Browser exploits.

JMH

JMH

Banned
Local time
3:01 PM
Messages
6,448
TippingPoint offers hackers $100,000 for browser and phone exploits.

Security company 3Com TippingPoint has jacked up to $100,000 the prize money on offer to anyone able to hack a range of browsers and mobile devices at the forthcoming CanSecWest security conference.

Running for the fourth year at the event, $40,000 of the Pwn2Own contest pot will be on offer to entrants that successfully exploit security vulnerabilities to compromise the top four browsers, Internet Explorer, Mozilla Firefox, Google Chrome, and Safari, equivalent to $10,000 per browser

To win the money outright, the attacks on IE, Firefox, and Chrome must work while running on a fully-patched Windows 7, while Safari will be attacked running on OS X Snow Leopard. Brownie points will be gained if the same flaw works on Vista and XP, although the assumption would be that this would be highly likely anyway.

To make the contest tougher, attackers can't use third-party plug-ins such as Adobe Flash on day one of the event. These are often a soft underbelly, so excluding them raises the bar.
Click to expand...
Source -
TippingPoint offers hackers $100,000 for browser and phone exploits | Security Central - InfoWorld
 

My Computer

Computer Manufacturer/Model Number
LAPTOP. HP Pavilion dv7-4010TX .
OS
Win 7 Ultimate 64-bit. SP1.
CPU
Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
Memory
8 DDR 3 RAM. 1066MHZ
Graphics Card(s)
ATI 1024 MB. DDR3. Radeon HD5650
Monitor(s) Displays
17.3" High Definition Brightview LCD. LED Backlit.
Screen Resolution
1600 x 900.
Hard Drives
640GB
Case
Laptop / notebook.
Mouse
Logitech Anywhere mouse. MX.
Internet Speed
ADSL [ but too slow ]
I'm not sure if I applaud this effort or not. While it is a Good Thing to find flaws in the various browsers, I'm concerned by the part in the article that says:

...the contest is really a clever way of marketing TippingPoint's controversial Zero-Day Initiative (ZDI) scheme, under which researchers are paid to find exploits which are then added to the intrusion detection engines from which the company makes much of its living.

At the time of its launch in 2005, the ZDI was criticised by rival vendors and some independent voices as tantamount to encouraging people to sell exploits uncovered to the highest bidder, in this case, 3Com's TippingPoint division.TippingPoint points out that all exploits discovered through the Pwn2Own contest will be disclosed to the vendors concerned as well as being added to its own database.
Click to expand...

What is the delay in telling vendors of the flaws? How fair is this to them?

<sigh> I guess we'll just have to live with it.
 

My Computer

Computer Manufacturer/Model Number
Gateway, Toshiba Laptop, and Home Brew
OS
Windows 7 x64 HP, Windows 7 HP, Windows 7 Ult
CPU
Intel I3, Cerelon, Pentium 4 @ 3Ghz
Motherboard
Intel, Intel, Asus
Memory
8G, 3G, 3G
Graphics Card(s)
On-board Intel, On-board nVidia, nVIDIA card
Sound Card
on-board, on-board, SoundBlaster
Monitor(s) Displays
Hannspree HF237, Toshiba, SyncMaster 931B
Screen Resolution
default (all)
Hard Drives
1T internal, 320G internal, 160G internal, 1T networked
PSU
300w, unk, 650w
Case
black, black, grey
Cooling
air (all)
Keyboard
standard wired (all)
Mouse
standard wired (all)
Internet Speed
6M down, 768K up
Other Info
Home LAN through Linksys hub to 4 port and wireless switch/router. Networked HP 2600n. Wife's computer running Windows 7, and spare laptop running Ubuntu "Karmic Kola" (9.10).
You must log in or register to reply here.

Similar threads

Good browser you would recommend that are not firefox,chrome,edge
Replies
8
Views
9K
Lenovouser72
L
Browser not copying - What on earth is going on?????
Replies
1
Views
3K
Clippy84
Clippy84
Solved 2024 Supported Browser for Windows 7
Replies
5
Views
69K
disu1950
disu1950
Solved Any advantages to 10 over 7?
2
Replies
24
Views
24K
Grumpy Old Man
G
Supermium 121 - Updated Chromium browser for Windows 7
Replies
7
Views
11K
YmodemYNot
Y
Back
Top