Plug-in pwning challenge brings Pwn2Own prizes to $US560K

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2013/01/22/pwn2own_web_plugin_prize/

By Iain Thomson in San Francisco
The Register
22nd January 2013

The organizers of the Pwn2Own hacking competition held at the annual CanSecWest 
security conference have upped the prize pool to $US560,000 and will now be 
offering prizes for hacking web plug-ins from Adobe and Oracle.

The contest, which dropped mobile phone hacking last year, has added web 
plug-in hacking to the prize pool. Contestants get $70,000 apiece for cracking 
Adobe Reader and Flash, and $20,000 for getting past Java. Based on the 
latter's recent parlous performance in the security arena that price discount 
seems justified.

"We've added browser plug-ins as a reflection of their increasing popularity as 
an attack vector," said Brian Gorenc, manager of vulnerability research at 
Pwn2Own sponsors HP DVLabs. "We want to demonstrate new hacking areas and 
design new mitigation techniques."

For the more traditional hacks against browsers, a working Chrome exploit for 
Windows 7 will net $100,000, with the same again for an IE10 hack in Windows 8 
or $75,000 for breaking IE9 in Windows 7. A Safari exploit in OSX Mountain Lion 
is worth $65,000 and Firefox on Windows 7 just $60,000, and all hacks must be 
completed in a 30 minute time frame.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org