Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Raises the Ante at CanSecWest With $2.7M In Pwnium Prize Money

timothy posted about 9 months ago | from the advertising's-where-the-money-is dept.

Google 24

Trailrunner7 writes with this excerpt: "Building on the success of the last couple of years, Google plans to offer more than $2.7 million in potential rewards in the next iteration of its Pwnium hacking competition at this year's CanSecWest conference in Vancouver. The company has run the contest in parallel with the older Pwn2Own competition at the conference, with somewhat different rules, and this year plans to allow researchers to go after Chrome OS running on both ARM- and Intel-based Chromebooks. Pwnium began as Google's answer to Pwn2Own, the well-known hacking contest that has attracted some of the top researchers in the industry over the course of the last few years, including Dino Dai Zovi, Charlie Miller, Chaouki Bekrar and the Vupen team and many others. ... But the money that Google is putting up for new compromises of Chrome OS is far beyond what's available at Pwn2Own or any of the other major contests and has attracted a small, but elite, group of contestants in past years. The company is promising rewards of as much as $150,000 plus some bonuses, paid at Google's discretion, for especially innovative or serious exploits."

Sorry! There are no comments related to the filter you selected.

First!!!! (-1)

Anonymous Coward | about 9 months ago | (#46064941)

Ahhhhh!

Re:First!!!! (-1)

Anonymous Coward | about 9 months ago | (#46064969)

id like to participate too. is it like a coding thing? what if I buy a vulnerability off the internet for like $1,000, then flip that bitch to get $150k! that would be like HO SNAP-SIZZLE!!!

Re:First!!!! (0)

Anonymous Coward | about 9 months ago | (#46065247)

Ahhhhh!

Anybody can do it as an AC.

Rewards (0)

Anonymous Coward | about 9 months ago | (#46065067)

"Google plans to offer more than $2.7 million in potential rewards"...

Yeah and you can get guaranteed rewards selling them on the free/underground market.

Re:Rewards (4, Insightful)

BlueStrat (756137) | about 9 months ago | (#46065307)

"Google plans to offer more than $2.7 million in potential rewards"...

Yeah and you can get guaranteed rewards selling them on the free/underground market.

Yeah, but a lot of people also like not having to keep looking over their shoulder and would be happy with much less, if both the hack they accomplish and the money they receive is all legal and above-board.

You can't exactly put your little IRC 0-day transaction on a normal job resume, either. Well, strike that, you *can*...however, you'll more than likely become "long-term employed" by a correctional facility. I don't think you'll be working in the IT Dept, however. Just a guess.

Strat

Re:Rewards (0)

Anonymous Coward | about 9 months ago | (#46065361)

If you disclose it and get rewarded, without going public or underground how is that a felony? You have to the same person that brings this up every time these "hacks" [as you call them, where I call them security vulnerabilities} when there not being exploited in the wilderness for gain!

It is either a research security company or a really good programmer that knows how to exploit certain systems, you make it sound as if these these people are black hat hackers, if that was the case they can make far more money from selling there hack in the underground rather then getting pocket money out of a 2.7 million dollar bounty.

And my next point, would be if a billion dollar company that receives a few million in fines just about every year from the EU can blow it off because to them it really is like taking a 10 dollar bill out of your wallet, I wouldn't even bother to participate. On top of Gaagle abusing anything open source for there own greed they deserve to hacked apart.

The total 2.7 million split into pocket change to the hundreds that will find some exploit.. [just want that to sink in] Out of billions they make....
   

Insane hater trolls be insane (0)

Anonymous Coward | about 9 months ago | (#46065443)

Are you even reading what you're replying to?

That's exactly what GP says - sure, you can go black hat and sell them underground, right until you get caught, or you can publish them legally at Pwnium or somesuch and get a nice item to add to your CV when you're looking for employment at "a research security company" as a really good programmer. Having fun stabbing strawmen there?

And your next point, without discussing appropriate pay for vulnerability disclosure, what do Google profits have to do with size of rewards? If you get a pay raise, does your utility company raise your power bill because you're making more money now?

PS: I'm going to ignore your "abusing open-source" line. I think I've seen you trotting this out before, but you never could coherently explain the nature of that "abuse" anyways.

PPS: I like it how you just fuse there/their/they're into "there". Most illiterates at least feel they should use different spellings for different meanings while writing a single post

PPPS: >"hacks" [as you call them, where I call them security vulnerabilities}
> selling there hack in the underground
It seems you be calling them "hacks" too when you're not trying to come across as smarter-than-you.

Re:Rewards (0)

Anonymous Coward | about 9 months ago | (#46065483)

Did you ever learn about run on sentences and do you ever proofread?

THERE?!?! (0)

Anonymous Coward | about 8 months ago | (#46065807)

THERE!!

There here! And there abducting literate children here, there and everywhere and making them illiterate! I see where there heading with this. There evil and I see what you did there.

Re:Rewards (1)

swillden (191260) | about 8 months ago | (#46066349)

The total 2.7 million split into pocket change to the hundreds that will find some exploit

$150K is pocket change to you? From the contest rules:

7. REWARDS: Rewards for eligible Exploits will be allocated to eligible entrants on a first-come-first-served basis, based on time of submission during the Program Period specified above, until such time as the total reward pool of $2.71828 million USD is exhausted:

An entrant submitting an Exploit demonstrating a Chrome OS system-level compromise delivered via a web page and triggerable when browsing in Guest mode and affecting all subsequent Guest mode sessions across reboots (“persistent Guest-to-Guest exploit”) using bugs in Chrome OS, as determined in the sole discretion of the Judges, will receive a reward of $150,000 USD (one hundred and fifty thousand U.S. dollars).

An entrant submitting an Exploit demonstrating a Chrome browser-level compromise delivered via a web page using bugs in Chrome OS as determined in the sole discretion of the Judges, will receive a reward of $110,000 USD (one hundred and ten thousand U.S. dollars).

Google reserves the right to issue partial rewards, in its sole discretion, for partial, incomplete or unreliable Exploits. Google may also consider issuing significant bonuses for any Entrant who demonstrates a particularly impressive or surprising exploit.

So system-level compromises with $150K. Browser-level compromises win $110K. On top of that, particularly impressive or surprising exploits may get additional money.

Maybe that's pocket change to you, but I doubt it is to the average security researcher, regardless of the color of his hat.

Re:Rewards (1)

aliquis (678370) | about 8 months ago | (#46065611)

Yeah who in IT would hire Mitnick?

Re:Rewards (0)

Anonymous Coward | about 8 months ago | (#46065659)

Before or after media made him a celebrity? Also, before or after he overturned terms of his release banning access to any device more complex than a phone?

PS: Also note that he was "employed" by correctional facilities for quite some time. Was that 5 years or 7?

At their discretion (2, Funny)

Anonymous Coward | about 9 months ago | (#46065097)

You'll need a Google+ account for that...

$2.71828 million (1)

Tom239 (705010) | about 9 months ago | (#46065237)

From Google, "more than 2.7" means, well, you know what.

Google Hates America (0)

Anonymous Coward | about 9 months ago | (#46065243)

Either that or there's some kind advantage/avoidance loophole by being on the other side of the border.

That's a lot of money... (0)

Anonymous Coward | about 9 months ago | (#46065281)

...for an OS nobody really cares about. I can't for the life of me understand why I would want to use something that's less useful than my phone.

Re:That's a lot of money... (0)

Anonymous Coward | about 8 months ago | (#46066607)

Because it's not a shitfest. malware and ransomware and viruses like Windows?

Bring the lost smile to the lips of your loved one (0)

Anonymous Coward | about 9 months ago | (#46065441)

Sometimes a simple gift can create lots of magic that cannot be conveyed through the words. The people of whole world can now send their warm wishes and intimate love anytime anywhere in a day by just a single click of a computer mouse. Send Cakes and Chocolates Online Worldwide through online services and make people happy. A lot of online store are always ready to help their customers with faithful services and products. Show your love and affection with this splendid presents.

Who Was The First to Suggest This to Begin With (0)

Anonymous Coward | about 9 months ago | (#46065503)

Just wondering who was the first to ever suggest bug-bounty rewards and hacking school? Do the search and do the math. :p

R.G.J.

Pro hackers (0)

Anonymous Coward | about 8 months ago | (#46066699)

Why are professional hackers called researchers?

How does one pronounce "Pwnium"? (0)

Anonymous Coward | about 8 months ago | (#46067043)

Ponium, ownium, pyoonium?

It's a shibboleth (0)

Anonymous Coward | about 9 months ago | (#46071131)

Church of Google shuns you

I pronounce it (0)

Anonymous Coward | about 8 months ago | (#46069217)

the corporate sellout of everything sacred

Nice (0)

Anonymous Coward | about 9 months ago | (#46079051)

Good discussion!

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?