Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

With Millions Paid in Hacker Bug Bounties, Is the Internet Any Safer?

From: InfoSec News <alerts () infosecnews org>
Date: Fri, 9 Nov 2012 03:23:08 -0600 (CST)
http://www.wired.com/threatlevel/2012/11/bug-bounties/

By Kim Zetter
Threat Level
Wired.com
11.08.12
The night before the end of Google’s Pwnium contest at the CanSecWest security conference this year in Vancouver, a tall teen dressed in khaki shorts, tube socks and sneakers was hunkered down on a hallway bench at the Sheraton hotel hacking away at his laptop.
With a $60,000 cash prize on the line, the teen, who goes by the hacker handle “Pinkie Pie,” was working hard to get his exploit for the Chrome browser stabilized before the close of the competition.
The only other contestant, a Russian university student named Sergey Glazunov, had already made off with one $60,000 prize for a zero-day exploit that attacked 10 different bugs.
Finally, with just hours to go before the end of the three-day competition, Pinkie Pie achieved his goal and dropped his exploit, a beauty of a hack that ripped through six zero-day vulnerabilities in Chrome and slipped out of the browser’s security sandbox.
Google called both hacks “works of art,” and within 24 hours of receiving each submission, had patched all of the bugs that they exploited. Within days, the company had also added new defensive measures to Chrome to ward off future similar attacks. 

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org
Previous By Date Next
Previous By Thread Next

Current thread: