For a while, late in 2013, things didn’t look too good for the annual Vancouver-based security conference CanSecWest, or for PWN2OWN, the elite hacking sideshow at the event that has in many ways eclipsed the conference itself. It looked as though the conference and its accoutrements might implode, sucked into a total malware perspective vortex.
Hewlett-Packard’s Zero Day Initiative (ZDI) spelled out the rules for its March hacking contest, Pwn2Own, which will put two-thirds of a million dollars in prize money on the table for researchers who can hack the biggest browsers and most popular plug-ins. ZDI is HP’s bug-bounty program, run by its TippingPoint division, a maker of intrusion prevention system (IPS) and firewall appliances for corporate networks. The 2014 edition of Pwn2Own will offer $645,000 in potential awards to hackers who demonstrate exploits of previously-unknown vulnerabilities in Google’s Chrome, Mozilla’s Firefox, Microsoft’s Internet Explorer (IE) or Apple’s Safari, or the Adobe Reader, Adobe Flash, or Oracle Java browser plug-ins. Those targets were also the focus of last year’s challenge.