BEST OF THE WEB

Win cash for hacking at Vancouver security conference

There’s money in computer exploits – both from those who create them and those who want to plug them.

In the latter camp Hewlett-Packard is offering US$150,000 at the CanSecWest 2014 conference in Vancouver next month.

It’s part of HP’s annual Pwn2Own contest, with the Grand Prize a multiple component test that includes finding a way to bypass Microsoft’s Enhanced Migration Experience Toolkit (EMET) protections on a PC with 64-bit Windows 8.1 on Internet Explorer 11.

It’s dubbed the Exploit Unicorn.

There are a few conditions to win the 150K: The initial vulnerability utilized in the attack must be in the browser. Then the browser’s memory sandbox must be bypassed using a vulnerability in the sandbox. A separate privilege escalation vulnerability must be used to obtain SYSTEM-level arbitrary code execution on the target. The exploit must work when Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) protections are enabled.

And it has to be done within 30 minutes.

Why EMET? In a blog Angela Gunn of HP writes that Microsoft is now encouraging the general public to use it, especially when a new attack is in progress.

“With EMET carrying that kind of burden of protection, researchers are getting more interested in testing its limits, and our Grand Prize reflects that. We may not have any successful contestants, but security researchers thrive on insanely difficult challenges; we’re excited to provide one.”

For those not brave enough to take that challenge, there are two other categories: Browsers (break one of that latest versions of Chrome, Explorer 11, FireFox or Safari)’ and Plug-ins (defeat security on Adobe Reader, Adobe Flash or Oracle Java.

The vulnerability or vulnerabilities used in each attack must be unknown and not previously reported to the vendor. A particular vulnerability can only be used once across all categories.

Cash prizes are awarded for each. In total nearly $750,000 in cash and prizes are available.

See here for detailed rules 

CanSecWest runs March 12-14 at the Sheraton Wall Centre hotel.

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web