Hackers offered Big Payout to Poison Web Browsers
Elite hackers and ethical computer security enthusiasts are preparing themselves for the Pwn2Own competition, which challenges participants to break through security of popular software programs (such as web browsers).
Once software is breached, it is referred to as an "exploit", in which hackers are then able to gain access to other areas of the computer's operating system without restrictions. It's these types of attacks which occur on web sites frequently, where visitors become instantly infected just by visiting a malicious website containing an unknown exploit (also referred to as a "zero day" attack).
Normally, anyone who successfully pulls off an attack at the Pwn2Own contest -- which must be carried out on the latest official release of the browser on a machine running a fully patched version of either Windows 7 or Mac OS X -- wins a $15,000 prize from the organizers.
Google Offers $20,000 Prize for Exploiting Chrome
This year, there's a special prize for breaching the Chrome browser. On the first day of the event, contestants can only exploit vulnerabilities that involve 100 per cent Google programming code, rather than third-party adaptations. If they do so, they'll get a $20,000 prize that's paid for entirely by Google.
On the remaining two days, Chrome is under the same rules as other browsers, meaning any successful attack method is valid. A winner here will still get the higher $20,000 prize, but only half of this will be funded by Google. (Source: tippingpoint.com)
Sandboxing: An Effective Deterrent
It will be intriguing to see how many hackers are tempted by the extra $5,000 offer.
In the past, some of the people who've successfully attacked browsers such as Internet Explorer have said it's simply not worth the effort attacking Chrome because of its unique sandbox design.
In computing terms, a "sandbox" is a space in memory which is set aside and completely separate of the operating system. Sandboxing is effective in preventing rogue programs access to any other part of the browser or operating system so that it cannot be exploited. (Source: eweek.com)
Prize Money Meant to Keep Hackers Quiet
Under the rules of the contest, if anyone pulls off a successful attack they must hand over the details of the method: the prize money is considered payment for the intellectual property rights. The organizers then inform the browser manufacturer and do not publish them until a fix is available.
Pwn2Own takes place in Vancouver, Canada next month at the CanSecWest conference. Contestants can opt to attack Chrome, Firefox, Internet Explorer or Safari. They'll get a maximum of half an hour to carry out the attack. Hackers can also opt to target mobile devices running Apple's iOS, the Blackberry system, Google's Android and Microsoft's Windows Phone 7.
How to Fix: Windows 10 Upgrade Failed Error 80240020
Can I Cancel my Windows 10 Reservation and Reserve Later?
- How to Clean Install Windows 10 using Windows 7, 8 License
- No Service Packs For Windows 10; Support ends 2025
- Will Windows 10 Install Automatically?
- Windows 10 Upgrade: Do I have to Reinstall Programs?
- Windows 10 Upgrade: Can I choose 32-bit or 64-bit?
- Which Version of Windows 10 Will I Get (Home or Pro)?
- How to Reserve Windows 10 Upgrade (Free)
- How to Fix: CPU Not Compatible with Windows 10 Error
- Windows 10 Upgrade: Can I keep my Old Windows Install?
- How to Cancel Windows 10 Reservation (Properly)
- Download Windows 10 .ISO (DVD) for Clean Install?
- Microsoft: Windows 10 Will Be The Last Version
- Windows 10 to Natively Support iOS, Android Apps
- Does Windows 10 require the CPU to support PAE?
- Windows 10: Can I Upgrade or do I need a Clean Install?