Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Microsoft/Windows
DDoS Protection Powered By Verisign
Average Rating:
Rate this article:  
Web Browsers and Chromebook Fall in Hacker Contests

Web Browsers and Chromebook Fall in Hacker Contests
By Barry Levine

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

The big takeaway from the Pwn2Own hacker contest was that even the most secure software can be compromised. In connection with the Pwn2Own competition, Google ran its own Pwnium contest, challenging hackers to find security holes in Chromebook computers, which it has always touted as being "built to be secure from the ground up."
 


None of the major Web browsers are impervious to focused hacker teams. All four were successfully hacked in the Pwn2Own contest that took place this past week in Vancouver.

The two-day hackathon, which concluded Thursday, is backed by Hewlett-Packard and run by its Zero-Day Initiative. The contest organizers offered up to $1.085 million in prizes; $82,500 of that money went to charity and the rest to eight research teams.

The objects of the hackers' attention: Apple's Safari, Google's Chrome, Microsoft's Internet Explorer, and Mozilla's Firefox desktop browsers, plus Adobe's Reader and Flash plug-in. The Google, Microsoft and Flash entries had all been refreshed with security updates right before the contest.

Team Winnings of $400,000

Chaouki Bekrar, Chief Executive and Chief Researcher at Vulpen Security, told news media that the big takeaway from the contest was that "even the most secure software can be compromised by a team of researchers with enough resources." His team took home the most ever won by a Pwn2Own team -- $400,000.

The security vulnerabilities are reported to the software's maker, which can then close that particular barn door. Additionally, software makers watch for others' vulnerabilities, to make sure their products are not similarly susceptible.

Software makers are also reducing the time it takes them to patch reported issues. As recently as 2012, the average time for a security bug fix to be released was 180 days, but now that's been cut by a third to about 120.

Additionally, the number of submitted exploits by research teams this year was a record-setting 16. One team, the Keen Team from China, received $65,000 for successfully breaking into Safari and Flash. Members of that team have committed to donating some of their prize money to a Chinese charity set up for families of passengers on the missing Malaysian Airlines plane.

Google's Pwnium Shows Chromebooks Also Vulnerable

A team from Google, which is co-sponsoring the contest, took down Safari and won $32,500. The contest organizer, Zero-Day Initiative, nabbed Explorer and brought home $50,000. The teams donated their winnings to the Red Cross in Canada.

While many teams successfully reached their targets, a white whale still swims out there in hackerland. A grand prize of $150,000 was offered but not won for a hack appropriately called the Exploit Unicorn. It requires system-level code execution on a Windows 8.1 x 64 machine, in Explorer 11 x 64 and with an Enhanced Mitigation Experience Toolkit bypass.

Google also held its own Pwnium security hackathon in Vancouver on Wednesday, awarding $2.7 million in prizes. The highlight of that competition was a successful exploit of the HP Chromebook 11, which netted a $150,000 prize for well-known researcher George Hotz. He also received $50,000 for one of the Firefox hacks in Pwn2Own.

The technology giant must have had mixed feelings though, since it has been promoting the security of Chromebooks as being "built to be secure from the ground up." In a post on the Google Chrome Developers blog, the company noted that, in the past two years of the Pwnium contest, it has invited hackers to target the Chromebook. And this week, they did just that -- successfully.
 

Tell Us What You Think
Comment:

Name:

Fran M:

Posted: 2014-03-18 @ 7:47am PT
Finally the reporters clarified the language to give the precise meaning to this work ------ researcher!!!! GREAT!!!

Ronen:

Posted: 2014-03-18 @ 12:48am PT
@R Khan - Well said!

R Khan:

Posted: 2014-03-18 @ 12:41am PT
@Jeff Nelson
The reason chrome has been singled out is because of their one liner... "built to be secure from the ground up."

So even if there are 20 exploits in 1 day for other browsers they won't get much attention as they are not saying they are "built to be secure from the ground up."

Jeff Nelson:

Posted: 2014-03-16 @ 12:22pm PT
1 exploit in Chromebook every 3 months or so, vs 3 exploits a day on every other platform...



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Microsoft/Windows
1.   Price Wars Hitting Laptop Market?
2.   Office 365 Tailored for Attorneys
3.   Plan Your Move from Windows 7 Now
4.   Microsoft Patch Tuesday Stars IE
5.   Surface Pro Ads Aim at MacBook Pro


advertisement
China Puts Microsoft Under the Lens
Official anti-monopoly probe launched.
Average Rating:
Plan Your Move from Windows 7 Now
But don't rush to deploy Windows 8.
Average Rating:
Dynamics CRM Online Extends Reach
Now available in 17 more countries.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Cost of Target Data Breach: $148 Million Plus Loss of Trust
The now infamous Target data breach is still costing the company -- and its shareholders -- plenty. In fact, the retailing giant forecast the December 2013 incident cost shareholders $148 million.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Chinese Hackers Nab Info on Millions of U.S. Patients
A group of Chinese hackers has stolen the personal information, including names and Social Security numbers, of about 4.5 million patients at hospitals operated by Community Health Systems.
 

Enterprise Hardware Spotlight
Three New Lenovo PCs Aimed at Business Users
Businesses everywhere want computing solutions that do more for less money, and Lenovo has unveiled three new desktop PCs that offer solid computing at a budget-minded price.
 
Aruba Networks Handles Black Hat with Aplomb
It's not an easy job. Aruba Networks' task throughout the Black Hat USA conference in Las Vegas this month was to ensure thousands of attendees could connect without malicious attacks.
 
Compression, Deduplication Come to Violin Concerto 2200
Violin Memory has announced that data deduplication and compression capabilities are now available on its Concerto 2200 solution. Typically, users will experience deduplication rates between 6:1 and 10:1.
 

Mobile Technology Spotlight
Apple Stock Soars Ahead of iPhone 6 Launch
The imminent release of the iPhone 6 -- and maybe even an iWatch -- has sent Apple's stock soaring to new heights. Considering what else the firm could have up its sleeve -- the stratosphere may be the limit.
 
HTC Debuts Windows Phone Version of One M8 Smartphone
HTC is bringing the Windows Phone mobile OS to its flagship One M8 device -- the first time any mainstream flagship smartphone has been offered with a choice of operating systems.
 
Verizon Earns Top Rating in Mobile Network Comparison
A new report says Verizon Wireless was the top-performing U.S. cellphone service provider in the first half of 2014, on a nationwide and state-by-state basis, as well as in metro areas.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.