Logo Google Chrome
Sains & Teknologi
Hacker Ditantang Jebol Google Chrome
Google siap membayar Anda US$20.000 jika berhasil meretas browser Chrome pertama.
Jum'at, 4 Februari 2011, 14:05 WIB
Muhammad Chandrataruna
Logo Google Chrome
BERITA TERKAIT
* Google Siapkan Netbook Berplatform Chrome
* Temukan Bug di Chrome Berhadiah Rp 28 Juta
* Google Resmikan Browser untuk Apple Mac OS
* Saingi Apple, Google Rilis Kios Aplikasi
* Google Chrome Baru, 30% Lebih Cepat
VIVAnews - Anda seorang peretas (hacker)? Jika ya, Google menantang Anda untuk meretas browsernya, Google Chrome. Tak tanggung-tanggung, raksasa perusahaan Internet asal Mountain View itu menyiapkan hadiah senilai US$20.000 atau kurang lebih Rp180,1 juta.
Upaya pencarian peretas itu akan ditempuh melalui kontes hacking Pwn2Own. Kontes yang akan diselenggarakan ke lima kalinya itu digelar di sela konferensi keamanan CanSecWest di Vancouver, British Columbia - Kanada, 9 Maret mendatang.
Dalam kontes tahunan itu, penghargaan sebesar US$20.000 menjadi hadiah terbesar di dalam sejarah kontes. Peserta ditantang untuk "mengobrak-abrik" keamanan Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, dan Chrome.
Mesin yang digunakan juga dibebaskan. Peserta boleh memilih komputer berbasis Windows 7 atau Mac OS X untuk menaklukkan pertahanan keempat browser raksasa itu.
Peserta pertama yang dapat meretas IE, Firefox, dan Safari akan langsung menerima US$15.000 lengkap dengan komputer yang dipakainya, entah itu berbasis Windows atau Mac OS.
Nilai hadiah ini lebih mahal US$5.000 dibandingkan kontes Pwn2Own tahun sebelumnya, bahkan 3 kali lipat lebih besar dibandingkan kontes Pwn2Own tahun 2009.
"Kami telah menaikkan nilai penghargaan untuk kontes ini supaya lebih menarik. Tahun ini, secara total alokasi dana untuk hadiah mencapai US$125.000 (setara Rp1,1 miliar)," kata Aaron Portnoy, manager tim riset keamanan HP TippingPoint, yang dikutip dari ComputerWorld.com, Jumat 4 Februari 2011.
Announcing Pwn2Own 2011
* By Aaron Portnoy
* Wed 02 Feb 2011 15:57pm
* 25409 Views
* 1 Comments
* Link
It's that time of year again and the Zero Day Initiative (ZDI) team here at HP TippingPoint is proud to announce the 5th annual Pwn2Own competition is back. We have some exciting additions this year including the first ever vendor sponsorship, new attack surfaces, and even more prizes for competitors. If you're unfamiliar with the contest you can take a look at the archived blog posts from 2008, 2009, and 2010.
Last year the contest was a great success, with three of the four browsers successfully compromised as well as the Apple iPhone. As you may all be aware, after Peter Vreugdenhil demonstrated his IE8 hack last year, we relocated him from the Netherlands to join our team. This year Peter will be participating officially as a Pwn2Own judge.
As mentioned previously, we've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000 USD. While HP TippingPoint is funding $105,000 of that, we've partnered with Google who has generously offered up $20,000 to the researcher who can best their Chrome browser. Kudos to the Google security team for taking the initiative to approach us on this; we're always in favor of rewarding security researchers for the work they too-often do for free.
Overview
Similarly to last year the competition will focus on two main technologies: web browsers and mobile devices. Staying true to the original intent of the Pwn2Own contest we intend to empirically demonstrate the current security posture of the most prevalent products in use today.
Following the Contest
The contest will be taking place on the 9th, 10th, and 11th of March, 2011 in Vancouver, BC during the CanSecWest conference. This blog post will be updated as the contest plays out, but for real-time updates you can follow either @thezdi or myself on twitter or search for the hashtag #pwn2own.
Please direct all press inquiries for HP TippingPoint/ZDI to: Jacinda Mein
Registration
This year we are opening pre-registration effective immediately. If you are interested in competing please send an e-mail to zdi@tippingpoint.com with the following information:
* Name
* Intended Target
* Any requirements you may need (network connection, static IP addresses, ...)
Pre-registration will close in 2 weeks on the 15th of February at which point a random drawing will occur to determine the order in which competitors can make their attempt. We will also allow competitors to sign up on-site, although they will be allotted a time slot after any pre-registered individuals.
Each contestant will have a 30-minute time slot in which to complete their attempt (not counting time to set up possible network or device pre-requisites).
Target: Web Browsers
This year the web browser targets will be the latest release candidate (at the time of the contest) of the following products:
* Microsoft Internet Explorer
* Apple Safari
* Mozilla Firefox
* Google Chrome
Each browser will be installed on a 64-bit system running the latest version of either OS X or Windows 7.
The laptop prizes include:
* Sony Vaio running Windows 7
* Alienware m11x running Windows 7
* Apple MacBook Air 13" running Mac OS X Snow Leopard
* Google CR-48 running ChromeOS (no attacks against this device, it is merely a prize. The Chrome target will be running on the other laptops)
A successful hack of IE, Safari, or Firefox will net the competitor a $15,000 USD cash prize, the laptop itself, and 20,000 ZDI reward points which immediately qualifies them for Silver standing. Benefits of ZDI Silver standing include a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions in 2011, 25% reward point bonus on all ZDI submissions in 2011 and paid travel and registration to attend the DEFCON Conference in Las Vegas.
As for Chrome, the contest will be a two-part one. On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope.
Target: Mobile Phones
This year we are excited to announce we have increased the attack surface eligible for a successful hack against the mobile phone targets. We will have a base station on-site so that competitors will be able to perform attacks against the cell phone basebands. Due to the sensitive nature of the vulnerabilities we expect and the fact that an attack would require the exploit to be transmitted over RF, we will have this nifty RF enclosure on hand for testing:
This device has a built-in video recording feature and we plan on publishing the feed after the contest has ended.
The following are the target mobile devices for the contest:
* Dell Venue Pro running Windows 7
* iPhone 4 running iOS
* Blackberry Torch 9800 running Blackberry 6 OS
* Nexus S running Android
A successful attack against these devices must require little to no user interaction and must compromise useful data from the phone. Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope.
A successful compromise of any of these targets will win the contestant a cash prize of $15,000 USD, the device itself, and 20,000 ZDI reward points which immediately qualifies them for Silver standing. Benefits of ZDI Silver standing include a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions in 2011, 25% reward point bonus on all ZDI submissions in 2011 and paid travel and registration to attend the DEFCON Conference in Las Vegas.
Time Slots
Once pre-registration is over we will post the time slots allotted for the various competitors here.
Competition Results
Stay tuned to this blog entry as we will be updating this section with winners as they (presumably) succeed.
Tags:
Published On: 2011-02-02 15:57:08
Comments post a comment
1.
Anonymous commented on 2011-02-04 @ 15:45
Could you please include Opera next time or add it for this contest real quick. It'd be good to attack an engine that is rarely touched.
Post A Comment
Fields marked with * are required. All HTML tags will be filtered out.
Name*
Email*
Url
Comments*
Anti Spam Please type "NOTSPAM" in the box below to prove that you are not a bot.
Links To This Post
1.
Hackerwettbewerb: Google zahlt 20.000 Dollar f�r Chrome-Sandbox-Exploit - Security | News | ZDNet.de
linked on 2011-02-03 @ 04:11 Show Comment
TippingPoint hat den Hackerwettbewerb Pwn2Own 2011 angek�ndigt, der vom 9. bis 11. M�rz im kanadischen Vancouver stattfinden wird. Zu den Sponsoren z�hlt in diesem Jahr Google. Das Unternehmen stellt ein Preisgeld von 20.000 Dollar zu Verf�gung, das derjenige erh�lt, der einen Exploit in Chrome findet und die Kontrolle �ber ein Cr-48-Chrome-Netbook �bernehmen kann.
2.
Pwn2Own 2011: Google offering $20,000 for Chrome sandbox exploit | ZDNet
linked on 2011-02-02 @ 17:06 Show Comment
Kernel bugs and plugins other than the built-in PDF support are all out of scope for Chrome, TippingPoint ZDI said.
3.
Pwn2Own 2011: Google offering $20,000 for Chrome sandbox exploit | ZDNet
linked on 2011-02-02 @ 17:06 Show Comment
Kernel bugs and plugins other than the built-in PDF support are all out of scope for Chrome, TippingPoint ZDI said.
4.
Hack Chrome And Get A CR48 Notebook and $20000 In Prize | Chrome Story
linked on 2011-02-03 @ 04:31 Show Comment
Cr48 is not a target in this competition. Hackers will have to break chrome browser on windows 7 machines to win and CR48 notebook is only a part of the prize. Here is the highlight from the blogpost. Google CR-48 running ChromeOS (no attacks against this device, it is merely a prize. The Chrome target will be running on the other laptops) As for Chrome, the contest will be a two-part one. On day 1, Google will offer $20,000 USD and the CR-48 if a contestant ...
5.
Batalla de seguridad de navegadores en CanSecWest, concurso Pwn2Own | MuySeguridad
linked on 2011-02-03 @ 04:41 Show Comment
Para la fecha en la que se llevará a cabo, es muy probable que las versiones de los navegadores sean IE9 RC, Chrome 10, Firefox 4.0. Los portátiles que serán objetivo de los ataques será un Sony Vaio con Windows 7, Alienware m11x con Windows 7, MacBook Air con Mac OS X Snow Leopard, y Google CR-48 con Chrome OS -sólo como regalo-.
6.
Google bets $20K that Chrome can't be hacked Tech Blogged | Tech Blogged
linked on 2011-02-03 @ 06:56 Show Comment
TippingPoint, which is again sponsoring Pwn2Own, set the contest’s rules Wednesday in a blog post written by Portnoy.
7.
Nexus S to take on hackers at Pwn2Own 2011 contest | The Android Site
linked on 2011-02-03 @ 07:10 Show Comment
For full details go visit the DV Labs blog. Related Posts:Android Joining This Year’s Pwn2Own ContestNexus One and Nexus S getting OTA updates now, fixes SMS bugAndroid ported to the Chrome OS CR-48 notebook
8.
Google paga US$ 20 mil a quem conseguir hackear o Chrome
linked on 2011-02-03 @ 07:26 Show Comment
A Tipping Point, que mais uma vez patrocina o concurso, divulgou as regras da competição na quarta-feira (2/2), em seu blog.
9.
Pwn2Own 2011: Extra prize for Chrome hack
linked on 2011-02-03 @ 07:31 Show Comment
... managed to inject and execute code via a vulnerability. The most recent similar hole in Chrome was closed in mid-January � the developer who discovered it received $3133.7 for his find. Organised by the Zero Day Initiative (ZDI) team at security researchers TippingPoint, the Pwn2Own 2011 contest offers a further $105,000 for security holes found in Internet Explorer, Safari and Firefox, as well as in Windows Phone 7, iOS, Blackberry 6 and Android, that allow malicious code to be injected and executed. Holes in Symbian have been dropped from the program this year. For the first time, contestants have also been invited to attack potential firmware holes in wireless modules. Often called "baseband", this hardware includes such components as GSM and UMTS transmitters and receivers, as well as modulators and demodulators, and is implemented via a special processor. The attacks are to reveal holes in the relevant firmware, for instance in the GSM stack. At the recent Black Hat conference, Ralf-Philipp Weinmann already demonstrated how to use specially crafted GSM packets to inject code into the baseband processor and execute it there � independently of the smartphone operating system in use on the device. ...
10.
Google Puts $20,000 Bounty On Chrome In Hacking Contest « SaaS Newswire
linked on 2011-02-03 @ 07:37 Show Comment
At the Pwn2Own contest next month, Google will offer $20,000 to the first security researcher who can gain full control of a laptop running its Chrome Browser, a task that requires defeating the software’s sandbox protections, measures designed to isolate an attack within the browser and prevent it from accessing the ...
11.
Google paga US$ 20 mil a quem conseguir hackear o Chrome | Variedades
linked on 2011-02-03 @ 07:40 Show Comment
A Tipping Point, que mais uma vez patrocina o concurso, divulgou as regras da competição na quarta-feira (2/2), em seu blog.
12.
Google Offers $20,000 and a Laptop for a Chrome Hack | TheNewAdmin
linked on 2011-02-03 @ 10:27 Show Comment
Organized by the Zero Day Initiative (ZDI) team at HP TippingPoint, the contest offers further prizes totaling $105,000 for successful hacks on Microsoft Internet Explorer, Apple Safari and Mozilla Firefox, as well as these mobile phones: Dell Venue Pro running Windows 7, iPhone 4 running iOS, Blackberry Torch 9800 running Blackberry 6 OS and Nexus S running Android.
13.
Google Offers $20K To Anyone Who Can Hack Google Chrome - Techland - TIME.com
linked on 2011-02-03 @ 11:08 Show Comment
The hacks will have to be made to Chrome Web browser's running on the latest 64-bit release of either Windows 7 or Mac OS X. Contest rules state that the hack must “must include a sandbox escape,” which means whatever the hack weakens may be combined with another security flaw that must be written in Google code to cause the whole system to crumble. (Chrome supposedly has built-in sandbox protection. According to PC World, ...
14.
Think you can hack Chrome? Google has $20K with your name on it! | ZDNet
linked on 2011-02-03 @ 08:14 Show Comment
Here are the details: As mentioned previously, we’ve upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000 USD. While HP TippingPoint is funding $105,000 of that, we’ve partnered with Google who has generously offered up $20,000 to the researcher who can best their Chrome browser. Kudos to the Google security team for taking the initiative to approach us on this; we’re always in favor of rewarding security researchers for the work they too-often do for free.
15.
Win $20K if You can Hack Chrome! | Pwnday 2011 | Webscopia
linked on 2011-02-03 @ 10:21 Show Comment
Portnoy announced the rules of this years Pwnday in a blog post. The main aim behind this day is to help manufacturers find vulnerabilities in their software and programming. Hacking Chrome is more difficult than it sounds. Chrome’s sandbox quality makes it a more arduous process than usual. Sandbox is an anti exploit defense that makes it nearly impossible ...
16.
Google offers $20,000 for successful Cr-48 Chrome OS hack at Pwn2Own 2011 | Daily World Events
linked on 2011-02-03 @ 09:07 Show Comment
Google isn’t just bringing the Chrome Browser to Pwn2Own 2011 — this time, it’s also bringing its own hardware. The Cr-48 Chrome OS laptop will be on hand for the browser exploiting hullabaloo, and Google is offering $20,000 for a successful exploit. According to the event’s organizer, the attacker will also need to escape Chrome’s sandbox. At last year’s event, prominent researcher Charlie Miller said that’s no easy task, so we’re very curious to see whether someone will succeed this time around.
17.
Google Tempts Hackers With $20,000 Prize| Rodney Payne
linked on 2011-02-03 @ 10:31 Show Comment
Aaron Portnoy, Manager of the Security Research Team at TippingPoint Technologies (which is behind the event), explained in an official blog post, "[W]e’ve partnered with Google who has generously offered up $20,000 to the researcher who can best their Chrome browser."
18.
Information Technology Leader - Google Serves Up $20,000 Chrome Exploit Challenge
linked on 2011-02-03 @ 10:16 Show Comment
In the grand scheme of things, relatively few people ever claim $20,000 for a day’s worth of work. You can be one of them, provided you put your hacker hat on and attend the Pwn2Own contest next month. Google’s challenge is this: Be the first to “pop [the Cr-48's Chrome] browser and escape the sandbox using vulnerabilities purely present in Google-written code” and the bounty, as well as the laptop, are both yours to keep, TippingPoint said in a blog post.
19.
Компания Google намерена выплатить 20 тыс. долларов за взлом браузера Chrome | AllUNIX.ru – Всероссийский портал о UNIX-системах
linked on 2011-02-03 @ 10:21 Show Comment
В преддверии мартовской конференции Pwn2Own, на которой состоится традиционное соревнование по взлому популярных web-браузеров, компания Google учредила специальный приз в размере 20 тыс. долларов, который будет вручен любому участнику, продемонстрировавшему способ эксплуатации системы через взлом web-браузера Chrome. Общий призовой фонд конкурса в этом году составит 125 тыс. долларов.
20.
Notícia: Google paga US$ 20 mil a quem conseguir hackear o Chrome | Notícias
linked on 2011-02-03 @ 09:16 Show Comment
A Tipping Point, que mais uma vez patrocina o concurso, divulgou as regras da competição na quarta-feira (2/2), em seu blog.
21.
Google Puts $20,000 Bounty On Chrome In Hacking Contest - Andy Greenberg - The Firewall - Forbes
linked on 2011-02-03 @ 09:20 Show Comment
At the Pwn2Own contest next month, Google will offer $20,000 to the first security researcher who can gain full control of a laptop running its Chrome Browser, a task that requires defeating the software’s sandbox protections, measures designed to isolate an attack within the browser and prevent it from accessing the ...
22.
Google Ups The Ante At Pwn2Own 2011 Offers $20k For Chrome Hack | Geek News
linked on 2011-02-03 @ 10:26 Show Comment
... Hack Google reportedly raised the stakes for this years Pwn2Own hacking contest, offering up an additional $20,000 for anyone that successfully hacks into Google Chrome. Organized by the Zero Day Initiative (ZDI) team at security researchers TippingPoint, the 5th annual Pwn2Own 2011 contest pits security teams against some of your favors operating systems equipped with the webs best browsers as well as some of our favorite smartphones. This year the contest will offer up to $125,000 in prizes ($105k plus Google's bonus) for the teams that find and exploit security holes in Internet Explorer, Safari and Firefox, as well as in Windows Phone 7, iOS, Blackberry 6 and Android. To walk off with Google's $20,000 the researchers must ...
23.
Google Gambles $20k that Chrome Can’t be Cracked « facedone
linked on 2011-02-03 @ 09:51 Show Comment
According to posted details about the Pwn2Own contest, a successful attack against Chrome will be measured over a few days. “On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope.”
24.
Computer Troopers » Google Offers $20,000 and a Laptop for a Chrome Hack
linked on 2011-02-03 @ 10:42 Show Comment
Organized by the Zero Day Initiative (ZDI) team at HP TippingPoint, the contest offers further prizes totaling $105,000 for successful hacks on Microsoft Internet Explorer, Apple Safari and Mozilla Firefox, as well as these mobile phones: Dell Venue Pro running Windows 7, iPhone 4 running iOS, Blackberry Torch 9800 running Blackberry 6 OS and Nexus S running Android.
25.
Google gambles $20000 that Chrome can’t be hacked | MyGeist
linked on 2011-02-03 @ 10:34 Show Comment
This is the first time any browser maker has added prize money and the first time Google has participated, according to TippingPoint, which is sponsoring the event. A total of $125,000 in prizes will be given to those who successfully hack varying browsers and mobile devices. Cracking Internet Explorer, Safari, or Firefox will net successful hackers $15,000. Prizes for cracking Windows Phone 7, iPhone 4, BlackBerry 6 OS, or Android will also win exploiters $15,000 plus a device running the operating system.
26.
Planet Android » Blog Archive » Nexus S to take on hackers at Pwn2Own 2011 contest
linked on 2011-02-03 @ 10:46 Show Comment
For full details go visit the DV Labs blog.
27.
Google looft prijs uit voor Pwn2Own-hack Chrome » Clippy.be
linked on 2011-02-03 @ 11:32 Show Comment
Googles actie is onderdeel van de browsercompetitie. Bij de browsers zijn dit jaar ook Internet Explorer, Safari en Firefox onder de slachtoffers. Iedere browser wordt geïnstalleerd op een 64bit-versie van OS X of Windows 7. Een succesvolle hack levert een deelnemer in ieder geval 15.000 dollar op, de laptop waarop hij zijn poging deed en 20.000 ZDI-punten. Deze punten horen bij het Zero Day Initiative, een onderdeel van TippingPoint. Iedere deelnemer krijgt dertig minuten toegewezen.
28.
Google offers $20,000 prize to hack Chrome at security conference | MyCE – My Consumer Electronics
linked on 2011-02-03 @ 12:03 Show Comment
Aaron Portnoy, who manages TippingPoint Technologies’ Security Research Team and helped develop the Pwn2Own contest, blogged about the upcoming contest and explained the special rules for exploiting Chrome:
29.
Link - Estadao.com.br
linked on 2011-02-03 @ 12:04 Show Comment
O Pwn2Own acontece anualmente no Canadá e tem patrocínio da Tipping Point — que é quem define as regras da competição, já anunciadas.
30.
Hazte hacker de Google y gana 20000 dolares | La Idea Feliz
linked on 2011-02-03 @ 12:51 Show Comment
Por primera vez, el concurso canadienses de hackers Pwn2Own tiene una empresa privada que ofrece una recompensa por el éxito de un experimento. Google ha prometido 20.000 dólares a quien consiga atacar con éxito el navegador Chrome.
31.
Google Offers $20,000 and a Laptop for a Chrome Hack « cybersaviours
linked on 2011-02-03 @ 13:32 Show Comment
Organized by the Zero Day Initiative (ZDI) team at HP TippingPoint, the contest offers further prizes totaling $105,000 for successful hacks on Microsoft Internet Explorer, Apple Safari and Mozilla Firefox, as well as these mobile phones: Dell Venue Pro running Windows 7, iPhone 4 running iOS, Blackberry Torch 9800 running Blackberry 6 OS and Nexus S running Android.
32.
Google offers $20,000 for Chrome hack
linked on 2011-02-03 @ 14:05 Show Comment
Tidak ada komentar:
Posting Komentar