Showing posts sorted by relevance for query Pwnium. Sort by date Show all posts
Showing posts sorted by relevance for query Pwnium. Sort by date Show all posts

After Google Chrome Hack Sergey Glazunov Earnd $60,000 At Pwnium Contest

Posted by Avik Sarkar On 3/10/2012 10:12:00 pm

Sergey Glazunov, A Security Researcher Earn $60,000 At Pwnium After Google Chrome Hack

Sergey Glazunov, a Russian security researcher has earned $60,000 by demonstrating how he could waltz past the security sandbox in Google's Chrome browser to run unauthorized code on fully-patched Windows 7 computers. Glazunov discovered a remote code execution vulnerability in Chrome, that could be used by malicious hackers and cyber criminals to install and run code on innocent users' computers, just by them visiting a website. Glazunov, who is no stranger to reporting bugs in Chrome, won his substantial reward as part of the Pwnium competition run by Google at the CanSecWest conference in downtown Vancouver.
Senior Vice President of Google Chrome and Apps, Sundar Pichai, confirmed the successful hack on his Google+ page. Now that the hack is known throughout the developer world, Pichai understandably said, “Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a “Full Chrome” exploit, qualifying for a $60k reward. We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users.”



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Pwnium 2: Teenage Hacker Pinkie Pie Exploited Google Chrome & Earned $60,000

Posted by Avik Sarkar On 10/11/2012 03:52:00 am

Pwnium 2: Teenage Hacker Pinkie Pie Exploited Google Chrome & Earned $60,000

One of world's most popular web-browser Google Chrome has fallen victim at Pwnium 2 security contest which took place earlier on 10th October, at the Hack In The Box conference in Kuala Lumpur, Malaysia. A teenage hacker who goes by the pseudonym "Pinkie Pie" was successfully able to "fully exploit" Chrome, escaping the sandbox using only bugs within Chrome. The hack was done on a fully patched 64-bit Windows 7 system running the latest stable branch of Chrome. For his work, Pinkie Pie will receive the top prize of $60,000 from Google
This isn't the first time that "Pinkie Pie", also the name of a "My Little Pony - Friendship is Magic" character, has won money for exploiting Chrome. In March of this year, he was rewarded for vulnerabilities he used at Google's Pwnium contest, which took place during the Pwn2Own competition at CanSecWest, to break out of the browser's sandbox and execute code. In order to get his code to execute on the test system at the time, he had to combine a total of six vulnerabilities; the holes were later closed with the release of Chrome 18. Along with security specialist Sergey Glazunov, Pinkie Pie also won this year's Pwnie Award for the Best Client-Side Bug. What ever the full results of the Pwnium 2 competition will be announced during a talk by Google Software Engineer Chris Evans today that means, 11th October.
We also like to give you reminder that earlier in this year Google had increased vulnerability bounties in Anniversary of Vulnerability Reward Programbe. Also PayPalFacebook & many other has already started this paid bug bounty program. These bug bounty programs & such security contest indeed enhancing the security. 


-Source (The-H & SC Magazine)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Announced 'Pwnium 2' & Increased Prize Money $2m To Exploit Chrome

Posted by Avik Sarkar On 8/18/2012 06:40:00 pm

Google Announced 'Pwnium 2' & Increased Prize Money $2m To Exploit Chrome

Few days ago we got the result of Microsoft hosted Blue Hat Security contest, where Microsoft awarded a bunch of hackers and gave away an amount of  $260,000. Immediately after this event, Internet giant Google   has upped the ante in its industry-leading cash-for-security-bugs program with hefty bonuses and a hacking contest that will award up to $2 million worth of prizes to people who successfully exploit its Chrome browser. In the official Chromium blog, Google has announced the plan for Pwnium 2. According to a blog post by Chris Evans, Software Engineer at Google- Pwnium 2 will be held on Oct 10th, 2012 at the Hack In The Box 10 year anniversary conference in Kuala Lumpur, Malaysia.
This time, Google be sponsoring up to $2 million worth of rewards at the following reward levels:
  • $60,000: “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself. 
  • $50,000: “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows kernel bug. 
  • $40,000: “Non-Chrome exploit”: Flash / Windows / other. Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. 
  • $Panel decision: “Incomplete exploit”: An exploit that is not reliable, or an incomplete exploit chain. For example, code execution inside the sandbox but no sandbox escape; or a working sandbox escape in isolation. For Pwnium 2, we want to reward people who get “part way” as we could definitely learn from this work. Our rewards panel will judge any such works as generously as we can. 
Exploits should be demonstrated against the latest stable version of Chrome. Chrome and the underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop (which we’ll be giving away to the best entry.) Exploits should be served from a password-authenticated and HTTPS Google property, such as App Engine. The bugs used must be novel i.e. not known to us or fixed on trunk. Please document the exploit. 
We also like to give you reminder that earlier in this year Google had increased vulnerability bounties in Anniversary of Vulnerability Reward Programbe. Also PayPal, Facebook & many other has already started this paid bug bounty program.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Google Offers $1 Million For Hackers To Exploit Chrome (Pwnium: Rewards For Exploits)

Posted by Avik Sarkar On 2/29/2012 05:18:00 pm

Google Offers $1 Million For Hackers To Exploit Chrome (Pwnium: Rewards For Exploits)

The search giant Google is offering a huge amount (total $1 million) of reward for those who will successfully hack the Google Chrome browser at the Pwn2Own Hacker Contest taking place next week (7 March, 2012). Google will reward those successful contestants at Pwn2Own with prices of $60,000, $40,000 and $20,000 – depending on the severity of the exploits that are demonstrated on a Windows 7 machine running the browser. The Prizes will be awarded on a first-come-first-serve basis, until the entire $1 million has been claimed.
Chrome is currently the only web browser eligible for entry into Pwn2Own that has never been successfully hacked. Contestants often note the difficulty of bypassing Google’s security sandbox as a reason for this. “While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve,” said Chris Evans and Justin Schuh, members of the Google Chrome security team. “To maximize our chances of receiving exploits this year, we’ve upped the ante. We will directly sponsor up to $1 million worth of rewards.”
Additional information can be found on the Chromium official blog.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search