Absrtact: Since its inception, the world's most well-known hacker tournament Pwn2Own has come to the nineth year. Pwn2Own is famous for its high bonuses, hosted by ZDI and supported by technology companies such as Google, Microsoft, Apple and Adobe. Host ZDI belongs to HP Tippingpo
Since its inception, the world's most well-known hacker tournament Pwn2Own has come to the nineth year. Pwn2Own is famous for its high bonuses, hosted by ZDI and supported by technology companies such as Google, Microsoft, Apple and Adobe. Host ZDI belongs to HP TippingPoint project team, is the Pentagon's network security service provider.
The regular schedule includes the extraction and control of user rights and system permissions, in which the operation of hardware, operating systems and versions, object software and versions, and other security measures are determined by the organizers.
In general, hackers need to break through the game (bonuses set for this year in parentheses):
Windows Environment:
Chrome browser (USD 75,000) Internet Explorer browser (USD 65,000) Mozilla Firefox browser (USD 30,000) running in Internet Explorer Adobe Reader (60,000 USD) runs in Adobe Flash in Internet Explorer (60,000 USD)
MAC OS X Environment:
Safari browser (50,000 USD)
In addition, a further gain of system privileges will enable additional bonuses of 25,000 dollars to be obtained after the appropriate program has been compromised to obtain user privileges.
This year the organizers set the standard to be breached environment, in addition to Windows Mozilla Firefox all 64-bit version of software, in which windows open EPM (IE sandbox mechanism) security protection and EMET software. These are almost always the conditions for additional bonuses in the race, so this year, in a sense, the total bonus has fallen from last year, so that the four consecutive French team Vupen the tournament.
Vupen known as the "arms dealer", because of its vulnerability to the excavation and use of strong ability to sell the relevant information, the scheme profit. So this time they quit the game, in the industry seems to be more difficult to increase the premise of the bonus reduction, rather than the conditions are limited.
However, Vupen's exit has not been as serious as the impact of this pwn2own event on "Viewing" and the top level, because the team also has a domestic Keen team and 360 security research teams, as well as a South Korean team to debut in the tournament, Vupen Two members also participated in the competition under the name of their individual names.
The Keen team, which has breached IOS 7.0.3 in Tokyo's Pwn2Own Mobile 2013, became the first world champion in the Chinese security arena, and Vupen also congratulated Keen team through its official microblog. They won a total of three titles in two years. As for the South Korean team, there is no public information on the status and actual level of the members, but the domestic security sector is still showing considerable attention, and speculation may be the so-called "national team."
From the registration information, the domestic 360 and Keen team two teams in the participation of the project is just staggered: 360 team to participate in the IE11 of the attack, and Keen teams select the Windows platform under the Adobe Reader and Flash. Prior to the Keen team's main direction for the mobile area, and 360 although the product direction of a better understanding of the PC environment, but is the first entry.
As mentioned above, the most uncertain of the contestants is the "Korea team". Information security has a high status in South Korea: The results of the hacker competition can be achieved in the college entrance examination, information security company employees can be exempted from military service. Because the last game appeared some contestants in the schedule call for help, so there is speculation that the South Korean contestant Junghoon Lee has a number of security experts support, that is, "the Power of the nation" to shape a strong. But it does not rule out the contestants ' ability to be superb.
Competition conditions have become harsh, bonuses have shrunk, and the exit of the top industry "arms dealers" has made some feel that the pwn2own is less symbolic in the area of security technology and more like an "electronic competition". More interestingly, the upcoming confrontation between the Chinese and South Korean teams has added a deep tinge to the definition of "electronic athletics".
After more than 2014 years of large company security incidents, a variety of key product vulnerabilities exposure, in more and more offline information, assets are now information, digital security has become as serious as social security areas. Countries in the Internet and digital science and technology development in the process of reserves in this field of talent and technical capabilities, competition is only the commercialization of this process in miniature.
Joke to joke, said "electronic athletics" after all just like, this year's Pwn2Own still represents the international security industry the most top-notch level, respect each team, wish them well.