Monday, March 2, 2009

Pwn2Own 2009 - Browsers & Mobile Devices

Via DVLabs (TippingPoint) -

TippingPoint's Zero Day Initiative (ZDI) team is pleased to announce that we will once again be sponsoring this year’s Pwn2Own contest for the 3rd year running. The contest will be held during the CanSecWest Security Conference March 16-20th in Vancouver, BC. If you’re unfamiliar with the Pwn2Own contest, check out the rules and results from last year. This year’s contest will target two sets of technologies: web browsers and mobile devices. As usual, the ZDI will purchase all winning vulnerabilities that are submitted against these targets, hand them over to the affected vendors, and coordinate public disclosure.

The browser targets will be IE8, Firefox, and Chrome installed on a Sony Vaio running Windows 7 as well as Safari and Firefox installed on a Macbook running Mac OS X. All browsers will be fully patched and in their default configuration as of the first day of the contest. The mobile device targets will include fully patched BlackBerry, Android, iPhone, Symbian and Windows Mobile phones in their default configurations. A full list of available interfaces will be made available on the CanSecWest website under the Pwn2Own rules


The Zero Day Initiative will put up $5000 per browser bug, and $10,000 per mobile bug. The first person to crack any of the mobile devices will also get to keep that device along with a one year phone contract. The first person to crack any of the browsers will get to keep the laptop it was running on. All winners will be asked to sign and agree to the general ZDI Non Disclosure Agreement, and the bugs will be turned over directly to the affected vendors. If more than 5 people win prizes, we will offer additional “Bonus” prizes of an extra $5,000 that will be awarded this year for Most Interesting Browser flaw, Most Interesting Mobile Device Flaw, and Best in Show.

No comments:

Post a Comment