Hack Chrome, Win $20,000

← Back to Stories (view on slashdot.org)

Posted by timothy on Thursday February 3, 2011 @08:16AM from the don't-quit-my-day-job dept.

CWmike writes "Google will pay $20,000 to the first to exploit its Chrome browser at this year's Pwn2Own hacking contest at CanSecWest in Vancouver, BC, on March 9. At this year's Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft's IE, Mozilla's Firefox, Apple's Safari and Chrome. The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards. 'We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000,' said Aaron Portnoy, the manager of the sponsor, HP TippingPoint's security research team, which set the contest's rules Wednesday in a blog post written by Portnoy."

79 comments

Min score:

Reason:

Sort:

of course not on linux by Anonymous Coward · 2011-02-03 08:18 · Score: 0, Flamebait

That wouldn't be fair.
1. Re:of course not on linux by thetoadwarrior · 2011-02-03 08:26 · Score: 0
  
  I presume it would be easier on Windows anyway so who cares?
2. Re:of course not on linux by hairyfeet · 2011-02-03 08:59 · Score: 1, Insightful
  
  First of all to quote the million pedantics we have here "Linux is a kernel NOT an OS" and second, which fricking one? There are about a bazillion Linux based distros out there, and ANY one they choose will be considered shite by the Linux geeks: Ubuntu? kiddie newb OS according to the guys here.
  And then of course is the elephant in the room: Linux is only used by geeks that actually know enough about an OS to work on it and therefor are more secure simply by having more knowledge and experience. It is like the different between an Air Force flight mechanic and the guy that works on airplanes at the backwoods airport, in that one always lives with a wrench in his hand and is constantly working on different things (just like the Linux geeks I know which try different distros like normal people try on clothes) and the other that knows just enough to be dangerous, like the average Windows or Mac user I have to clean up after.
  But in the end it is companies like Google that care about this, and with them it all comes down to demographics. Linux users are more likely to use Chromium because they actually care (or even know) about privacy issues, and are likely to tweak everything they run. Windows and Mac users run defaults a good 99.995% of the time and THAT is what companies like Google want to find out: Will their defaults make it easy to hack or not. Linux simply brings nothing to this discussion,anymore than letting someone like me go into the Windows machine and set everything up beforehand so it would be less of a target.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
3. Re:of course not on linux by Anonymous Coward · 2011-02-03 09:09 · Score: 0
  
  Maybe you should compare (1, 2) Chromium's sandboxing implementations before making that statement. It's consistently had a fledgling half-working SUID build, and AppArmor has been basically ignored by the devs. Security on Chromium seems to start on Windows and then work its way down.
Exploits? by Anonymous Coward · 2011-02-03 08:29 · Score: 0

I'm a bit confused by the article. They use so many buzzwords I'm not sure what they're looking for when they say "hack".
1 vulnerability to escape a sandbox, 1 vulnerability to exploit a bug in chrome, but to what end? Hijacking someone's session data?
1. Re:Exploits? by MrEricSir · 2011-02-03 08:33 · Score: 1
  
  Immanentizing the eschaton?
  
  --
  There's no -1 for "I don't get it."
2. Re:Exploits? by 99BottlesOfBeerInMyF · 2011-02-03 08:33 · Score: 1
  
  Pwn2Own has been going on for years. Just Google the competition and the goal required to win a prize is very clearly explained.
3. Re:Exploits? by Suki+I · 2011-02-03 08:40 · Score: 1
  
  I'm a bit confused by the article. They use so many buzzwords I'm not sure what they're looking for when they say "hack".
  1 vulnerability to escape a sandbox, 1 vulnerability to exploit a bug in chrome, but to what end? Hijacking someone's session data?
  Golf may be involved. Perhaps a taxi driver golfing, with a driver.
  
  --
  Home of The Suki Series
4. Re:Exploits? by Stenchwarrior · 2011-02-03 09:07 · Score: 1
  
  They have to hack the browsers from the cloud while using public apps and in a virtual environment, all the while staying well within the green limits set forth by the cyber industry. If they win they get $15,000 and a set of e-nano replicators.
  
  --
  Loading...
5. Re:Exploits? by tehcyder · 2011-02-04 03:02 · Score: 1
  
  That's easy for you to say.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
The machine is a prize? by MrEricSir · 2011-02-03 08:31 · Score: 3, Funny

The list of prizes includes "... the machine running the browser."
Who would be dumb enough to use a computer they won from a hacking contest?

--
There's no -1 for "I don't get it."
1. Re:The machine is a prize? by Rinnon · 2011-02-03 08:36 · Score: 2
  
  That's a kind of silly question. It's not like a door that has been broken open and won't close. They'll probably take it home, install Linux on it, maybe change the MAC address on the NIC, and it's basically a new machine.
2. Re:The machine is a prize? by Anonymous Coward · 2011-02-03 08:36 · Score: 0
  
  People can certainly reformat the PC if they want to and the problem is solved.
3. Re:The machine is a prize? by TaoPhoenix · 2011-02-03 08:37 · Score: 4, Funny
  
  "I'll take Things to do with faulty Sandy Bridge machines for 200 Alex".
  
  --
  My first Journal Entry ever, in 8 years! http://slashdot.org/journal/365947/aphelion-scifi-fantasy-horror-poetry-webzine
4. Re:The machine is a prize? by nzac · 2011-02-03 08:38 · Score: 1
  
  Why?? You would have a rather good understanding of what you just did to the computer so you can fix it.
  Or if you are worried about being traced as a hacker the hard drive would immediately be formatted and os reinstalled and if you are especially paranoid or do illegal hacking change the MAC address.
5. Re:The machine is a prize? by Anonymous Coward · 2011-02-03 08:41 · Score: 0
  
  do illegal hacking change the MAC address.
  It's a contest where people are invited to compete to break into the machine. What is so illegal about it? And change the MAC address? What for?? They are not stealing the machine!! And MAC address is fixed to the motherboard. Might as well change BIOS version - would be same useless effect.
6. Re:The machine is a prize? by MrEricSir · 2011-02-03 08:44 · Score: 2
  
  Not if the hardware was compromised.
  
  --
  There's no -1 for "I don't get it."
7. Re:The machine is a prize? by nzac · 2011-02-03 08:48 · Score: 1
  
  note the if conditional statement >> if(paranoid || illegal hacker)
  if he was he might see the need to do this
  google mac address changer for me. I don’t know the specifics but its not on the motherboard its on network hardware so proof of concept would be to swap out the hardware.
8. Re:The machine is a prize? by Anonymous Coward · 2011-02-03 08:51 · Score: 0
  
  Your comment makes me very sad as to what Slashdot has become...
9. Re:The machine is a prize? by commodore64_love · 2011-02-03 08:52 · Score: 1
  
  I'd take it. I don't mind non-virgin machines.
  random question:
  - I'm running the non-google Chromium right now. Any reason to upgrade to Chrome?
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
10. Re:The machine is a prize? by eviljolly · 2011-02-03 08:53 · Score: 1
  
  From what I understand, the people receiving the machine would be the ones hacking it in the first place. I don't think there would be a problem.
11. Re:The machine is a prize? by wed128 · 2011-02-03 09:06 · Score: 1
  
  you can spoof a mac address in software anyway; the ifconfig ether command for instance.
12. Re:The machine is a prize? by Anonymous Coward · 2011-02-03 09:06 · Score: 0
  
  Not if the hardware was compromised.
  How would the hardware be compromised from a browser exploit?
13. Re:The machine is a prize? by Anonymous Coward · 2011-02-03 09:14 · Score: 0
  
  Do you trash the computer you own every time you run Windows Update or your OS' equivalent? Idiot.
  P.S.: Woosh all you want, it's a shitty joke so I replied anyway just in case.
14. Re:The machine is a prize? by MrEricSir · 2011-02-03 09:19 · Score: 1
  
  Windows Update can't solder a keylogger into my USB subsystem, so even if I used Windows, I wouldn't be too worried about that.
  
  --
  There's no -1 for "I don't get it."
15. Re:The machine is a prize? by nzac · 2011-02-03 09:20 · Score: 1
  
  I know browser hackers are not necessarily quite as skilled as (open)bsd hackers (but have success much more often) but i would think that the effort to make a hardware exploit that is undetectable to a winner would be more effort than its worth (it would have to survive a motherboard inspection and behave like the regular component almost all of the time) when it is likely that most hacking would be done from a desktop.
  Or if you think hacking the browser did the damage i think they win when they can execute some arbitrary code on the other machine (not that damaging unless the excitable was intended to do so)
16. Re:The machine is a prize? by Anonymous Coward · 2011-02-03 09:21 · Score: 0
  
  Code injection, elevation to standard user, elevation to super user, flaw to direct HW access, firmware compromise?
  Man, exploits are getting complex nowadays...
17. Re:The machine is a prize? by MrEricSir · 2011-02-03 09:21 · Score: 1, Insightful
  
  *facepalm*
  
  --
  There's no -1 for "I don't get it."
18. Re:The machine is a prize? by Anonymous Coward · 2011-02-03 09:55 · Score: 0
  
  ... the effort to make a hardware exploit that is undetectable to a winner would be more effort than its worth ...
  au contraire!
  a hardware rootkit on the machine of the contests winner is surely something...
19. Re:The machine is a prize? by allusionist · 2011-02-03 10:46 · Score: 1
  
  Let's start with the fact that as the WINNER of the contest, they were the ones who hacked it before we get into the other absurdities of that statement.
  Oh, and remember that this is only a contest, so they're just trying to get through the security, not actually do anything damaging once they're in.
20. Re:The machine is a prize? by Riceballsan · 2011-02-03 10:51 · Score: 2
  
  That puts it roughly at the same level of safety as any laptop you buy. If the hardware was comprimised, The government, the chip manufacturers, the QC people, the government could be requiring a hidden back door, any number of possible vectors are a higher possibility then some insane uber hacker planting a hardware level attack through a network connection in the plain view of several other hackers, that somehow finds it worth his time to plant a bug intended for the winner, but is not worth his time to just use his knowlege to get $20,000 and win the laptop himself.
21. Re:The machine is a prize? by YoshiDan · 2011-02-03 13:27 · Score: 1
  
  The details of the exploit used in the competition aren't released until after the vendor has released a patch to fix it...
22. Re:The machine is a prize? by dudpixel · 2011-02-03 14:14 · Score: 1
  
  who says you have to connect it to the internet?
  
  --
  This seemed like a reasonable sig at the time.
23. Re:The machine is a prize? by LordLimecat · 2011-02-04 02:58 · Score: 1
  
  Why would you need to change the mac address?
  Its like people think that someone else knowing your NIC's MAC is a security issue; you cant even discover a MAC address once you go through a router.
24. Re:The machine is a prize? by tehcyder · 2011-02-04 03:03 · Score: 1
  
  That's a kind of silly question. It's not like a door that has been broken open and won't close. They'll probably take it home, install Linux on it, maybe change the MAC address on the NIC, and it's basically a new machine.
  They'll install Linux in a door?!
  Now I'm confused too.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
25. Re:The machine is a prize? by tehcyder · 2011-02-04 03:07 · Score: 1
  
  simple, you bring up a DOS prompt and ask the user to type in "format c:"
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
Cat and Mouse by Arch_Android · 2011-02-03 08:31 · Score: 1

While I applaud their efforts, the truth of it is that there's always another exploit to fix.
1. Re:Cat and Mouse by Anonymous Coward · 2011-02-03 08:34 · Score: 0
  
  According to TFA, they've been offering a prize at this contest for hacking Chrome since 2009 and no one has yet taken it.
2. Re:Cat and Mouse by samuel.hurley · 2011-02-03 09:24 · Score: 1
  
  Plus, its sort of a bad deal for the contestants, isn't it? Expand many man-hours of effort groping for a prize that probably won't materialize. No one is guaranteed to 'win,' but Google is guaranteed to get lots of free labour! Just a thought before you enter into something like this...
Hack Chrome, Win $20,000 by John+Hasler · 2011-02-03 08:38 · Score: 2

Shouldn't the prize be a free copy of Chrome?
Oh. Wait...

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
1. Re:Hack Chrome, Win $20,000 by rainbow9898 · 2011-02-03 19:03 · Score: 1
  
  Thanks for showing up such fabulous information. I have bookmarked you and will remain in line with your new posts. I like this post, keep writing and give informative post...! escort delhi
Slashdot wins by Suki+I · 2011-02-03 08:39 · Score: 1

I presume it would be easier on Windows anyway so who cares?
My Chrome on Win7 looks all funny in the new Slashdot.

--
Home of The Suki Series
Chrome stands tall by Randyll · 2011-02-03 08:49 · Score: 4, Insightful

Chrome has never been hacked, which is not surprising, because the contest requires the contestant to exploit a Chrome bug and escape the sandbox while doing so. This is a far greater challenge than merely exploiting a browser bug that lets you do whatever, because if you find an exploit in Chrome the odds are high you will run into the sandbox and be stopped outright.
1. Re:Chrome stands tall by commodore64_love · 2011-02-03 08:59 · Score: 1
  
  >>>Chrome has never been hacked
  Impressive. Are there any other browsers that can claim that distinction? SeaMonkey? Opera? Amiga Origyn? Mozilla TimberWolf?
  
  --
  "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
2. Re:Chrome stands tall by Anonymous Coward · 2011-02-03 09:01 · Score: 0
  
  It's do-able. I had my version of chrome hacked and loaded with malware before. It was a credential scanner that ran in the cache (I only ever saw it when running chrome), so it didn't escape the sandbox, but it was still a nasty little piece of software.
3. Re:Chrome stands tall by Anonymous Coward · 2011-02-03 09:34 · Score: 2, Informative
  
  Yeah, people sometimes forget about this when talking about sandboxes. The sandbox might prevent malware from escaping to the OS or to another tab process, but it WON'T prevent it from masquerading as the tab session, and snooping on whatever you're doing in that tab. Even if things like form input/submission were moved to the broker, the malware could just rewrite the DOM, since parsing is typically done with least permissions. It's just a short-lived malware infection, existing only in memory.
4. Re:Chrome stands tall by lennier · 2011-02-03 10:05 · Score: 0
  
  Chrome has never been hacked
  Except for the one time when Bobby Quine and Automatic Jack picked up that Russian icebreaker from the Finn, but the whole Sprawl thinks that's just a legend now.
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
5. Re:Chrome stands tall by icebraining · 2011-02-03 10:38 · Score: 1
  
  Not Opera, apparently: https://www.alternativ-testing.fr/blog/index.php?post%2F2011%2F%5BCVE-XXXX-XXXX%5D-Opera-11-Integer-Truncation-Vulnerability
  But in general, plenty, but none with that user base.
  
  --
  Dilbert RSS feed
6. Re:Chrome stands tall by Anonymous Coward · 2011-02-03 10:53 · Score: 0
  
  Chrome had a 140 vulnerabilities reported just last year, so by that metric, you are a troll.
7. Re:Chrome stands tall by icebraining · 2011-02-03 12:10 · Score: 1
  
  And you're an idiot because it was Randyll who said Chrome had never been hacked, not me.
  
  --
  Dilbert RSS feed
8. Re:Chrome stands tall by Anonymous Coward · 2011-02-03 12:44 · Score: 0
  
  Opera is probably the most secure browser around, but I don't know that it hasn't ever been hacked. Still, every past vulnerability for Opera has required a user to do such significant work that there may as well not even be an issue. Opera is also fast to release patches.
9. Re:Chrome stands tall by Anonymous Coward · 2011-02-03 14:01 · Score: 0
  
  Chrome has never been hacked
  interesting theory... maybe you're confusing chrome for a mac. (snicker)
10. Re:Chrome stands tall by Anonymous Coward · 2011-02-05 03:41 · Score: 0
  
  Please stop the trolling, because that's not even remotely how the Chrome sandbox works. The Chrome renderer process can't even read or write to the filesystem directly. So, what you describe is impossible by design. That's not to say damage can't be done from inside the sandbox; it certainly can, but nothing like the story you concocted.
Unhackable eh? by JustAnotherIdiot · 2011-02-03 08:56 · Score: 1

Whenever I see "un" attached to an adjective, I'm inclined to believe it to be false. Unsinkable ship my foot.

--
What do I know, I'm just an idiot, right?
1. Re:Unhackable eh? by Sigma+7 · 2011-02-03 09:09 · Score: 1
  
  Whenever I see "un" attached to an adjective, I'm inclined to believe it to be false.
  Even unstable?
  (Affected players did have a workaround, but it wasn't on the official support pages.)
Good to hear by amn108 · 2011-02-03 09:03 · Score: 1, Interesting

It's good to hear that we finally can link the pwnage and the ownage together. It's only fair, after all (ref. owning the machine you just pwned)
Nice prizes, wrong ideas by Anonymous Coward · 2011-02-03 09:10 · Score: 0

Writing browser specific attacks is going about it the wrong way. Sure, you might come up with a vector that works for N% of the current browsing population, but you will score a higher percentage of that population if you target a plugin they are all likely going to have installed without knowing, such as PDF, Flash, or Java. Once you hit those plugins, it is very likely you've already escaped the sandbox and can now perform a more traditional attack on the machine itself.
1. Re:Nice prizes, wrong ideas by Anonymous Coward · 2011-02-03 10:21 · Score: 0
  
  Unfortunately for Flash, you now have (I think) two variants: IE/Mozilla and Chrome's. Chrome's Flash build uses its own native sandboxing architecture. IE's should have been the same. Microsoft probably fucked that one up by not working with Adobe (not that anyone should need to babysit Adobe...).
  Same story for PDF, almost. Chrome has a Google-built, proprietary, sandboxed PDF plugin. And anyway, the first thing I do on any machine when deciding to install Acrobat, is to disable Adobe's crappy PDF plugin: that shit doesn't ever need to run inside the browser.
2. Re:Nice prizes, wrong ideas by Anonymous Coward · 2011-02-03 10:26 · Score: 0
  
  And I forgot one more thing. In Chrome:
  about:flags > Click to play: enable
  Options -> Under the Hood -> Content settings... -> Plug-ins: Click to play
  Learn to love it.
  Not to imply exploit authors should be concerned about this. They shouldn't. The average user will never do the above. But IMO it's inevitable that browsers will make this the default choice for plugins someday.
Microsoft Copied... HA! by kellyb9 · 2011-02-03 09:15 · Score: 2

I hacked it to make Bing come up with the same results as Google... Please send me a check or a money order.
Or.... by Anonymous Coward · 2011-02-03 09:50 · Score: 0

Hack Chrome. Keep quiet about it. Sell it to criminals for a lot more.
Why go to a contest? by Anonymous Coward · 2011-02-03 09:51 · Score: 0

If I'm good enough to exploit a browser, then I can surely find more profitable ways than a mere 20,000 dollars.
Especially when you consider the taxes. Sure, I might have to do ILLEGAL things to make money, but for some people the reward would trump the risk of being caught.
1. Re:Why go to a contest? by perryizgr8 · 2011-02-04 00:34 · Score: 1
  
  for me, risk-reward logic gets skewed if i have to do something that i consider wrong( whatever that means). even if presented with great rewards and low risk i might choose not to do something if i find it immoral.
  i expect the majority of people to think likewise.
  
  --
  Wealth is the gift that keeps on giving.
So how does this all work? by origin2k · 2011-02-03 09:55 · Score: 1

I'm curious, how does this contest work? You sign up for a 30 minute spot. Do they allow the security researcher to sit at the system to compromise and operate it or does the security researcher direct a user to visit some url with a potential exploit? Part of the contest is to exploit the browser so I am guessing that the browser needs someone operating it and fetching well crafted html etc. from some where.
The phone stuff looks interesting as they are looking for drive by exploits as well as browser exploits.
1. Re:So how does this all work? by Anonymous Coward · 2011-02-03 10:36 · Score: 0
  
  http://tinyurl.com/6h8qmk5
2. Re:So how does this all work? by kent_eh · 2011-02-03 15:27 · Score: 1
  
  No, the attacks come over the network (in the case of the wireless devices, over the air).
  
  There's pretty much no challenge attacking a system you have physical access to.
  
  --
  
  ---
  "I can't complain, but sometimes still do..." Joe Walsh
sure win? by Have+Brain+Will+Rent · 2011-02-03 09:57 · Score: 1

The rules aren't clear... can I use a gun?

--
The tyrant will always find a pretext for his tyranny - Aesop
1. Re:sure win? by thehodapp · 2011-02-03 15:39 · Score: 1
  
  No, but knives less than 5 inches and certain hatchets are allowed for the hacking part.
Don't trust Chrome with more than $20k by fizzup · 2011-02-03 12:02 · Score: 2

What I get from this is that Google is so certain of Chrome's security, they're willing to trust $20k on that security. The lesson you can take from this is not to do anything with the Chrome browser that would put you at risk of losing more than $20k. After all, the authors won't risk more than that. Of course, other authors are even less certain of their browser's security...
1. Re:Don't trust Chrome with more than $20k by Anonymous Coward · 2011-02-03 12:18 · Score: 0
  
  Actually, I think Google is perhaps most convinced of its insecurity. This isn't for bragging rights; if (when) some serious flaw is found in Chromium, no one will be saying to Google, "aren't you embarrassed now?" Incentives like this simply encourages relatively unknown hackers who before had scant motivation to temporarily work for Google (most of it for free... although I doubt that was an inspiration).
2. Re:Don't trust Chrome with more than $20k by Anonymous Coward · 2011-02-03 13:00 · Score: 0
  
  I believe you're using the term risk in the wrong context here. Google isn't risking anything. The browser is in the wild already, the code is as free as it could ever potentially be. What they are doing is challenging anyone and everyone to hack it. As incentive for someone to complete that challenge, they're willing to give someone free money. From the perspective of and end user, they're willing to give away $20,000 to improve their my security and experience while I use their browser. Take off your tin-foil hat and exit in an orderly fashion.
3. Re:Don't trust Chrome with more than $20k by Anonymous Coward · 2011-02-04 02:35 · Score: 0
  
  I highly doubt that the coders are the ones deciding how much money is involved.
but no Linux? by thehodapp · 2011-02-03 15:33 · Score: 1

Why no love for Linux? I personally think it would be much more interesting to see if they could hack Chrome (or Firefox) on a Linux based OS (like Ubuntu). Although I suspect it would actually be easier because less testing is done on those platforms (or at least less development).
1. Re:but no Linux? by Anonymous Coward · 2011-02-04 00:28 · Score: 0
  
  The reason Linux is absent is that its hard to hack. Hacking Linux through Chromes sandbox is even harder.
Waste of time and money by cheros · 2011-02-03 20:19 · Score: 1

This is pure marketing. If they want to prove to me it's secure, ask for a public code review and reward those who find clear problems, and compile from that reworked code.
A "pass" from a hacking contest only shows that at a specific point in time, a specific set of people with specific skills were either unable to break a specific version of the software or unwilling to tell the organisers what they found so they could exploit that later for much more profit.
Any occurrence of the word "specific" indicates a variable that will invalidate the result of that contest - pass or fail.
But hey, it looks good in the press, I guess..

--
Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
1. Re:Waste of time and money by n0-0p · 2011-02-05 05:07 · Score: 1
  
  This is pure marketing. If they want to prove to me it's secure, ask for a public code review and reward those who find clear problems, and compile from that reworked code.
  The codebase (minus PDF, Flash, and branding) is open source. Google pays out anywhere from $500 to $3113.70 to anyone who reports Chrome/Chromium security vulnerabilities to them. And if you look at the release notes on Chrome and Safari it's obvious that Google has a full-time team searching for and fixing security issues in both Chrome and WebKit. I'm not sure what else you want them to do, because they're already going well beyond anything you suggested.
2. Re:Waste of time and money by cheros · 2011-02-06 19:19 · Score: 1
  
  Maybe stop marketing gimmicks? There are two direct problems with what they do here:
  1 - it gives others the impression that hack contests are the way to assure security. This is the same as corporate execs relying on audit to assure the security of an IT platform instead of making sure they have solid fundamentals in place so that no retro-fitting is required.
  2 - it takes away the focus from the fact that they do indeed do the preparing work as well. They could make more work of the whole process instead of just focusing on the result with this stunt. It propagates an approach that is, frankly, not the best thing to promote if you want people to think about security.
  
  --
  Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
Not enough cash by dugeen · 2011-02-03 22:11 · Score: 1

They'd have to pay me USD 20,000 just to get me to *use* Chrome again, never mind hack it. Software that secretly creates 3 separate scheduled tasks to reinstall its update program if it's deleted is indistinguishable from malware.