$2.7 Million On Offer For Pwnium 4
Written by Alex Armstrong   
Friday, 31 January 2014

Google has again increased the amount it is prepared to pay out to hackers who find serious holes in the Chrome OS. In Google fashion the headline sum uses a mathematical constant - this time it is e - giving a total prize pot for this year's Pwnium of $2.71828 million.

Pwnium 4 is Google's fourth annual hacking contest and will be held in March at the CanSecWest security conference in Vancouver alongside the longer-established "Pwn2Own".

For anyone mystified by the contensts' names, pwn means to hack and contestant in the Pwn2Own contest get to keep the device they succeed in hacking as well as comppeting for cash prizes. Pwnium is a play on the full name of Google Chrome: Chromium.

Although Google's total prize pot is set at  $2.71828 million, the full sum won't necessarily be paid out. 

Rewards of $150,000 will be made for any hack via a Web page that let's a hacker control a Chrome OS PC even after it reboots; and $110,000 for similar hacks that don't persist after rebooting.

In addition the Chromium blog states

New this year, we will also consider significant bonuses for demonstrating a particularly impressive or surprising exploit. Potential examples include defeating kASLR, exploiting memory corruption in the 64-bit browser process or exploiting the kernel directly from a renderer process.

The link in the above paragraph is an article on LWN.net on Kernel address space layout randomization, a technique that has been added to Chrome OS that  make exploits harder by placing various objects at random, rather than fixed, addresses.

Whereas previous competitions have been restricted to Intel-based Chrome OS devices, this year researchers can choose between an ARM-based Chromebook, the HP Chromebook 11 (WiFi), or the Acer C720 Chromebook (2GB WiFi) that is based on the Intel Haswell microarchitecture. Although devs can work with virtual machines the attack has to be demonstrated on the physical device running the then current stable version of Chrome.

For the Pwnium contest, the deliverable is the full exploit, with explanations for all individual bugs used (which must be unknown); and exploits should be served from a password-authenticated and HTTPS-supported Google App Engine URL.

Participants need to register in advance for a timeslot in which to demonstrate their exploits and only exploits demonstrated in this specifically-arranged window will be eligible for a reward.  Registration, which is by e-mail to pwnium4@chromium.org, closes at 5:00 p.m. PST Monday, March 10th, 2014.

Pwn2Own will also take place at  CanSecWest between March 12-14 and its PWN2OWN rules for this year will be announced  shortly.

 

Banner


Deep Learning Chess
17/12/2014

Usually chess playing programs take a search approach to finding good moves, but why not see if a deep neural network can do the job without the need to hand tune game algorithms.



Node.js Fork - Now You Have A Choice To Make
08/12/2014

One of the big advantages of open source is that if you don't like the current state of things you can simply create a fork and make your own version of the project. However, not all forks are equal a [ ... ]


More News

Last Updated ( Friday, 31 January 2014 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.