome will never see the light of day at CanSecWest. Instead, the grand Google prize will go unclaimed and the great takeaway from Pwnium will be that Google Chrome is unhackable.”

Google's hubris could actually be a set back the browser security, they added.

One commentator tweeted:

About The Frontline

Insight into the latest tech news from V3.co.uk's team of reporters

Front End Web Developer - London - Salary 35-45K - E-Learning

Front End Web Developer - London - Salary £35-£45K...

Business Analyst - credit cards

Business Analysts / Change Analysts required - credit...

Perl, Ruby or Python Developer - 45K-55K - Southampton

Perl, Ruby or Python Developer - £45K-£55K - Southampton...

Senior PHP Developer - London - 45K-55K + Benefits

Senior PHP Developer - London - £45K-£55K + Benefits...

Browse posts by date

Cal_navigation_previousMarch 2012Cal_navigation_next
MonTueWedThuFriSatSun
       
134
       
5781011
       
12141718
       
192122232425
       
27293031

Other sites we like at The Frontline