Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Microsoft/Windows
Tame your scariest paperwork. Find Out How
Average Rating:
Rate this article:  
Web Browsers and Chromebook Fall in Hacker Contests
Web Browsers and Chromebook Fall in Hacker Contests

By Barry Levine
March 15, 2014 1:30PM

    Bookmark and Share
The big takeaway from the Pwn2Own hacker contest was that even the most secure software can be compromised. In connection with the Pwn2Own competition, Google ran its own Pwnium contest, challenging hackers to find security holes in Chromebook computers, which it has always touted as being "built to be secure from the ground up."
 



None of the major Web browsers are impervious to focused hacker teams. All four were successfully hacked in the Pwn2Own contest that took place this past week in Vancouver.

The two-day hackathon, which concluded Thursday, is backed by Hewlett-Packard and run by its Zero-Day Initiative. The contest organizers offered up to $1.085 million in prizes; $82,500 of that money went to charity and the rest to eight research teams.

The objects of the hackers' attention: Apple's Safari, Google's Chrome, Microsoft's Internet Explorer, and Mozilla's Firefox desktop browsers, plus Adobe's Reader and Flash plug-in. The Google, Microsoft and Flash entries had all been refreshed with security updates right before the contest.

Team Winnings of $400,000

Chaouki Bekrar, Chief Executive and Chief Researcher at Vulpen Security, told news media that the big takeaway from the contest was that "even the most secure software can be compromised by a team of researchers with enough resources." His team took home the most ever won by a Pwn2Own team -- $400,000.

The security vulnerabilities are reported to the software's maker, which can then close that particular barn door. Additionally, software makers watch for others' vulnerabilities, to make sure their products are not similarly susceptible.

Software makers are also reducing the time it takes them to patch reported issues. As recently as 2012, the average time for a security bug fix to be released was 180 days, but now that's been cut by a third to about 120.

Additionally, the number of submitted exploits by research teams this year was a record-setting 16. One team, the Keen Team from China, received $65,000 for successfully breaking into Safari and Flash. Members of that team have committed to donating some of their prize money to a Chinese charity set up for families of passengers on the missing Malaysian Airlines plane.

Google's Pwnium Shows Chromebooks Also Vulnerable

A team from Google, which is co-sponsoring the contest, took down Safari and won $32,500. The contest organizer, Zero-Day Initiative, nabbed Explorer and brought home $50,000. The teams donated their winnings to the Red Cross in Canada.

While many teams successfully reached their targets, a white whale still swims out there in hackerland. A grand prize of $150,000 was offered but not won for a hack appropriately called the Exploit Unicorn. It requires system-level code execution on a Windows 8.1 x 64 machine, in Explorer 11 x 64 and with an Enhanced Mitigation Experience Toolkit bypass.

Google also held its own Pwnium security hackathon in Vancouver on Wednesday, awarding $2.7 million in prizes. The highlight of that competition was a successful exploit of the HP Chromebook 11, which netted a $150,000 prize for well-known researcher George Hotz. He also received $50,000 for one of the Firefox hacks in Pwn2Own.

The technology giant must have had mixed feelings though, since it has been promoting the security of Chromebooks as being "built to be secure from the ground up." In a post on the Google Chrome Developers blog, the company noted that, in the past two years of the Pwnium contest, it has invited hackers to target the Chromebook. And this week, they did just that -- successfully.
 

Tell Us What You Think
Comment:

Name:

Fran M:

Posted: 2014-03-18 @ 7:47am PT
Finally the reporters clarified the language to give the precise meaning to this work ------ researcher!!!! GREAT!!!

Ronen:

Posted: 2014-03-18 @ 12:48am PT
@R Khan - Well said!

R Khan:

Posted: 2014-03-18 @ 12:41am PT
@Jeff Nelson
The reason chrome has been singled out is because of their one liner... "built to be secure from the ground up."

So even if there are 20 exploits in 1 day for other browsers they won't get much attention as they are not saying they are "built to be secure from the ground up."

Jeff Nelson:

Posted: 2014-03-16 @ 12:22pm PT
1 exploit in Chromebook every 3 months or so, vs 3 exploits a day on every other platform...



Get Powerful App Acceleration with Cisco. In a world where time is money, you need to accelerate the speed at which data moves through your data center. Cisco UCS Invicta delivers powerful, easy-to-manage application acceleration for data-intensive workloads. So you can make decisions faster and outpace the competition. Learn More.


 Microsoft/Windows
1.   Can One Size Windows OS Fit All?
2.   Microsoft CEO Sees 'Bold' Plan Ahead
3.   Design Central to Microsoft Future
4.   Lenovo Still in Small Windows Tablets
5.   How Chrome Eats Your Battery Life


advertisement
Microsoft CEO Sees 'Bold' Plan Ahead
With unified Windows for all platforms.
Average Rating:
Design Central to Microsoft Future
New ethos a break from functional past.
Average Rating:
Bing Lets Europeans Be 'Forgotten'
Following in Google's footsteps.
Average Rating:
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Researchers Working To Fix Tor Security Exploit
Developers for the Tor privacy browser are scrambling to fix a bug revealed Monday that researchers say could allow hackers, or government surveillance agencies, to track users online.
 
Wall Street Journal Hacked Again
Hacked again. That’s the story at the Wall Street Journal this week as the newspaper reports that the computer systems housing some of its news graphics were breached. Customers not affected -- yet.
 
Dropbox for Business Beefs Up Security
Dropbox is upping its game for business users. The cloud-based storage and sharing company has rolled out new security, search and other features to boost its appeal for businesses.
 

Enterprise Hardware Spotlight
Microsoft Makes Design Central to Its Future
Over the last four years, Microsoft has doubled the number of designers it employs, putting a priority on fashioning devices that work around people's lives -- and that are attractive and cool.
 
Contrary to Report, Lenovo's Staying in Small Windows Tablets
Device maker Lenovo has clarified a report that indicated it is getting out of the small Windows tablet business -- as in the ThinkPad 8 and the 8-inch Miix 2. But the firm said it is not exiting that market.
 
Seagate Unveils Networked Drives for Small Businesses
Seagate is out with five new networked attached storage products aimed at small businesses. The drives are for companies with up to 50 workers, and range in capacity from two to 20 terabytes.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | CRM Systems | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.