Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Pledges Pi Million Dollars In Pwnium 3 Prizes

Posted by samzenpus on from the puns-are-fun dept.

chicksdaddy writes "Google cemented its reputation as the squarest company around Monday (pun intended), offering prizes totaling Pi Million Dollars — that's right: $3.14159 million greenbacks — in its third annual Pwnium hacking contest, to be held at the CanSecWest conference on March 7 in Vancouver, British Columbia. Google will pay $110,000 for a browser or system level compromise delivered via a web page to a Chrome user in guest mode or logged in. The company will pay $150,000 for any compromise that delivers 'device persistence' delivered via a web page, the company announced on the chromium blog. 'We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems,' wrote Chris Evans of Google's Security Team."

42 of 60 comments (clear)

  1. Needs to go to the cents... by sconeu · · Score: 4, Insightful

    $3,141,592.65 whould be better.

    --
    General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    1. Re:Needs to go to the cents... by Obfuscant · · Score: 1

      I'd settle for e million.

    2. Re:Needs to go to the cents... by Anonymous Coward · · Score: 1

      $3,141,592.65 whould be better.

      Dude, why are you putting so much emphasis on the h?

  2. Square? by stewsters · · Score: 1

    Squarest? -1 troll? I would have gone well rounded.

  3. Cost of business by girlintraining · · Score: 3, Interesting

    For exploits like that, the black market still pays somewhat better than Google is. All I'm saying is, if I were sitting on a chrome exploit that allowed remote code execution, I wouldn't sell it for a measily $150 grand. That's worth a couple million, easy.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Cost of business by kwerle · · Score: 2

      I'll bite:
      Where? Who is paying that kind of money?

    2. Re:Cost of business by bobthesungeek76036 · · Score: 1

      And you would have to pay taxes on the $150K...

      --
      Karma: Bad
    3. Re:Cost of business by SomePgmr · · Score: 1

      http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/

      Chrome: $80-200k

      Of course, one is legal and legit and the other is pretty evil. So for some people I imagine it's the only real option.

    4. Re:Cost of business by SomePgmr · · Score: 1

      I really should have said, I don't know that there's anything illegal about selling an exploit to your own government, even if it's through a broker (as is the case in the article).

      But comparatively evil? I would say so. I think I'd rather get paid pretty well and just have Google fix the software for everyone.

      Such activities are out of my league anyway, though.

    5. Re:Cost of business by girlintraining · · Score: 3, Insightful

      Chrome: $80-200k

      Keep in mind, that's the sale price; It does not mean you get it exclusively. You can sell it to multiple parties, unlike Google.

      --
      #fuckbeta #iamslashdot #dicemustdie
    6. Re:Cost of business by RedHackTea · · Score: 1

      Eh, I'd rather take the money legally.

      How will you make the swap between money and code? You'll have to make 100% sure that the buyer is not an undercover FBI agent. If he's not, then you'll have to make 100% sure that you can trust the middleman so that you don't get gutted like a pig (buyer pays middleman half of what he would pay you for this). If the buyer and middleman check out, then you'll have to have a mechanism/person to verify the money. If all of that checks out, you'll never be able to put that money in the bank. You'll have to keep it under your mattress or move to another country.

      So if you already have money (to buy the "verifiers" and bodyguards) and "good" connections and you no longer wish to see your friends/family (and don't mind looking over your shoulder for "black helicopters" for the rest of your life), then you're fine. Wait a second... Code Monkies are generally loners/outcasts... have a decent paying job... and are always paranoid anyway...

      See you guys later!

      --
      The G
    7. Re:Cost of business by cheater512 · · Score: 1

      Who says you can't 'sell' it to Google too? They don't need to know it was you who sold it to botnet makers.

    8. Re:Cost of business by DrEldarion · · Score: 1

      It's not just about the money. You get:

      1) Assurance that you'll actually get paid instead of completely ripped off.
      2) Assurance that you won't be found out and brought up on legal charges.
      3) The publicity that comes with Google publishing your name as someone who's better than they are at finding vulnerabilities.
      4) The money.

    9. Re:Cost of business by bobthesungeek76036 · · Score: 1
      Maybe you should read the article:

      "...Each price assumes an exclusive sale, the most modern version of the software, and, of course, not alerting the software’s vendor..."

      --
      Karma: Bad
    10. Re:Cost of business by DragonWriter · · Score: 1

      For exploits like that, the black market still pays somewhat better than Google is.

      Yes, but if you get caught, you can lose anything you got paid (as the profits of crime) plus go to jail.

      Whereas if you sell to Google, you get money, publicity that you can use openly outside of the black market world, and you don't have to worry about going to jail for it.

      Also, some people have moral codes which would discourage selling exploits on the black market, but not seeking rewards through something like Pwnium.

    11. Re:Cost of business by girlintraining · · Score: 1

      Maybe you should read the article:

      Oh, I read it. I also saw a rather large blinking red arrow over the word "Assumed" that comes from real world experience with such things, unlike the journalist. Expecting a criminal to keep up his end of the bargain when there's potentially millions to be made selling to multiple parties is like expecting a terrorist to care his car bomb is taking up TWO parking spaces.

      --
      #fuckbeta #iamslashdot #dicemustdie
    12. Re:Cost of business by webmistressrachel · · Score: 1

      I'm quite sure that any terrorist is likely to ensure that he takes great care over how his car bomb is parked, right down to the number of spaces.

      First, he wants to ensure that bomb damages the target, and even more importantly the bomb has to go off.

      Do you think somebody handbraking untidily across car parking spaces and jumping out in the way you imply isn't going to arouse suspicion? Obviously, he's unlikely to want to be caught, too, your analogy simply isn't working. Also, a lot of 'criminals' want to "go straight" and Google is offering them a perfect opportunity here.

      --
      This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
    13. Re:Cost of business by jopsen · · Score: 1

      It's not just about the money. You get:

      1) Assurance that you'll actually get paid instead of completely ripped off. 2) Assurance that you won't be found out and brought up on legal charges. 3) The publicity that comes with Google publishing your name as someone who's better than they are at finding vulnerabilities. 4) The money.

      5) The ability to sleep at night.

      (Having a clear conscious isn't worthless, after all money is only money)

    14. Re:Cost of business by girlintraining · · Score: 1

      Do you think somebody handbraking untidily across car parking spaces and jumping out in the way you imply isn't going to arouse suspicion?

      In many locales, parking a car correctly and legally is out of the ordinary. Also... they tend to blow them up as soon as they're out of range... so I don't think anyone's going to call the bomb squad because someone double-parked... at least not before the boom.

      --
      #fuckbeta #iamslashdot #dicemustdie
    15. Re:Cost of business by RivenAleem · · Score: 1

      Isn't that what separates criminals from the rest of us? I know that I could earn more money doing illegal activities than where I work right now.

    16. Re:Cost of business by webmistressrachel · · Score: 1

      "In many locales, parking a car correctly and legally is out of the ordinary"

      I'm not sure how many high-profile terrorist targets thare are where parking properly would be out of the ordinary - but I'm pretty sure there's not many. Dump your van near our big mall in Manchester and you'd have people onto you fairly quickly. Through a combination of pedestrianisation and planned parking, the risk to the mall is greatly reduced. Can you town say this? Maybe if it's "out of the ordinary" to park normally near where you live, you need to look at your local planning and "safety by design, not force" policies.

      --
      This tagline was transcoded to result in at least one smirk. If you experience failure to smirk, please consult your Gen
  4. Pi Million Dollars? by Anonymous Coward · · Score: 5, Funny

    That just ain't rational.

    1. Re:Pi Million Dollars? by steelfood · · Score: 3, Informative

      At least it's real.

      --
      "If a nation expects to be ignorant and free in a state of civilization, it expects what never was and never will be."
    2. Re:Pi Million Dollars? by Anonymous Coward · · Score: 1

      It's like, transcendental, man.

  5. They're going to have a problem with that. by EmagGeek · · Score: 1, Funny

    pi * 10E6 != 3141592.65

  6. Rounding by tanujt · · Score: 1

    The bank is going to round that pi up.

    It'll be more like a pie.

  7. Cheapskates by bistromath007 · · Score: 1

    Are you telling me Google can't afford tau million dollars?

    1. Re:Cheapskates by Nemyst · · Score: 1

      Google were never really into taoism, but they sure like pie.

  8. I'd like a slice of that Pi, please. by plalonde2 · · Score: 2

    But if they were really trying to be correct they'd have made the price Tau dollars.

  9. Re:mis-misread that headline by YurB · · Score: 1

    Same here.

  10. The Tau of Pi by aNonnyMouseCowered · · Score: 2

    We settle for Pi when you can have Tau?

    http://tauday.com/

    1. Re:The Tau of Pi by chronokitsune3233 · · Score: 1

      I was just about to mention this. :-)

      Tau > Pi

      --
      I have been a captive in America my entire life. Everybody and everything uses customary units instead of metric.
  11. Cracking, not hacking by YurB · · Score: 2

    This is a cracking contest: the goal is to break stuff. If the goal was to write a new compiler or OS, then I would call it hacking. Yep, only geeks use that word that way, but isn't Slashdot a geeky site? I believe it's a good idea to promote the distinction between hacking and cracking, because otherwise Gnu/Linux (and possibly things like Wikipedia) could be called 'cancer' again. And yet they are the opposite.

    1. Re:Cracking, not hacking by MatrixCubed · · Score: 1

      RTFW

      And stop being so goddamn pedantic.

    2. Re:Cracking, not hacking by YurB · · Score: 1

      Someone has to be "goddamn pedantic".

    3. Re:Cracking, not hacking by YurB · · Score: 2

      Exactly. It has both meanings, but most people don't know that. If we used the word more carefully, we'd be educating more people that there's some difference between those hackers who have built Gnu/Linux, and those who and steal money from bank accounts. The problem is that most people don't know the other meaning. Why not let them know by occasionally using the 'cr' instead of 'h'? It's only one extra byte.

    4. Re:Cracking, not hacking by MatrixCubed · · Score: 1

      You're absolutely right. Thanks for making the world a better place, one nitpick at a time.

  12. Raspberry Pi by argee · · Score: 1

    Here, for a few seconds, I thought they were donating a million dollars to the
    Raspberry Pi people. A noble cause in itself.

    Alas, further reading disavowed me of *that* idea.

    1. Re:Raspberry Pi by arth1 · · Score: 1

      Here, for a few seconds, I thought they were donating a million dollars to the
      Raspberry Pi people. A noble cause in itself.

      What would be noble about it?
      Noble isn't a synonym for "donating to a non-profit".

  13. Wouldn't that be the roundest company? by fwc · · Score: 1

    After all, a square company wouldn't know anything about circles....

  14. Msoft by empties · · Score: 1

    Meanwhile, Microsoft is offering a free copy of Windows 8 to anyone who cracks Windows 8. Accounting for pi percent of their anemic sales.

  15. Apple should do this by TheSkepticalOptimist · · Score: 1

    Apparently Google is being sued in the EU because they found a way to exploit Safari's security and put device persistent cookies in spite of privacy settings.

    Of course, Apple would go bankrupt if people actually started poking at Safari security.

    --
    I haven't thought of anything clever to put here, but then again most of you haven't either.