Feeds

HP offers $150,000 for 'exploit unicorn' in Pwn2Own hacker competition

Big bucks also up for grabs for browser and app cracking

Using blade systems to cut costs and sharpen efficiencies

HP has been laying out the ground rules for the latest Pwn2Own contest and is offering a new prize of $150,000 to the cunning cracker who can get root access to a Windows 8.1 PC running Redmond's Enhanced Mitigation Experience Toolkit (EMET).

"Last year we launched a plug-in track to the competition, in addition to our traditional browser targets. We’ll continue both tracks this year," said Brian Gorenc, manager of vulnerability research at HP Security, in a blog post.

"For 2014, we’re introducing a complex Grand Prize challenge with multiple components, including a bypass of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) protections – truly an Exploit Unicorn worthy of myth and legend, plus $150,000 to the researcher who can tame it."

Pwn2Own is an annual event at the CanSecWest security conference in March, and HP and co-sponsors Google are putting over half a million dollars into the prize pot for those who can demonstrate their subversive skills. In return, the firms get a full dossier on the attack and ownership of the code used to do it.

Browser security is a major part of Pwn2Own and crackers can earn $100,000 for beating Internet Explorer 11 or the Chrome browser on an x64 Windows 8.1 system, $50,000 for defeating Mozilla's Firefox and/or $65,000 for tunneling into a Mac OS X system running Apple's Safari. All hacks must be completed in 30 minute window of opportunity.

The organizers are also offering $75,000 to anyone who can get into Adobe Reader or Adobe Flash running in Internet Explorer 11 on Windows 8.1, again within the time limits. Cracking Java on a similar system will net $30,000 to a nimble-fingered security specialist.

Those that meet the challenge will also get the laptop containing the software they cracked and 20,000 reward points in HP's Zero Day Initiative (ZDI) program, which takes them automatically to Silver status. That means a $5,000 extra cash bonus, a paid trip to the Black Hat security conference in Las Vegas, and a 15 per cent monetary bonus on any vulnerabilities they submit to ZDI for the next year. ®

Boost IT visibility and business value

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.