http://www.wired.com/threatlevel/2012/11/bug-bounties/ By Kim Zetter Threat Level Wired.com 11.08.12 The night before the end of Google’s Pwnium contest at the CanSecWest security conference this year in Vancouver, a tall teen dressed in khaki shorts, tube socks and sneakers was hunkered down on a hallway bench at the Sheraton hotel hacking away at his laptop. With a $60,000 cash prize on the line, the teen, who goes by the hacker handle “Pinkie Pie,” was working hard to get his exploit for the Chrome browser stabilized before the close of the competition. The only other contestant, a Russian university student named Sergey Glazunov, had already made off with one $60,000 prize for a zero-day exploit that attacked 10 different bugs. Finally, with just hours to go before the end of the three-day competition, Pinkie Pie achieved his goal and dropped his exploit, a beauty of a hack that ripped through six zero-day vulnerabilities in Chrome and slipped out of the browser’s security sandbox. Google called both hacks “works of art,” and within 24 hours of receiving each submission, had patched all of the bugs that they exploited. Within days, the company had also added new defensive measures to Chrome to ward off future similar attacks. [...] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.orgReceived on Fri Nov 09 2012 - 01:23:08 PST
This archive was generated by hypermail 2.2.0 : Fri Nov 09 2012 - 01:36:48 PST