Pwn2Own Day 1: Hackers Earn $280k For Hacking Chrome, Flash, Safari

wiredmikey writes: Pwn2Own 2016 contestants hacked Apple's Safari Web Browser, Adobe Flash Player and Google Chrome, and earned more than $280,000 on the first day of the competition taking place this week alongside the CanSecWest conference in Vancouver, Canada. This is the first edition of Pwn2Own where contestants have been invited to escape a VMware virtual machine for a bonus of $75,000, though there has not been a successful exploit yet in this class by any contestant this week. It remains to be seen if contestants manage to surpass last year's total payout, when white hat hackers earned $552,000 at Pwn2Own.

Wrong subsequent links

[kav2k]

All three links lead to the same article, which seems to be a copy&paste oversight.

I believe the second link was meant to be http://www.securityweek.com/ha... and the third http://www.securityweek.com/re...

Re:Very happy...

[castionsosa]

Virtualization is one of the biggest defensive tools we have against compromise. From being able to roll back or discard/spin up a VM if it is compromised to popping snapshots of disk and memory and scanning those for running malware, or just to keep bad stuff from trying to flash firmware to a real device like a bare metal hard disk, virtualization is a must.

My concern is that it isn't just the ESXi hypervisor that keeps the bad guys out. There are four main hypervisors out there that need to be looked at: ESXi, Hyper-V, Linux KVM, and Xen, with Xen giving way to KVM. There are also containers like LXC and Docker that are important as well. I can see KVM being more of an issue over time as OpenStack goes from "cool toy" to production quality.

The good thing is that hypervisors in general have a limited attack surface, run relatively few applications, and tend to have a better focus on security than general operating systems.