Google bets $20K that Chrome can't be hacked


Recommended Posts

http://www.computerworld.com/s/article/9207939/Google_bets_20K_that_Chrome_can_t_be_hacked?taxonomyId=15

Google will pay $20,000 to the first researcher who successfully exploits its Chrome browser at this year's Pwn2Own hacking contest.

The award is the largest ever for the annual challenge, which will kick off for the fifth time at the CanSecWest security conference in Vancouver, British Columbia, on March 9.

At this year's Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft's Internet Explorer, Mozilla's Firefox, Apple's Safari and Chrome.

The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards.

"We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000," said Aaron Portnoy, the manager of HP TippingPoint's security research team.

Link to comment
Share on other sites

Someones feeling confident. But Google have worked there assess off on Chrome! We will see :D

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

Link to comment
Share on other sites

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

That's pretty much what I was going to post lol

Link to comment
Share on other sites

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

Isn't that the point of the contest in the first place? Meaning Google wouldn't have to put any money down at all if they weren't feeling confident.

Link to comment
Share on other sites

Isn't that the point of the contest in the first place? Meaning Google wouldn't have to put any money down at all if they weren't feeling confident.

$20k is relatively cheap for Google, they are most likely using it as enticement to any potential attempts. It's like putting money down on any contest, you can watch it without putting any down, but I doubt the contest participants will refuse any more money than they have already been told they are getting.

Google putting money down on the contest will mean more people will attempt to hack Chrome, which means more exploits will be found than if they had not put any money down.

Link to comment
Share on other sites

Its a Win Win situation for Google.

I like this aproach rewarding testing efforts, its the way it should be. If they find a hack Chrome will be safer, if they dont find Chrome will be majorly adopted by the Geek?s and spreading the Word on the high skilled programers.

Im impressed google, good job.

Link to comment
Share on other sites

so what do they have to hack in the browser to get the $20,000? because chrome is open source so hacking an open source program would make no sense for a competition though IE and firefox hacking comp sounds more like it...

Link to comment
Share on other sites

so what do they have to hack to get the $20,000? because chrome is open source...

Find a way to install virus or make it run remote code on the target PC.

You need to do this with the officially compiled chrome browser.

Edit: Say your edit Firefox is open source too.

Link to comment
Share on other sites

The most difficult part of exploiting Chrome is the sandbox. I remember one of the participants last year was able to find exploits in the browser, but was unable to bypass the sandbox.

Link to comment
Share on other sites

Very interesting, but at what stage do they consider it hacked?

When you can capture details, when the browser is hijacked etc?

Also giving people time to start working their magic now ready for the "on the day" test?

Seems pretty interesting, wish I knew more about the components of browsers!

Link to comment
Share on other sites

Not surprised, given that it resides in a sandbox, even in Windows XP which doesn't support sandboxing natively.

That was the point when Google went "OK, so we'll make our own" unlike certain other companies. ;)

Link to comment
Share on other sites

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

This.

Link to comment
Share on other sites

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

There's a secondary benefit in that competitions like this bring out people that you might extend a job offer to. Google's hiring, and it's hard to find good people.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.