Google Offering $20K for Chrome Pwn2Own Hack

[JMcEntegart]

It’s that time of year again!

Google Offering $20K for Chrome Pwn2Own Hack : Read more

 

[joytech22]

It would suck if somebody managed to get into the netbook in under 5 minutes especially for Google.

I wonder how long (or if they can) it will take to hack it 😱

 

[Judguh]

There's no if. 'Will' sounds more like it.

 

[joelmartinez]

This is just gonna make the Google sad, they are gonna get pwn'd easy

 

[Blessedman]

It is funny that you can go out and hire the best programmers in the world. Hire a ton more engineers and have them all collaborate on a secure system and it will take someone with no degrees or certs 10 minutes to take complete control of a supposed secured network device. Having said that, I am going to go way way out on a limb and say that Google will not give away any money this round.

 

[palladin9479]

Well its the different mindsets involved. Paid for systems designers and engineers / programmers tend to think inside-the-box. Even their "outside the box" ideas are just using a bigger box then previously available. Its the side effects of an organized structured mind. World class hackers tend to have very unorganized unstructured minds, even though they can be very methodical their methods and tactics are usually creative and unorthodox. They try things no one else would think to do in ways no one would think were possible.

 

[amnotanoobie]

[citation][nom]Blessedman[/nom]It is funny that you can go out and hire the best programmers in the world. Hire a ton more engineers and have them all collaborate on a secure system and it will take someone with no degrees or certs 10 minutes to take complete control of a supposed secured network device. Having said that, I am going to go way way out on a limb and say that Google will not give away any money this round.[/citation]

They don't hack it in 10 minutes. They research prior to Pwn2Own, some take days, some months to find just one bug in the huge number of libraries and runtimes.

Today's software are more complex, a lot more functionality is expected thus more things could go wrong.

 

[FloKid]

Wow, 20 years to learn how to crack and all you get is 30k??? That must be a typo :- )

 

[zerapio]

[citation][nom]Blessedman[/nom]It is funny that you can go out and hire the best programmers in the world. Hire a ton more engineers and have them all collaborate on a secure system and it will take someone with no degrees or certs 10 minutes to take complete control of a supposed secured network device. Having said that, I am going to go way way out on a limb and say that Google will not give away any money this round.[/citation]
Charlie Miller has a PhD in Mathematics. I'm going to go way out on a limb and say that counts as a degree.

 

[beruli]

If I were Google, I would offer $20,000 to hack my system, could you imagine what it costs them to find security flaws and holes in the system. There going to have hackers all over the world trying to hack their system for a wad of cash and then Google will turn around and fix them for a mere $20,000, money well spent if you ask me.

 

[iamtheking123]

So the going rate is $20k per single bug...yeah that's a good system *eye roll* Anyways why bother saying Charlie did a hack in 10 seconds? It's not like he actually sat down and discovered the exploit in 10 seconds, it just too him 10 seconds to hit play.

 

[PreferLinux]

I wonder how they would get on with an almost fully locked-down and fully patched machine running Linux with the latest version of Firefox???

 

[dkant1n]

20k is pocket change for Google and the publicity that they have a "secure" OS is priceless

 

[molo9000]

[citation][nom]joytech22[/nom]It would suck if somebody managed to get into the netbook in under 5 minutes especially for Google.I wonder how long (or if they can) it will take to hack it[/citation]

The amount of time it takes is pretty irrelevant.
The contestants don't come to these events unprepared. They know what the systems are going to be and have their exploits prepared.
They either crack it or don't.

 

[zak_mckraken]

I'm sure there's no "if" about Chrome getting hacked. The question "how long will it take?" is also irrelevant, since had it's been pointed out, the contestants come prepared. If it's not done in less than 2-3 minutes, it probably won't be done at all.

 

[jryan388]

But, honestly, how much do vulnerabilities matter, if there are enough ignorant people that click here to "run a free virus scan"?

 

[alidan]

[citation][nom]iamtheking123[/nom]So the going rate is $20k per single bug...yeah that's a good system *eye roll* Anyways why bother saying Charlie did a hack in 10 seconds? It's not like he actually sat down and discovered the exploit in 10 seconds, it just too him 10 seconds to hit play.[/citation]

because if the process isn't macroed (i don't think it is), than it all has to be typed in. and 10 seconds for that is VERY impressive.

and do they just pay the fastest, or to they also pay for every one?

 

[TheOnion]

All security is an illusion. Why do we put deadbolts on our doors when there is a glass window 3 feet away? If someone wants to get in, they will.

 

[pale paladin]

this is awesome for Dev and pushes the limits and boundaries of what the big boys think is possible. It is a positive event for SecDevs and Hacks alike. I hope this year will be awesome just like last year.

 

[aaron88_7]

[citation][nom]TheOnion[/nom]All security is an illusion. Why do we put deadbolts on our doors when there is a glass window 3 feet away? If someone wants to get in, they will.[/citation]
Breaking a window causes noise and draws attention, walking through an unlocked door makes no noise and draws virtually no attention. Saying security is an illusion only shows you clearly don't work in IT or understand the importance of security. Corporations spend millions on security for a good reason, even if you don't understand that reason.

 

[dgingeri]

[citation][nom]Blessedman[/nom]It is funny that you can go out and hire the best programmers in the world. Hire a ton more engineers and have them all collaborate on a secure system and it will take someone with no degrees or certs 10 minutes to take complete control of a supposed secured network device. Having said that, I am going to go way way out on a limb and say that Google will not give away any money this round.[/citation]

That's the main problem. put more people onto a project, and loopholes, errors, and malfunctions will appear more often. Complexity is the enemy. The advantage with Google's Chome OS is that it is remarkably simple. I think it will be very difficult to defeat it. It will get hacked eventually, but it will probably be the last OS to get hacked.

Also note that all of the hacks used last year were javascript hacks. If you block that at the browser, it gets much harder to hack. That's where noscript and flashblocker come in handy.

 

[ozzman24]

[citation][nom]iamtheking123[/nom]So the going rate is $20k per single bug...yeah that's a good system *eye roll* Anyways why bother saying Charlie did a hack in 10 seconds? It's not like he actually sat down and discovered the exploit in 10 seconds, it just too him 10 seconds to hit play.[/citation]
Indeed

 

[maestintaolius]

Gotta admit I prefer this approach to dealing with hackers than the Sony method.

 

[bsbsbsbs]

Because if scientists found everything quickly they wouldn't have jobs and be paid a ridiculous amount of money. 😛

 

[eddieroolz]

Another year, another easy Apple hack. Let's see how long Safari will last this year.