Chrome hacked at Pwnium, "Pinkie Pie" does it again

For the second time this year, hacker "Pinkie Pie" gave Google a run for its money -- and won. The clever hacker exploited yet another vulnerability in Chrome during the second Pwnium conference this year, netting himself (or perhaps herself) a cool $60,000 cash award. 

Pwn2Own, a contest which pits hackers against a variety of systems and software, served as the inspiration for Google's Pwnium contest. Google was once a huge Pwn2Own sponsor, but rule changes and a divergence of interests led to the company to offer its own event instead, birthing their very own challenge: Pwnium.

Google uses Pwnium exclusively to discover new Chrome vulnerabilities and very promptly releases patches once the exploits are revealed. In fact, Google patched Pinkie Pie's vector of attack just 10 hours after it was unearthed.

Earlier this year, Pinkie Pie and fellow cohort Sergey Glazunov received a $60,000 prize for finding a way to escape Chrome's much-touted sandbox feature. A "sandbox" serves as a barrier against would-be hackers, preventing nefarious individuals from making changes beyond the confines of the software itself. 

"Pinkie Pie" is a pseudonym, of course, and yes -- its origin can be traced to the wildly popular children's show My Little Pony. The hacker's real name remains a public mystery, purportedly due to a potential conflict with his employer.

Google offers three types of awards: $60,000 for each "full exploit", $40,000 per "partial exploit" and $20,000 as "Consolation award" -- the consolation prize is for hacks not specific to Chrome. This year's total prize pool was $2,000,000.


Source : techspot[dot]com

Post a Comment

It's free
item