Pwn2Own ready to hand out $560K to hacking contest winners this year

The annual Pwn2Own hacking contest has set the record this year as far as cash prizes go, putting $560,000 on the line to shell out to only the craftiest hackers around.

HP TippingPoint, the organizer of the yearly event held at CanSecWest in Vancouver, announced this week that they would be revamping the challenge as well as the awards, which amount to more than five times the sum dished out last year.

The competition is pretty straight forward. Pwn one of the Big Four browsers on a fully patched laptop, and then you get to own the laptop. And some cash.

For those not familiar with the term, the Urban Dictionary’s most “liked” entry, submitted by user Tactical Ghost, defines it as this:

PWN (verb)

1. An act of dominating an opponent.

2. Great, ingenious; applied to methods and objects.

Originally dates back to the days of WarCraft, when a map designer mispelled “Own” as “Pwn”. What was originally supose to be “player has been owned.” was “player has been pwned”.

Pwn eventually grew from there and is now used throughout the online world, especially in online games.

1. “I pwn these guys on battlenet”

2. “This strategy pwns!” or “This game pwn.”

Any competitor who can find vulnerabilities, or pwn, Chrome, Firefox, Internet Explorer or Safari, or Adobe Reader, Flash, or Oracle Java plug-ins can win up to a $100,000 chunk of the prize money for their work in the Pwn2Own competition.

First to hack Chrome on Windows 7 or IE10 on Windows 8 will win $100,000. After that, payments are still hefty, with the second highest at $75,000 for IE9 and the lowest at $20,000 for Java.

The competition states:

A successful attack … must require little or no user interaction and must demonstrate code execution.

The targets will be running on the latest, fully patched version of Windows 7, 8, and OS X Mountain Lion. All targets will be installed in their default configurations. The vulnerabilities utilised in the attack must be unknown and not previously reported to the vendor. If a sandbox is present, a full sandbox escape is required to win.

Pwn2Own will run March 6-8 at the CanSecWest security conference in Vancouver, British Columbia.

With Google coming in as a co-sponsor, the event has more media attention, and money behind it, than ever before. Brian Gorenc, a TippingPoint researcher, told Computer World that Google was set to be a co-sponsor last year. Apparently the tech giant pulled out over discrepancies over the year’s rules, which involved a confusing point system that mixed up the process.

This year the contest has had a complete overhaul: competitors draw order prior to the start of the contest, each has a 30-minute crack at it, and the first to reach an exploit wins the dough. Plain and simple.

Another, and perhaps more important change, is that now, contest winners are required to provide TippingPoint with the complete exploit and all of the details of the attack. This way, the contest serves a stronger purpose and vendors can actually fix the flaws.

Official 2013 Pwn2Own rules are posted on the TippingPoint website, and those who are interested in following the occasion can take to the competition’s Twitter.

Ensuring data is protected (hackers don’t just do this in legal contests, you know) should be any business’s top priority. If you are looking to fill a senior-level security position, contact Tiro Security and ask to find out more about our Executive Search options.

Posted in