Just when you thought you had done all you could to lock out nasty browser attackers ... think again
http://www.theregister.co.uk/2014/03/14/researchers_reap_over_one_meeelion_dollars_at_cansecwest_hacking_competitions/he Pwn2Own and Pwnium hacking contests at the annual CanSecWest conference in Vancouver have earned security researchers over a million dollars in prizes, exposed 34 serious zero-day flaws in popular code, and earned over $82,000 for the Canadian Red Cross.
In each of the Pwn2Own and Pwnium competitions, contestants are challenged to exploit vulnerabilities in supposedly secure software to execute malicious code – and walk away with cash if their attacks are successfully demonstrated on stage. The techniques used to own a program are privately disclosed so that the bugs can hopefully be fixed.
HP TippingPoint's Pwn2Own competition netted researchers $850,000 as all the major browsers – Chrome, Safari, Internet Explorer and Firefox – fell to attacks within the 30-minute timeframe for each, along with Flash. Only Java held up to the time-limited attacks, although researchers attempting to crack Oracle's code did come up with some interesting techniques that just took too long.
Lets all be glad such competitions mean that these exploit methods are taken care of and fresh code written to close them down, but as we all know its a constant battle being waged out there, lets just hope the hole patchers are faster than those irresponsible developers who design server side exploits and sell them to anyone for a fast buck.
