1. About
2. Team
3. Blog
4. DVLabs Advisories
5. DVLabs Upcoming Advisories
6. DVLabs Published Advisories
7. Appearances
8. Resources
9. Zero Day Initiative
10. RSS

Comments post a comment

1. Anonymous commented on 2011-02-03 @ 07:03

   Care to explain absence of a Liinux based system? Why is it that there already was a Linux based distro and has since then greatly increased it's popularity. Why the absence of Linux?
   I understand that there are hundreds of distros but you can simple get two or one of the most popular and hack this? Choose Ubuntu or Fedora and we are done with whining...

2. civil corner commented on 2011-02-04 @ 02:10

   i will join,
   the feedback is fantastic

3. Anonymous commented on 2011-02-04 @ 15:45

   Could you please include Opera next time or add it for this contest real quick. It'd be good to attack an engine that is rarely touched.

4. Anonymous commented on 2011-02-05 @ 18:43

   I love this.
   

5. Anonymous commented on 2011-02-05 @ 20:34

   Is it only open to conference attendees?
   Can one competitor try multiple browsers and eventually win multiple prizes?
   

6. Monny77 commented on 2011-02-09 @ 05:17

   Definitely an interesting contest and like every year the results as well as look!!!

7. GBleezy commented on 2011-02-09 @ 07:24

   Nobody really uses Opera, so it's really not that cool of a thing to be hacking I'd think. It seems this contest is geared more towards rooting out real world threats that that would effect the majority of people would be interested in, including both the h4x0rz and the Sux0rz (the people that just want their thing to work)

8. Anonymous commented on 2011-02-09 @ 19:26

   I wonder if Google will update Chrome again a day before the competition. ;)

9. Anonymous commented on 2011-02-10 @ 15:51

   Nobody cares about linux distros, they've proven they can't get their act together into one stable build. Instead they drop out 100's of non-standardized turdlets that are a nightmare to support and deal with. The best thing that could happen in the linux community is A.) Get together and work on one well refined distro or B.) Just go away, we'll use unix or windows.

10. Anonymous commented on 2011-02-10 @ 22:47

    i do think google will update Chrome. I use opera

11. Anonymous commented on 2011-02-12 @ 17:13

    ??? "nobody cares bout linux distros? maybe not on a desktop level, but they certainly do on a server level. I would certainly like to see Charlie Miller (or anyone) aim his guns at Red Hat, Suse, or something.
    
    and I think it's more popular than unix. Mind you, i don't consider OS X unix. Yeah, it's a variant, but it's not unix in the true sense of the o/s. FreeBSD is unix,Solaris is unix...and there are distros of Linux on their own that are more popular than those two combined.

12. Anonymous commented on 2011-02-12 @ 17:16

    I'm very interested to see the smartphone results. I'm curious is BB will stand up to the challenge; also, with all of the talk/support lately about bringing iPhones in, I'm curious how susceptible they are (not to mention, this recent news: http://threatpost.com/en_us/blogs/how-recover-iphone-passwords-six-minutes-021011
    
    I expect Droid and Win7 to fall within minutes. Droid has too many holes, and win7 is too new to have the security kinks worked out.

13. Anonymous commented on 2011-03-05 @ 22:34

    Is Google Chrome going to be tested on OS X? I've always wondered how that would turn out...

14. Anonymous commented on 2011-03-06 @ 13:45

    no linux AGAIN. Puuuurlease.

15. Anonymous commented on 2011-03-07 @ 14:00

    To make the contest more fair, why not make sure that whatever computer you crack can be exchanged for any of the other models available. So if one particular KIND of notebook or device is more desirable than the rest, it won't fall first just because of that.

16. crypt commented on 2011-03-10 @ 10:36

    People who think Linux and Opera are not worth to be consider are really snobbish and don't see farther their nose. I suggest them to look on the other side of the globe.

17. Ravi Kishor Shakya commented on 2011-03-10 @ 22:03

    i m xtremely interested to learn how they go abt thrashing these browsers. any stepwise account of that?

18. Thierry commented on 2011-03-11 @ 03:44

    What about the most widely used mobilephone OS "Symbian" ?

19. minneapolis handyman commented on 2011-03-11 @ 11:29

    This year Peter will be participating officially as a Pwn2Own judge.

20. Anonymous commented on 2011-03-13 @ 05:32

    Nobody showed to hack Chrome because they knew they couldn't.

21. Anonymous commented on 2011-06-18 @ 17:13

    i've used Opera for years purely for it's almost anonymity (and simplicity of use). it is constantly regarded as very safe, not only for it's build but cos as said earlier, no one targets it.
    i don't look forward to the day when it reaches critical mass.

22. Logo Design commented on 2011-06-21 @ 08:38

    Wow, Its interesting and useful for all. I like it so much .

23. diseño web commented on 2011-06-27 @ 11:13

    ??? "nobody cares bout linux distros? maybe not on a desktop level, but they certainly do on a server level. I would certainly like to see Charlie Miller (or anyone) aim his guns at Red Hat, Suse, or something.
    
    and I think it's more popular than unix. Mind you, i don't consider OS X unix. Yeah, it's a variant, but it's not unix in the true sense of the o/s. FreeBSD is unix,Solaris is unix...and there are distros of Linux on their own that are more popular than those two combined.

24. resume writing service commented on 2011-07-05 @ 15:05

    Interesting post. I liked the poit about mobiles and browser.. thanks

25. Jesus Castillo - Culturismo sinTonterias commented on 2011-07-17 @ 15:53

    To make the contest more fair, why not make sure that whatever computer you crack can be exchanged for any of the other models available.

26. Custom Logo Design commented on 2011-08-02 @ 17:48

    Article is extremely nicely written and, I’m pleased to find a lot of helpful information within the publish, thank you for discussing it here. I think you’ll will be adding more.

27. dell computers commented on 2011-08-05 @ 02:30

    You clearly know so much about the subject, you’ve covered so many bases. Great stuff from this part of the internet. Again, thank you for this blog.

28. bestdating commented on 2011-08-12 @ 10:14

    I could probably hack most of the devices out there but then would it be hacked or would I be hacked? So many of the true Hackers may not reveal themselves here.

29. Jesus Castillo | Culturismo sin Tonterias commented on 2011-08-16 @ 12:31

    Great website. People who think Linux and Opera are not worth to be consider are really snobbish and don't see farther their nose.

30. Anonymous commented on 2011-10-02 @ 21:12

    hi love this post too much and Thanks for post it.

31. Shirna commented on 2011-10-16 @ 12:04

    I will look forward to this one and hope to have more to come.

32. Frank commented on 2011-10-18 @ 20:00

    browser if it is I'll stay forever with Mozilla Firefox is the most efficient and there are a lot of plugin to help us a lot at work, Google Chrome cache loads very much!

33. Monywo commented on 2011-10-24 @ 03:26

    Link to the mobile world, only say it's the most important communication way. Why don't say A successful attack against these devices must require little to no user interaction and must compromise useful data from the phone. I like this.

34. Frank commented on 2011-10-27 @ 05:02

    I liked this very interesting and I want to continue to prepare for this thanks.

35. Anonymous commented on 2011-10-28 @ 02:40

    I really have to admit it’s quite a novelty to arrive at a relatively ‘different’ blog like this, great job. I expect I’ll be coming back fairly soon and I look forward to reading your next post when I do.

36. Samsung Galaxy Note Review commented on 2011-11-19 @ 23:50

    You should do another test with some of these later models coming out. Should be interesting. What do ya think?

37. Victoria commented on 2011-12-06 @ 13:47

    Very interesting results! The competition was pretty fierce.

38. adoia commented on 2011-12-09 @ 18:22

    Chrome very Nice:)

39. owen commented on 2011-12-17 @ 15:17

    Last year i really enjoyed the contest.It good to know that 5th annual Pwn2Own competition is back again.I hope this will be fun again.

Links To This Post

1. Hackerwettbewerb: Google zahlt 20.000 Dollar f�r Chrome-Sandbox-Exploit - Security | News | ZDNet.de
   linked on 2011-02-03 @ 04:11 Show Comment

   TippingPoint hat den Hackerwettbewerb Pwn2Own 2011 angek�ndigt, der vom 9. bis 11. M�rz im kanadischen Vancouver stattfinden wird. Zu den Sponsoren z�hlt in diesem Jahr Google. Das Unternehmen stellt ein Preisgeld von 20.000 Dollar zu Verf�gung, das derjenige erh�lt, der einen Exploit in Chrome findet und die Kontrolle �ber ein Cr-48-Chrome-Netbook �bernehmen kann.

2. Pwn2Own 2011: Google offering $20,000 for Chrome sandbox exploit | ZDNet
   linked on 2011-02-02 @ 17:06 Show Comment

   Kernel bugs and plugins other than the built-in PDF support are all out of scope for Chrome, TippingPoint ZDI said.

3. Pwn2Own 2011: Google offering $20,000 for Chrome sandbox exploit | ZDNet
   linked on 2011-02-02 @ 17:06 Show Comment

   Kernel bugs and plugins other than the built-in PDF support are all out of scope for Chrome, TippingPoint ZDI said.

4. Hack Chrome And Get A CR48 Notebook and $20000 In Prize | Chrome Story
   linked on 2011-02-03 @ 04:31 Show Comment

   Cr48 is not a target in this competition. Hackers will have to break chrome browser on windows 7 machines to win and CR48 notebook is only a part of the prize.  Here is the highlight from the blogpost. Google CR-48 running ChromeOS (no attacks against this device, it is merely a prize. The Chrome target will be running on the other laptops) As for Chrome, the contest will be a two-part one. On day 1, Google will offer $20,000 USD and the CR-48 if a contestant ...

5. Batalla de seguridad de navegadores en CanSecWest, concurso Pwn2Own | MuySeguridad
   linked on 2011-02-03 @ 04:41 Show Comment

   Para la fecha en la que se llevará a cabo, es muy probable que las versiones de los navegadores sean IE9 RC, Chrome 10, Firefox 4.0. Los portátiles que serán objetivo de los ataques será un Sony Vaio con Windows 7, Alienware m11x con Windows 7, MacBook Air con Mac OS X Snow Leopard, y Google CR-48  con Chrome OS -sólo como regalo-.

6. Google bets $20K that Chrome can't be hacked Tech Blogged | Tech Blogged
   linked on 2011-02-03 @ 06:56 Show Comment

   TippingPoint, which is again sponsoring Pwn2Own, set the contest’s rules Wednesday in a blog post written by Portnoy.

7. Nexus S to take on hackers at Pwn2Own 2011 contest | The Android Site
   linked on 2011-02-03 @ 07:10 Show Comment

   For full details go visit the DV Labs blog. Related Posts:Android Joining This Year’s Pwn2Own ContestNexus One and Nexus S getting OTA updates now, fixes SMS bugAndroid ported to the Chrome OS CR-48 notebook

8. Google paga US$ 20 mil a quem conseguir hackear o Chrome
   linked on 2011-02-03 @ 07:26 Show Comment

   A Tipping Point, que mais uma vez patrocina o concurso, divulgou as regras da competição na quarta-feira (2/2), em seu blog.

9. Pwn2Own 2011: Extra prize for Chrome hack
   linked on 2011-02-03 @ 07:31 Show Comment

   ... managed to inject and execute code via a vulnerability. The most recent similar hole in Chrome was closed in mid-January � the developer who discovered it received $3133.7 for his find. Organised by the Zero Day Initiative (ZDI) team at security researchers TippingPoint, the Pwn2Own 2011 contest offers a further $105,000 for security holes found in Internet Explorer, Safari and Firefox, as well as in Windows Phone 7, iOS, Blackberry 6 and Android, that allow malicious code to be injected and executed. Holes in Symbian have been dropped from the program this year. For the first time, contestants have also been invited to attack potential firmware holes in wireless modules. Often called "baseband", this hardware includes such components as GSM and UMTS transmitters and receivers, as well as modulators and demodulators, and is implemented via a special processor. The attacks are to reveal holes in the relevant firmware, for instance in the GSM stack. At the recent Black Hat conference, Ralf-Philipp Weinmann already demonstrated how to use specially crafted GSM packets to inject code into the baseband processor and execute it there � independently of the smartphone operating system in use on the device. ...

10. Google Puts $20,000 Bounty On Chrome In Hacking Contest « SaaS Newswire
    linked on 2011-02-03 @ 07:37 Show Comment

    At the Pwn2Own contest next month, Google  will offer $20,000 to the first security researcher who can gain full control of a laptop running its Chrome Browser, a task that requires defeating the software’s sandbox protections, measures designed to isolate an attack within the browser and prevent it from accessing the ...

11. Google paga US$ 20 mil a quem conseguir hackear o Chrome | Variedades
    linked on 2011-02-03 @ 07:40 Show Comment

    A Tipping Point, que mais uma vez patrocina o concurso, divulgou as regras da competição na quarta-feira (2/2), em seu blog.

12. Google Offers $20,000 and a Laptop for a Chrome Hack | TheNewAdmin
    linked on 2011-02-03 @ 10:27 Show Comment

    Organized by the Zero Day Initiative (ZDI) team at HP TippingPoint, the contest offers further prizes totaling $105,000 for successful hacks on Microsoft Internet Explorer, Apple Safari and Mozilla Firefox, as well as these mobile phones: Dell Venue Pro running Windows 7, iPhone 4 running iOS, Blackberry Torch 9800 running Blackberry 6 OS and Nexus S running Android.

13. Google Offers $20K To Anyone Who Can Hack Google Chrome - Techland - TIME.com
    linked on 2011-02-03 @ 11:08 Show Comment

    The hacks will have to be made to Chrome Web browser's running on the latest 64-bit release of either Windows 7 or Mac OS X. Contest rules state that the hack must “must include a sandbox escape,” which means whatever the hack weakens may be combined with another security flaw that must be written in Google code to cause the whole system to crumble. (Chrome supposedly has built-in sandbox protection. According to PC World, ...

14. Think you can hack Chrome? Google has $20K with your name on it! | ZDNet
    linked on 2011-02-03 @ 08:14 Show Comment

    Here are the details: As mentioned previously, we’ve upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000 USD. While HP TippingPoint is funding $105,000 of that, we’ve partnered with Google who has generously offered up $20,000 to the researcher who can best their Chrome browser. Kudos to the Google security team for taking the initiative to approach us on this; we’re always in favor of rewarding security researchers for the work they too-often do for free.

15. Win $20K if You can Hack Chrome! | Pwnday 2011 | Webscopia
    linked on 2011-02-03 @ 10:21 Show Comment

    Portnoy announced the rules of this years Pwnday in a blog post. The main aim behind this day is to help manufacturers find vulnerabilities in their software and programming. Hacking Chrome is more difficult than it sounds. Chrome’s sandbox quality makes it a more arduous process than usual. Sandbox is an anti exploit defense that makes it nearly impossible ...

16. Google offers $20,000 for successful Cr-48 Chrome OS hack at Pwn2Own 2011 | Daily World Events
    linked on 2011-02-03 @ 09:07 Show Comment

    Google isn’t just bringing the Chrome Browser to Pwn2Own 2011 — this time, it’s also bringing its own hardware. The Cr-48 Chrome OS laptop will be on hand for the browser exploiting hullabaloo, and Google is offering $20,000 for a successful exploit. According to the event’s organizer, the attacker will also need to escape Chrome’s sandbox. At last year’s event, prominent researcher Charlie Miller said that’s no easy task, so we’re very curious to see whether someone will succeed this time around.

17. Google Tempts Hackers With $20,000 Prize| Rodney Payne
    linked on 2011-02-03 @ 10:31 Show Comment

    Aaron Portnoy, Manager of the Security Research Team at TippingPoint Technologies (which is behind the event), explained in an official blog post, "[W]e’ve partnered with Google who has generously offered up $20,000 to the researcher who can best their Chrome browser."

18. Information Technology Leader - Google Serves Up $20,000 Chrome Exploit Challenge
    linked on 2011-02-03 @ 10:16 Show Comment

    In the grand scheme of things, relatively few people ever claim $20,000 for a day’s worth of work. You can be one of them, provided you put your hacker hat on and attend the Pwn2Own contest next month. Google’s challenge is this: Be the first to “pop [the Cr-48's Chrome] browser and escape the sandbox using vulnerabilities purely present in Google-written code” and the bounty, as well as the laptop, are both yours to keep, TippingPoint said in a blog post.

19. Компания Google намерена выплатить 20 тыс. долларов за взлом браузера Chrome | AllUNIX.ru – Всероссийский портал о UNIX-системах
    linked on 2011-02-03 @ 10:21 Show Comment

    В преддверии мартовской конференции Pwn2Own, на которой состоится традиционное соревнование по взлому популярных web-браузеров, компания Google учредила специальный приз в размере 20 тыс. долларов, который будет вручен любому участнику, продемонстрировавшему способ эксплуатации системы через взлом web-браузера Chrome. Общий призовой фонд конкурса в этом году составит 125 тыс. долларов.

20. Notícia: Google paga US$ 20 mil a quem conseguir hackear o Chrome | Notícias
    linked on 2011-02-03 @ 09:16 Show Comment

    A Tipping Point, que mais uma vez patrocina o concurso, divulgou as regras da competição na quarta-feira (2/2), em seu blog.

21. Google Puts $20,000 Bounty On Chrome In Hacking Contest - Andy Greenberg - The Firewall - Forbes
    linked on 2011-02-03 @ 09:20 Show Comment

    At the Pwn2Own contest next month, Google  will offer $20,000 to the first security researcher who can gain full control of a laptop running its Chrome Browser, a task that requires defeating the software’s sandbox protections, measures designed to isolate an attack within the browser and prevent it from accessing the ...

22. Google Ups The Ante At Pwn2Own 2011 Offers $20k For Chrome Hack | Geek News
    linked on 2011-02-03 @ 10:26 Show Comment

    ... Hack Google reportedly raised the stakes for this years Pwn2Own hacking contest, offering up an additional $20,000 for anyone that successfully hacks into Google Chrome. Organized by the Zero Day Initiative (ZDI) team at security researchers TippingPoint, the 5th annual Pwn2Own 2011 contest pits security teams against some of your favors operating systems equipped with the webs best browsers as well as some of our favorite smartphones. This year the contest will offer up to $125,000 in prizes ($105k plus Google's bonus) for the teams that find and exploit security holes in Internet Explorer, Safari and Firefox, as well as in Windows Phone 7, iOS, Blackberry 6 and Android. To walk off with Google's $20,000 the researchers must ...

23. Google Gambles $20k that Chrome Can’t be Cracked « facedone
    linked on 2011-02-03 @ 09:51 Show Comment

    According to posted details about the Pwn2Own contest, a successful attack against Chrome will be measured over a few days. “On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope.”

24. Computer Troopers » Google Offers $20,000 and a Laptop for a Chrome Hack
    linked on 2011-02-03 @ 10:42 Show Comment

    Organized by the Zero Day Initiative (ZDI) team at HP TippingPoint, the contest offers further prizes totaling $105,000 for successful hacks on Microsoft Internet Explorer, Apple Safari and Mozilla Firefox, as well as these mobile phones: Dell Venue Pro running Windows 7, iPhone 4 running iOS, Blackberry Torch 9800 running Blackberry 6 OS and Nexus S running Android.

25. Google gambles $20000 that Chrome can’t be hacked | MyGeist
    linked on 2011-02-03 @ 10:34 Show Comment

    This is the first time any browser maker has added prize money and the first time Google has participated, according to TippingPoint, which is sponsoring the event. A total of $125,000 in prizes will be given to those who successfully hack varying browsers and mobile devices. Cracking Internet Explorer, Safari, or Firefox will net successful hackers $15,000.  Prizes for cracking Windows Phone 7, iPhone 4, BlackBerry 6 OS, or Android will also win exploiters $15,000 plus a device running the operating system.

26. Planet Android » Blog Archive » Nexus S to take on hackers at Pwn2Own 2011 contest
    linked on 2011-02-03 @ 10:46 Show Comment

    For full details go visit the DV Labs blog.

27. Google looft prijs uit voor Pwn2Own-hack Chrome » Clippy.be
    linked on 2011-02-03 @ 11:32 Show Comment

    Googles actie is onderdeel van de browsercompetitie. Bij de browsers zijn dit jaar ook Internet Explorer, Safari en Firefox onder de slachtoffers. Iedere browser wordt geïnstalleerd op een 64bit-versie van OS X of Windows 7. Een succesvolle hack levert een deelnemer in ieder geval 15.000 dollar op, de laptop waarop hij zijn poging deed en 20.000 ZDI-punten. Deze punten horen bij het Zero Day Initiative, een onderdeel van TippingPoint. Iedere deelnemer krijgt dertig minuten toegewezen.

28. Google offers $20,000 prize to hack Chrome at security conference | MyCE – My Consumer Electronics
    linked on 2011-02-03 @ 12:03 Show Comment

    Aaron Portnoy, who manages TippingPoint Technologies’ Security Research Team and helped develop the Pwn2Own contest, blogged about the upcoming contest and explained the special rules for exploiting Chrome:

29. Link - Estadao.com.br
    linked on 2011-02-03 @ 12:04 Show Comment

    O Pwn2Own acontece anualmente no Canadá e tem patrocínio da Tipping Point — que é quem define as regras da competição, já anunciadas.

30. Hazte hacker de Google y gana 20000 dolares | La Idea Feliz
    linked on 2011-02-03 @ 12:51 Show Comment

    Por primera vez, el concurso canadienses de hackers Pwn2Own tiene una empresa privada que ofrece una recompensa por el éxito de un experimento. Google ha prometido 20.000 dólares a quien consiga atacar con éxito el navegador Chrome.

31. Google Offers $20,000 and a Laptop for a Chrome Hack « cybersaviours
    linked on 2011-02-03 @ 13:32 Show Comment

    Organized by the Zero Day Initiative (ZDI) team at HP TippingPoint, the contest offers further prizes totaling $105,000 for successful hacks on Microsoft Internet Explorer, Apple Safari and Mozilla Firefox, as well as these mobile phones: Dell Venue Pro running Windows 7, iPhone 4 running iOS, Blackberry Torch 9800 running Blackberry 6 OS and Nexus S running Android.

32. Google offers $20,000 for Chrome hack
    linked on 2011-02-03 @ 14:05 Show Comment

    ... the fifth annual Pwn2Own hacking contest, which takes place from March 9-11. The contest is a part of the CanSecWest security conference held in Vancouver, British Colombia.This is the first time any browser maker has added prize money and the first time Google has participated, according to TippingPoint, which is sponsoring the event. Google’s contribution came after the company learned that its Chrome browser wouldn’t be included in the competition due to its similarity to Apple’s Safari browser (both run on Webkit, an open source browser engine). Last year, Chrome performed best among all the browsers in the competition, reports The Register.In addition to Google’s contribution, $105,000 in prizes will be given by Pwn2Own to those who successfully hack varying browsers and mobile devices. Cracking Internet Explorer, Safari, or Firefox will net successful hackers $15,000. Prizes for hacking Windows Phone 7, iPhone 4, BlackBerry 6 OS, or Android will also win exploiters $15,000 plus a device running the operating system.“Similarly to last year the competition will focus on two main technologies: web browsers and mobile devices,” writes Aaron Portnoy, manager of the security research team at TippingPoint.  ”Staying true to the original intent of the Pwn2Own contest we intend to empirically demonstrate the current security posture of the most prevalent products in use today.”Google appears fairly confident in its Chrome browser. It will be interesting to see how it fares against the competition this year. This is also the first year Windows Phone 7 will be competing. Is Microsoft’s fledgling OS ready for the competition?Update: Made some updates to the headline and body to clarify points of the story and added an additional source. Related PostsGoogle Chrome browser nears 10 percent s…Love it or leave it alone? First impress…The Best Web Browsers Reviewed: Internet…Google vs. Bing experiment: Half of sear…/*');/*]]*/ /*');/*]]*/ Computing Tags: Aaron Portnoy • android • BlackBerry OS 6.0 • CanSecWest • competition • Google • Google Chrome • hackers • hacking contest • Internet Explorer • iOS • Mozilla Firefox • prizes •