HP TippingPoint's Pwn2Own Hacking Competition Prizes Total $125,000
HP TippingPoint said that its fifth annual Pwn2Own hacking competition, scheduled for March 9 - 11 in Vancouver, B.C. during the CanSecWest digital securityconference, now sports a total prize pool of $125,000, courtesy of a $25,000 infusion from Google Inc.
HP TippingPoint is funding 105,000 of the prize money while Google has ponied up $20,000 to anyone who can compromise its Chrome browser.
Other web browsers for hackers to attempt to conquer include Apple Computer Inc.'s Safari, Microsoft Corp.'s Internet Explorer, and Mozilla's Firefox running on 64-bit systems running under Windows 7 or Mac OS X Snow Leopard.
Similar to last year's event, the competition will include not only web browsers but also mobile devices. The idea is to show the current security profile of mainstream products in use today. Each entrant will have 30 minutes to complete their hacking attempt, not including set up time for network or devices.
The laptops used will be a Sony Vaio running Windows 7, an Alienware m11x running Windows 7, and an Apple MacBook Air 13-inch running Mac OS X Snow Leopard.
Should someone hack into Chrome--which will require escaping the sandbox using vulnerabilities only in Google-written code, he or she will win $20,000 plus a Google-48 Chrome OS netbook. Competitors won't be staging attacks against the CR-48, it will only be offered up as a winning prize.
A successful compromise of Firefox, IE or Safari brings a $15,000 cash prize plus the hacked laptop. Additional cash prizes for competitors can total $5,000 plus extra benefits to the Firefox, IE and Safari competitors. If no one successfully compromises Google, $10,000 will be awarded for escaping the sandbox in non-Google code and $10,000 for uncovering a Chrome bug, not including plug-ins.
Target mobile phones include Dell Inc.'s Venue Pro running Windows 7, Apple's iPhone 4 running iOS, Research In Motion's Blackberry Torch 9800 running Blackberry 6 OS, and the Nexus S running Android.
Successful attacks against the mobile devices must take little or no user interaction and have to compromise useful data from the phone. Attacks such as silently calling long distance numbers and eavesdropping on calls are acceptable.
Winners take home a $15,000 cash prize plus the device, and a one-time $5,000 bonus.