Whoever successfully cracks Google's Chrome operating system at this year's Pwnium hacking contest will walk away with a piece of the pi. Google, which had previously offered totals of $1 million, then $2 million, in prizes for successful hacks, is upping the ante at the contest, to be held in March at the CanSecWest security conference in Vancouver, B.C. The company is offering a total of $3.14159 million in cash rewards.
That's a nod to pi, math's most intriguing irrational number, and to the added challenges that come with cracking Google's ever-improving security measures.
It's unlikely that any single hacker will get the whole pi. Instead, many contestants could win $110,000 for each temporary compromise of Chrome OS, or $150,000 for each compromise that survives a system reboot.
All exploits must be delivered via webpages on a basic-model Samsung 550 Chromebook using a Wi-Fi connection.
"We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems," Google Chrome developer Chris Evans wrote on the official Chromium blog.
Rule change, and change again
Google's previous two Pwnium contests, last March at CanSecWest 2012 and last October at the Hack in the Box conference in Kuala Lumpur, Malaysia, were for successful exploits of its Chrome browser, not the similarly named OS
Google created Pwnium last year as an alternative to the longer-running Pwn2Own contest, also held at CanSecWest, after Pwn2Own temporarily changed its rules so that successful crackers no longer needed to reveal their methods.
That change was a bonus for commercial hackers such as the French company VUPEN, which specializes in keeping exploits secret and selling the information only to the highest bidders.
This year, the full-disclosure rules are back in effect at Pwn2Own, and Google is back as a co-sponsor, along with Hewlett-Packard.
But since the Chrome browser is one of the targets at Pwn2Own, Google's having the Pwnium participants across the hall take aim at the company's new operating system instead.
Unlike Pwn2Own, Pwnium doesn’t require contestants to use their real names. A teenager known only as Pinkie Pie, after the "My Little Pony" character, has won $60,000 at each Pwnium contest held so far.
Hard to beat
Google touts Chrome OS as the most secure operating system on the market. Yet its market share is so small that the OS hasn't truly been field-tested in the real world.
It's noteworthy, however, that the Pwn2Own prize for cracking the Chrome browser is $100,000, as opposed to $60,000 for Mozilla Firefox and $65,000 for Apple Safari.
Cracking Internet Explorer 10 running on Windows 8 yields $100,000 at Pwn2Own; IE 9 on Windows 7 is worth $75,000.
Pwn2Own winners also get to keep the contest-provided laptops used in their successful hacks.
The Pwnium rules don't mention if winners can keep their Chromebooks, but since Google sells the machines for a relatively inexpensive $450, the company probably won't mind.
Google has never had to pay out the full amount offered for Chrome browser cracks, and it's unlikely that it'll be writing checks totaling $3.15149 million for the operating-system hacks. But the Pwnium publicity probably won't hurt efforts to drum up buzz about Chrome OS.
Orginally Posted in TechNewsDaily by Ben Weitzenkorn
It's unlikely that any single hacker will get the whole pi. Instead, many contestants could win $110,000 for each temporary compromise of Chrome OS, or $150,000 for each compromise that survives a system reboot.
All exploits must be delivered via webpages on a basic-model Samsung 550 Chromebook using a Wi-Fi connection.
"We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems," Google Chrome developer Chris Evans wrote on the official Chromium blog.
Rule change, and change again
Google's previous two Pwnium contests, last March at CanSecWest 2012 and last October at the Hack in the Box conference in Kuala Lumpur, Malaysia, were for successful exploits of its Chrome browser, not the similarly named OS
Google created Pwnium last year as an alternative to the longer-running Pwn2Own contest, also held at CanSecWest, after Pwn2Own temporarily changed its rules so that successful crackers no longer needed to reveal their methods.
That change was a bonus for commercial hackers such as the French company VUPEN, which specializes in keeping exploits secret and selling the information only to the highest bidders.
This year, the full-disclosure rules are back in effect at Pwn2Own, and Google is back as a co-sponsor, along with Hewlett-Packard.
But since the Chrome browser is one of the targets at Pwn2Own, Google's having the Pwnium participants across the hall take aim at the company's new operating system instead.
Unlike Pwn2Own, Pwnium doesn’t require contestants to use their real names. A teenager known only as Pinkie Pie, after the "My Little Pony" character, has won $60,000 at each Pwnium contest held so far.
Hard to beat
Google touts Chrome OS as the most secure operating system on the market. Yet its market share is so small that the OS hasn't truly been field-tested in the real world.
It's noteworthy, however, that the Pwn2Own prize for cracking the Chrome browser is $100,000, as opposed to $60,000 for Mozilla Firefox and $65,000 for Apple Safari.
Cracking Internet Explorer 10 running on Windows 8 yields $100,000 at Pwn2Own; IE 9 on Windows 7 is worth $75,000.
Pwn2Own winners also get to keep the contest-provided laptops used in their successful hacks.
The Pwnium rules don't mention if winners can keep their Chromebooks, but since Google sells the machines for a relatively inexpensive $450, the company probably won't mind.
Google has never had to pay out the full amount offered for Chrome browser cracks, and it's unlikely that it'll be writing checks totaling $3.15149 million for the operating-system hacks. But the Pwnium publicity probably won't hurt efforts to drum up buzz about Chrome OS.
Orginally Posted in TechNewsDaily by Ben Weitzenkorn