back to article Google offers $20,000 prize in annual hack-off

The annual Pwn2Own hacking contest has been so merciless at thrashing the security of popular computing products that most vendors groan when they learn their wares will be entered. Not Google. When the search company recently learned that its Chrome browser wasn't going to be included in this year's competition, which is …

COMMENTS

This topic is closed for new posts.
  1. Matt West
    Coffee/keyboard

    "like a condom"?

    Yes, I see it now. A faraday cage is just like a condom. Now I understand.

    1. Daniel 1

      Yeah, if you want to get important work done, it's the place to be...

      I often retreat to my big latex room with gossamer-thin walls, in order to concentrate. I'm not sure if its the total inability to block out sound that does it, for me, or the banana-flavoured liquid that periodically drips from the ceiling.

      I think this simile deserves to go up on the Great Wall of Bad Computer similes - somewhere in between 'Any Car Analogy' and the BBC's infamous "CPU is like the brain of a computer".

    2. Anonymous Coward
      Happy

      Well yes...

      ...in that it stop unwanted stuff leaking out in the wrong place.

    3. Sorry that handle is already taken. Silver badge
      Coat

      Robosexuality

      I always wear a faraday cage when I'm rooting a new host.

  2. Anonymous Coward
    Alert

    The isolation booth is like a condom

    And henceforth shall be named so.

  3. MarkOne
    Stop

    Opera is excluded

    Because all the hackers in Pwn2Own use Opera and have already tried it.

    1. Anonymous Coward
      Troll

      No Opera...

      ... because they only want browsers people actually use.

      (Seriously though, as a former OS/2 user I know how you guys feel.)

    2. SilverWave
      Happy

      Because of the eula, allegedly.

      Come on have you read that thing!

    3. SilverWave
      Happy

      user numbers? les the 1% so they dont count?

      just saying

    4. thecakeis(not)alie

      Opera is excluded...

      ...because both users are participating the competition.

  4. NoneSuch Silver badge
    Thumb Up

    Brilliant

    This is a brilliant way to validate a products security. When there is actual money on the line (plus the more onerous and embarrassing press coverage if flaws are found) corporate programmers are motivated to do a good job before release.

    White hat hackers now have a forum to grow in talent/experience and make a few bucks to boot.

    When flaws are found the companies are there to understand the issues instantly and they can be fixed quickly and economically as well. Thumb up lads. Keep it up.

  5. SilverWave
    Happy

    say what?

    >This year's contest rules will be roughly the same, except that a phone running the Symbian operating system has been replaced with one running Windows Phone 7. Prizes for browser hacks have also been increased to $15,000.

    2nd price is 2 of the Windows Phone 7.

  6. Mark 65 Silver badge

    Bounties

    "Since then, Google has also paid more than $14,000 in bounties to researchers who uncovered security bugs in the browser."

    Imagine the cost if Microsoft did that.

  7. Anonymous Coward
    Anonymous Coward

    It's not about the security

    This is a marketeering excercise. Every bounty is good publicity, and as marketeering budgets go, this is pocket change. Especially for ad giant google, who sit on a lot of cash but are limited in how much they can use their own ad delivery systems to promote themselves; it might easily backfire and cost them sales and credibility elsewhere.

    Besides, the original was a marketing excercise too, for tipping point. The reason chrome was first excluded ("it's webkit based") is reasonable sounding bunk as the sandbox feature ought to've made it extra interesting if it _was_ about the security. But it wasn't.

    Why this cannot be about security is equally simple: As a concept for securing applications, finding holes and plugging them before somebody else finds them and abuses them is, if you look at the probabilities, a losing game. We know that, the IT security showbiz knows that, but nobody is going to stop because the money's too good and it gives more tangible "results" than just writing proper code in the first place. (Banks and "due dilligence", anyone?) Even if at the end of the day that fresh patch means very little indeed in the greater scheme of securing the application.

    So this is a bit of a ballsy move for google to hijack tipping point's show like that, but all the more effective for all that. I wouldn't be surprised if another fat envelope was passed backstage to sweeten the deal some more. What this'll mean for firefox --recall where mozilla gets the bulk of its income from-- in the long term remains to be seen.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021