Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Raises the Ante at CanSecWest With $2.7M In Pwnium Prize Money

Posted by timothy on from the advertising's-where-the-money-is dept.

Trailrunner7 writes with this excerpt: "Building on the success of the last couple of years, Google plans to offer more than $2.7 million in potential rewards in the next iteration of its Pwnium hacking competition at this year's CanSecWest conference in Vancouver. The company has run the contest in parallel with the older Pwn2Own competition at the conference, with somewhat different rules, and this year plans to allow researchers to go after Chrome OS running on both ARM- and Intel-based Chromebooks. Pwnium began as Google's answer to Pwn2Own, the well-known hacking contest that has attracted some of the top researchers in the industry over the course of the last few years, including Dino Dai Zovi, Charlie Miller, Chaouki Bekrar and the Vupen team and many others. ... But the money that Google is putting up for new compromises of Chrome OS is far beyond what's available at Pwn2Own or any of the other major contests and has attracted a small, but elite, group of contestants in past years. The company is promising rewards of as much as $150,000 plus some bonuses, paid at Google's discretion, for especially innovative or serious exploits."

24 comments

  1. Rewards by Anonymous Coward · · Score: 0

    "Google plans to offer more than $2.7 million in potential rewards"...

    Yeah and you can get guaranteed rewards selling them on the free/underground market.

    1. Re:Rewards by BlueStrat · · Score: 4, Insightful

      "Google plans to offer more than $2.7 million in potential rewards"...

      Yeah and you can get guaranteed rewards selling them on the free/underground market.

      Yeah, but a lot of people also like not having to keep looking over their shoulder and would be happy with much less, if both the hack they accomplish and the money they receive is all legal and above-board.

      You can't exactly put your little IRC 0-day transaction on a normal job resume, either. Well, strike that, you *can*...however, you'll more than likely become "long-term employed" by a correctional facility. I don't think you'll be working in the IT Dept, however. Just a guess.

      Strat

      --
      Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
    2. Re:Rewards by Anonymous Coward · · Score: 0

      If you disclose it and get rewarded, without going public or underground how is that a felony? You have to the same person that brings this up every time these "hacks" [as you call them, where I call them security vulnerabilities} when there not being exploited in the wilderness for gain!

      It is either a research security company or a really good programmer that knows how to exploit certain systems, you make it sound as if these these people are black hat hackers, if that was the case they can make far more money from selling there hack in the underground rather then getting pocket money out of a 2.7 million dollar bounty.

      And my next point, would be if a billion dollar company that receives a few million in fines just about every year from the EU can blow it off because to them it really is like taking a 10 dollar bill out of your wallet, I wouldn't even bother to participate. On top of Gaagle abusing anything open source for there own greed they deserve to hacked apart.

      The total 2.7 million split into pocket change to the hundreds that will find some exploit.. [just want that to sink in] Out of billions they make....
         

    3. Re:Rewards by Anonymous Coward · · Score: 0

      Did you ever learn about run on sentences and do you ever proofread?

    4. Re:Rewards by aliquis · · Score: 1

      Yeah who in IT would hire Mitnick?

    5. Re:Rewards by Anonymous Coward · · Score: 0

      Before or after media made him a celebrity? Also, before or after he overturned terms of his release banning access to any device more complex than a phone?

      PS: Also note that he was "employed" by correctional facilities for quite some time. Was that 5 years or 7?

    6. Re:Rewards by swillden · · Score: 1

      The total 2.7 million split into pocket change to the hundreds that will find some exploit

      $150K is pocket change to you? From the contest rules:

      7. REWARDS: Rewards for eligible Exploits will be allocated to eligible entrants on a first-come-first-served basis, based on time of submission during the Program Period specified above, until such time as the total reward pool of $2.71828 million USD is exhausted:

      An entrant submitting an Exploit demonstrating a Chrome OS system-level compromise delivered via a web page and triggerable when browsing in Guest mode and affecting all subsequent Guest mode sessions across reboots (“persistent Guest-to-Guest exploit”) using bugs in Chrome OS, as determined in the sole discretion of the Judges, will receive a reward of $150,000 USD (one hundred and fifty thousand U.S. dollars).

      An entrant submitting an Exploit demonstrating a Chrome browser-level compromise delivered via a web page using bugs in Chrome OS as determined in the sole discretion of the Judges, will receive a reward of $110,000 USD (one hundred and ten thousand U.S. dollars).

      Google reserves the right to issue partial rewards, in its sole discretion, for partial, incomplete or unreliable Exploits. Google may also consider issuing significant bonuses for any Entrant who demonstrates a particularly impressive or surprising exploit.

      So system-level compromises with $150K. Browser-level compromises win $110K. On top of that, particularly impressive or surprising exploits may get additional money.

      Maybe that's pocket change to you, but I doubt it is to the average security researcher, regardless of the color of his hat.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  2. At their discretion by Anonymous Coward · · Score: 2, Funny

    You'll need a Google+ account for that...

  3. $2.71828 million by Tom239 · · Score: 1

    From Google, "more than 2.7" means, well, you know what.

  4. Google Hates America by Anonymous Coward · · Score: 0

    Either that or there's some kind advantage/avoidance loophole by being on the other side of the border.

  5. Re:First!!!! by Anonymous Coward · · Score: 0

    Ahhhhh!

    Anybody can do it as an AC.

  6. That's a lot of money... by Anonymous Coward · · Score: 0

    ...for an OS nobody really cares about. I can't for the life of me understand why I would want to use something that's less useful than my phone.

    1. Re:That's a lot of money... by Anonymous Coward · · Score: 0

      Because it's not a shitfest. malware and ransomware and viruses like Windows?

  7. Bring the lost smile to the lips of your loved one by Anonymous Coward · · Score: 0

    Sometimes a simple gift can create lots of magic that cannot be conveyed through the words. The people of whole world can now send their warm wishes and intimate love anytime anywhere in a day by just a single click of a computer mouse. Send Cakes and Chocolates Online Worldwide through online services and make people happy. A lot of online store are always ready to help their customers with faithful services and products. Show your love and affection with this splendid presents.

  8. Insane hater trolls be insane by Anonymous Coward · · Score: 0

    Are you even reading what you're replying to?

    That's exactly what GP says - sure, you can go black hat and sell them underground, right until you get caught, or you can publish them legally at Pwnium or somesuch and get a nice item to add to your CV when you're looking for employment at "a research security company" as a really good programmer. Having fun stabbing strawmen there?

    And your next point, without discussing appropriate pay for vulnerability disclosure, what do Google profits have to do with size of rewards? If you get a pay raise, does your utility company raise your power bill because you're making more money now?

    PS: I'm going to ignore your "abusing open-source" line. I think I've seen you trotting this out before, but you never could coherently explain the nature of that "abuse" anyways.

    PPS: I like it how you just fuse there/their/they're into "there". Most illiterates at least feel they should use different spellings for different meanings while writing a single post

    PPPS: >"hacks" [as you call them, where I call them security vulnerabilities}
    > selling there hack in the underground
    It seems you be calling them "hacks" too when you're not trying to come across as smarter-than-you.

  9. Who Was The First to Suggest This to Begin With by Anonymous Coward · · Score: 0

    Just wondering who was the first to ever suggest bug-bounty rewards and hacking school? Do the search and do the math. :p

    R.G.J.

  10. THERE?!?! by Anonymous Coward · · Score: 0

    THERE!!

    There here! And there abducting literate children here, there and everywhere and making them illiterate! I see where there heading with this. There evil and I see what you did there.

  11. Pro hackers by Anonymous Coward · · Score: 0

    Why are professional hackers called researchers?

  12. How does one pronounce "Pwnium"? by Anonymous Coward · · Score: 0

    Ponium, ownium, pyoonium?

  13. I pronounce it by Anonymous Coward · · Score: 0

    the corporate sellout of everything sacred

  14. It's a shibboleth by Anonymous Coward · · Score: 0

    Church of Google shuns you

  15. Nice by Anonymous Coward · · Score: 0

    Good discussion!