back to article HP offers $150,000 for 'exploit unicorn' in Pwn2Own hacker competition

HP has been laying out the ground rules for the latest Pwn2Own contest and is offering a new prize of $150,000 to the cunning cracker who can get root access to a Windows 8.1 PC running Redmond's Enhanced Mitigation Experience Toolkit (EMET). "Last year we launched a plug-in track to the competition, in addition to our …

COMMENTS

This topic is closed for new posts.
  1. jake Silver badge

    Whatever.

    Professionals don't play with toys at work.

    1. Destroy All Monsters Silver badge

      Re: Whatever.

      What.

      1. Anonymous Coward
        Mushroom

        Re: Whatever.

        Ignore Jake, most people do, comes across as a 60 year old grey beard with the attitude of a 13 year old.

    2. Crazy_Ivan

      Re: Whatever.

      Professionals do play with such toys at work Jake, that's how we learnt to be so exceptional at what we do. If your work doesn't include fun and games you're in the wrong job!.

    3. WraithCadmus
      FAIL

      Re: Whatever.

      Not true, one can often find a Rubber Duck useful for debugging.

      http://en.wikipedia.org/wiki/Rubber_duck_debugging

    4. DB2DBA

      Re: Whatever.

      IBM needs to get into this game too.

      The talk below is on TN3270 exploits.

      http://bit.ly/1aJ08dn

  2. Anonymous Coward
    Anonymous Coward

    HP - come on spill the beans

    I can't see why HP would pay for Microsoft exploits.

    So it looks like Micosoft have so little faith that they prefer to do it through a 3rd party !

  3. Anonymous Coward
    Anonymous Coward

    EMET - a utility that helps prevent vulnerabilities in software from being successfully exploited.

    Maybe it is something that cripples the PC to be usable,

    otherwise it would be standard .

    Methinks it is a crutch.

    1. jason 7

      Re: EMET - a utility that helps prevent vulnerabilities in software blah blah

      No it does work and works very well. Unfortunately a lot of companies and domestics are using old software and old code that isnt approved for use with modern memory security standards and other standard techniques that EMET employs. Most of what EMET enforces should have been standard coding practice for the past 10 years or so.

      If MS installed it as standard set to maximum there would be mass carnage and complaints as corporations found that Office 2003 and other such vintage software or even their own badly written in-house application would no longer work. Sure you can tweak EMET to allow them to work but it would be too much for Joe Average.

      I wish they would install it as standard but the IT press would slaughter them. Damned if you do....

      I've been using it on a lot of my machines for about a year now.

      1. ecofeco Silver badge

        Re: EMET - a utility that helps prevent vulnerabilities in software blah blah

        "...there would be mass carnage and complaints as corporations found that Office 2003 and other such vintage software or even their own badly written in-house application would no longer work."

        I live it every day. The sheer magnitude of kludge out there is breathtaking.

    2. Sandtitz Silver badge
      Facepalm

      Re: EMET

      "Maybe it is something that cripples the PC to be usable, otherwise it would be standard"

      Se it's akin to SELinux?

  4. Anonymous Coward
    Anonymous Coward

    I'm surprised that more vendors aren't involved

    After all, $150k is less than HP, Dell, Acer or Lenovo would spend on a 30 second TV ad.

    1. jason 7

      Re: I'm surprised that more vendors aren't involved

      Or more than AMD would spend in a year!

  5. pompurin

    I was surprised it was so high for Java. I was seriously expecting to read this:

    Cracking Java on a similar system will net $3 to a nimble-fingered security specialist.

    1. DerekCurrie

      Oracle Cheapskates; Java's Worst In Class Security

      Damn pompurin! I was going to throw a shot at Oracle for being so cheap in their Java exploit award, but you totally out did me. And of course, as we all know, it's specifically Java that's the single most dangerous software we can run on our computers.

      Hey Oracle: How about offering a $Million for whoever can permanently return Java to actual sandboxing forever. But you don't care, do you.

      1. jason 7

        Re: Oracle Cheapskates; Java's Worst In Class Security

        The amazing thing about Java is that 90% of the machines it's installed on and compromising don't actually need it installed in the first place.

        If someone wrote a 'virus' that just simply uninstalled Java without the user noticing, it would be the biggest step forward in computer security to date.

        1. Fatman
          Linux

          Re: it would be the biggest step forward in computer security to date.

          The next step forward would be to write a virus that replaces WindblowZE installs with Linux.

          </snark>

    2. Mikel

      Java contestants

      Entry is limited to kids 12 & under.

  6. Binnacle

    HP must be joking. Who in their right mind would reveal an exploit that bypasses EMET and Win8 for a lousy 150k? Should pull $500k from the NSA or GCHQ via the grey market. Possibly much more. Perfectly legal cash and enough to, after taxes, buy a decent house, provide an adequate retirement or a purchase new Ferrari to crash shortly thereafter.

  7. TeraTelnet
    Coat

    Surely the successful hacker known as Pinkie Pie must be a shoo-in for this equine prize?

    Mine's the one with the rainbow-coloured hood, thanks.

This topic is closed for new posts.

Other stories you might like