What is the difference between this year's Pwn2Own and previous years?

Source: Internet
Author: User
Keywords Security vulnerabilities hackers
Tags adobe adobe reader browser closer difference exit game google

These two days, about top hacker team Vupen Exit Pwn2Own 2015 News in the circle of the uproar. Whether it is Vupen founder himself, or hacker insiders, this explanation is Pwn2Own 2015 difficult, bonuses unexpectedly also reduced. It's too unscientific.

Pwn2Own 2015 of the rules of the game have made what adjustments, so that Vupen and other well-known hacker team are budding? Let's have a closer look.
What is Pwn2Own?
Pwn2Own, one of the world's most famous hackers, has been attracting the attention of the world's top hackers since its inception in 2007. Pwn2Own's background is also very deep, the host is the Pentagon intrusion protection system supplier TippingPoint, including Microsoft, Google, Apple and other internet giants are both the target of hacker challenges, but also equivalent to the support unit of the game, Google will also be adding extra bonuses to hackers who have breached its Chrome browser.

What is the difference between this year's Pwn2Own?
with the 2014-year Pwn2Own competition, for example, hackers can only break the default configuration of IE to win the prize, if you can break open Emet, enhanced sandbox protection, enable the 64-bit process, such as the highest level of protection of IE browser, you can get 150,000 dollar "unicorn" (Unicorn) Award. The so-called "unicorn" is a mythical beast that is legendary, but no one has ever seen. Pwn2Own to the "unicorn" as the name of the award, describing the difficulty of the competition to reach the level of no one can touch. Indeed, no hacker team captured the unicorn in 2014 on Pwn2Own. However, the 2015 Pwn2Own competition is far more difficult than 2014 years of "unicorn"!
It's no wonder that as the biggest winner in the history of Pwn2Own, Vupen, the first top hacker team to publicly break Chrome, has to give up. Vupen team boss Chaouki Bekrar in Twitter slot: "Cut the bonus, but increase the difficulty (64-bit, EMET, enhanced sandbox protection, prohibit cancellation/restart, etc.), or wait 2016 years." "
Challenge target: Hurdles
2015 Pwn2Own will be held in Canada in March 18 and 19th, and specific arrangements and platforms will be scheduled for release two days before the game." Bonuses for this competition are expected to exceed 500,000 dollars in cash and non-cash rewards.
Pwn2Own Hackers challenge a total of six, respectively: Chrome, IE, Safari, Firefox, Adobe Flash and Adobe Reader. Other than Safari, which runs on Apple's OS Yosemite operating system, is installed on a 64-bit Windows8.1 system. The player chooses the target in random order, the first team to attack the target wins.
bonuses for different attacks are as follows:
Google chrome:7.5 million $
Microsoft IE 11:65,000 USD
Adobe Reader (run in IE11 Environment): 60,000 USD
Adobe Flash (running in IE11 environment): USD 60,000
Mac OS x safari:5 million USD
Mozilla firefox:3 million dollar
Competition difficulty: passes
According to the rules of the game announced recently, to Pwn2Own 2015 to break IE browser, need to face the following five major difficulties--
1, Microsoft Vulnerability Defense Software Emet the latest version of the target software protection.
2, IE openEnhanced sandbox protection (EPM, enhanced Protected Mode) that is not open by default.
3, IE has turned on the "Enable 64-bit process for enhanced protection mode" option.
4, new security mechanisms such as adding quarantine heap, delayed release, CFG, etc.
5, disable reboot, logoff system.
After reading these rules and difficulties, it is not difficult to understand why Pwn2Own 2015 is called the most difficult in history. But if the hacker team can break through the obstacles, will undoubtedly gain great glory, I believe there are still many top experts to fight for it. What the result is, can only wait for the contest scene to reveal the answer.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.