Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
APC Free White Paper
Optimize your network investment &
Enter to win a Samsung Galaxy Note

www.apc.com
World Wide Web
Next Generation Data Center Is Here!
Average Rating:
Rate this article:  
Web Browsers and Chromebook Fall in Hacker Contests
Web Browsers and Chromebook Fall in Hacker Contests

By Barry Levine
March 15, 2014 1:30PM

    Bookmark and Share
The big takeaway from the Pwn2Own hacker contest was that even the most secure software can be compromised. In connection with the Pwn2Own competition, Google ran its own Pwnium contest, challenging hackers to find security holes in Chromebook computers, which it has always touted as being "built to be secure from the ground up."
 



None of the major Web browsers are impervious to focused hacker teams. All four were successfully hacked in the Pwn2Own contest that took place this past week in Vancouver.

The two-day hackathon, which concluded Thursday, is backed by Hewlett-Packard and run by its Zero-Day Initiative. The contest organizers offered up to $1.085 million in prizes; $82,500 of that money went to charity and the rest to eight research teams.

The objects of the hackers' attention: Apple's Safari, Google's Chrome, Microsoft's Internet Explorer, and Mozilla's Firefox desktop browsers, plus Adobe's Reader and Flash plug-in. The Google, Microsoft and Flash entries had all been refreshed with security updates right before the contest.

Team Winnings of $400,000

Chaouki Bekrar, Chief Executive and Chief Researcher at Vulpen Security, told news media that the big takeaway from the contest was that "even the most secure software can be compromised by a team of researchers with enough resources." His team took home the most ever won by a Pwn2Own team -- $400,000.

The security vulnerabilities are reported to the software's maker, which can then close that particular barn door. Additionally, software makers watch for others' vulnerabilities, to make sure their products are not similarly susceptible.

Software makers are also reducing the time it takes them to patch reported issues. As recently as 2012, the average time for a security bug fix to be released was 180 days, but now that's been cut by a third to about 120.

Additionally, the number of submitted exploits by research teams this year was a record-setting 16. One team, the Keen Team from China, received $65,000 for successfully breaking into Safari and Flash. Members of that team have committed to donating some of their prize money to a Chinese charity set up for families of passengers on the missing Malaysian Airlines plane.

Google's Pwnium Shows Chromebooks Also Vulnerable

A team from Google, which is co-sponsoring the contest, took down Safari and won $32,500. The contest organizer, Zero-Day Initiative, nabbed Explorer and brought home $50,000. The teams donated their winnings to the Red Cross in Canada.

While many teams successfully reached their targets, a white whale still swims out there in hackerland. A grand prize of $150,000 was offered but not won for a hack appropriately called the Exploit Unicorn. It requires system-level code execution on a Windows 8.1 x 64 machine, in Explorer 11 x 64 and with an Enhanced Mitigation Experience Toolkit bypass.

Google also held its own Pwnium security hackathon in Vancouver on Wednesday, awarding $2.7 million in prizes. The highlight of that competition was a successful exploit of the HP Chromebook 11, which netted a $150,000 prize for well-known researcher George Hotz. He also received $50,000 for one of the Firefox hacks in Pwn2Own.

The technology giant must have had mixed feelings though, since it has been promoting the security of Chromebooks as being "built to be secure from the ground up." In a post on the Google Chrome Developers blog, the company noted that, in the past two years of the Pwnium contest, it has invited hackers to target the Chromebook. And this week, they did just that -- successfully.
 

Tell Us What You Think
Comment:

Name:

Fran M:

Posted: 2014-03-18 @ 7:47am PT
Finally the reporters clarified the language to give the precise meaning to this work ------ researcher!!!! GREAT!!!

Ronen:

Posted: 2014-03-18 @ 12:48am PT
@R Khan - Well said!

R Khan:

Posted: 2014-03-18 @ 12:41am PT
@Jeff Nelson
The reason chrome has been singled out is because of their one liner... "built to be secure from the ground up."

So even if there are 20 exploits in 1 day for other browsers they won't get much attention as they are not saying they are "built to be secure from the ground up."

Jeff Nelson:

Posted: 2014-03-16 @ 12:22pm PT
1 exploit in Chromebook every 3 months or so, vs 3 exploits a day on every other platform...



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 World Wide Web
1.   Tor Internet Privacy Service Breached
2.   Amazon Invests $2B To Grow in India
3.   Many Sites Are Studying Consumers
4.   Facebook To Force Use of Messenger
5.   OkCupid Experiments with Daters


advertisement
OkCupid Experiments with Daters
Unethical without user consent?
Average Rating:
Radical.FM's Freemium Biz Model
Online radio startup asks for donations.
Average Rating:
Many Sites Are Studying Consumers
Facebook and OKCupid are not alone.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
New 'Backoff' Malware Slips Undetected into Retail Systems
'Malicious actors' are using a new variety of malware to access consumer payment data remotely through point-of-sale systems, according to a report from the Department of Homeland Security.
 
IBM Beefs Up Identity Intelligence Security Solutions
Big Blue is betting big on identity intelligence. IBM just acquired a private firm with security software to govern user access to apps and data across cloud and on-premise environments.
 
USB Security Flaw Lets Hackers Hijack PCs
Hackers can use the firmware that controls USB functions to take control of computers, say security experts. That means there may be a new class of attack for which there are no defenses.
 

Enterprise Hardware Spotlight
AMD's ARM-Based Opteron Out in $3K Dev Kit
It's dubbed "Seattle" and it's AMD's first 64-bit ARM-based Opteron processor. The low-power chip is being released as part of AMD’s Opteron A1100-series developer kit, and aimed at high-end data center needs.
 
Apple Updates MacBook Pros, Cuts Prices Up to $100
The popular MacBook Pro laptop line just got an update and a price cut of as much as $100. The MacBook Pro with Retina display now includes faster processors and double the memory.
 
Dell, BlackBerry Not Sweating Apple-IBM Alliance
IBM's recent move to partner with Apple to sell iPhones and iPads loaded with corporate applications has excited investors in both companies, but two rivals say they are unperturbed for now.
 

Mobile Technology Spotlight
BlackBerry Messenger Now Available on Windows Phone
BlackBerry's free Messenger chatting and voice app is out of beta and widely available for Windows Phone users, the company said. BBM offers secure messaging, Groups, Voice, Channels and more.
 
Virgin Mobile Offers Custom Smartphone Plans
As the wireless carrier wars continue heating up, Virgin Mobile just threw the customization coal onto the fire. The firm has debuted a no-annual-contract plan with rates based on individual use.
 
Collaboration Provider Asana Revamps Mobile App
Asana, a collaboration software provider started by a Facebook founder, is now out with a rebuilt native iOS mobile app. It replaces one that even the company admits was not up to par.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.