Hewlett-Packard’s TippingPoint announced the prize fund for Pwn2Own 2013 back on the 17th of January. And this time around the amount on offer exceeds half a million US dollars based on the following categories:
Google Chrome on Windows 7 ($100,000)
Microsoft Internet Explorer, either
IE 10 on Windows 8 ($100,000), or
IE 9 on Windows 7 ($75,000)
Mozilla Firefox on Windows 7 ($60,000)
Apple Safari on OS X Mountain Lion ($65,000)
Web Browser Plug-ins using Internet Explorer 9 on Windows 7
Adobe Reader XI ($70,000)
Adobe Flash ($70,000)
Oracle Java ($20,000)
Most notable from the above list of prize amounts is the relatively small amount of $20,000 for hacking Java which may well have much to do with recent news events.
Obviously the large prize sums are likely to attract many entrants but there is a sticking point this year – the winning exploits will become the property of HP and therefore cannot be sold on as zero-day vulnerabilities as was possible with past competitions:
Upon successful demonstration of the exploit, the contestant will provide HP ZDI a fully functioning exploit and all the details of the vulnerability used in the attack. In the case that multiple vulnerabilities were exploited to gain code execution, details about all the vulnerabilities (memory corruption, infoleaks, escalations, etc.) leveraged and the sequence in which they are used must be provided to receive the prize money.
As always, vulnerabilities and exploit techniques revealed by contest winners will be disclosed to the affected vendors and the proof of concept will become the property of HP…
Will the prizes on offer and the terms and conditions entice you to enter Pwn2Own 2013?
photo: 401(K) 2013