Google Raises the Ante at CanSecWest With $2.7M In Pwnium Prize Money 24
Trailrunner7 writes with this excerpt: "Building on the success of the last couple of years, Google plans to offer more than $2.7 million in potential rewards in the next iteration of its Pwnium hacking competition at this year's CanSecWest conference in Vancouver. The company has run the contest in parallel with the older Pwn2Own competition at the conference, with somewhat different rules, and this year plans to allow researchers to go after Chrome OS running on both ARM- and Intel-based Chromebooks. Pwnium began as Google's answer to Pwn2Own, the well-known hacking contest that has attracted some of the top researchers in the industry over the course of the last few years, including Dino Dai Zovi, Charlie Miller, Chaouki Bekrar and the Vupen team and many others. ... But the money that Google is putting up for new compromises of Chrome OS is far beyond what's available at Pwn2Own or any of the other major contests and has attracted a small, but elite, group of contestants in past years. The company is promising rewards of as much as $150,000 plus some bonuses, paid at Google's discretion, for especially innovative or serious exploits."
Re:Rewards (Score:5, Insightful)
"Google plans to offer more than $2.7 million in potential rewards"...
Yeah and you can get guaranteed rewards selling them on the free/underground market.
Yeah, but a lot of people also like not having to keep looking over their shoulder and would be happy with much less, if both the hack they accomplish and the money they receive is all legal and above-board.
You can't exactly put your little IRC 0-day transaction on a normal job resume, either. Well, strike that, you *can*...however, you'll more than likely become "long-term employed" by a correctional facility. I don't think you'll be working in the IT Dept, however. Just a guess.
Strat
Re: (Score:2)
The total 2.7 million split into pocket change to the hundreds that will find some exploit
$150K is pocket change to you? From the contest rules:
7. REWARDS: Rewards for eligible Exploits will be allocated to eligible entrants on a first-come-first-served basis, based on time of submission during the Program Period specified above, until such time as the total reward pool of $2.71828 million USD is exhausted:
An entrant submitting an Exploit demonstrating a Chrome OS system-level compromise delivered via a web page and triggerable when browsing in Guest mode and affecting all subsequent Guest mode sessions across reboots (“persistent Guest-to-Guest exploit”) using bugs in Chrome OS, as determined in the sole discretion of the Judges, will receive a reward of $150,000 USD (one hundred and fifty thousand U.S. dollars).
An entrant submitting an Exploit demonstrating a Chrome browser-level compromise delivered via a web page using bugs in Chrome OS as determined in the sole discretion of the Judges, will receive a reward of $110,000 USD (one hundred and ten thousand U.S. dollars).
Google reserves the right to issue partial rewards, in its sole discretion, for partial, incomplete or unreliable Exploits. Google may also consider issuing significant bonuses for any Entrant who demonstrates a particularly impressive or surprising exploit.
So system-level compromises with $150K. Browser-level compromises win $110K. On top of that, particularly impressive or surprising exploits may get additional money.
Maybe that's pocket change to you, but I doubt it is to the average security researcher, regardless of the color of his hat.
Re: (Score:1)
Yeah who in IT would hire Mitnick?
At their discretion (Score:2, Funny)
You'll need a Google+ account for that...
$2.71828 million (Score:1)