Skip to main content

Pwn2Own

All Major Browsers Fall at Pwn2Own - $110,000 paid out in 2 minutes

Two researchers on Thursday took down the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, as Pwn2Own, the annual hacking contest that runs in tandem at CanSecWest, wound down in Vancouver.

The story of the day was Korean researcher Jung Hoon Lee, who worked alone under the name lokihardt and earned the single highest payout for an exploit in the competition’s history, a staggering $110,000 in just two minutes.

l33tdawg Sat, 03/21/2015 - 06:44 Security CanSecWest Pwn2Own

Security researchers exploit various devices in Pwn2Own event

posted onNovember 13, 2014
by l33tdawg

HP held its annual Mobile Pwn2Own competition in Tokyo, Japan from 11-12 November. The purpose of this event was for security researchers, developers and hackers to exploit various phones through some previously unknown bug and then report it to the respective handset maker so the vulnerability could be patched and fixed.

Vupen Cashes in Four Times at Pwn2Own

posted onMarch 14, 2014
by l33tdawg

It’s become a familiar walk for Chaouki Bekrar. Year after year at the Pwn2Own contest, the controversial Vupen founder is scurried from a small room in the basement of the Sheraton hotel to a suite several floors above. It’s a short journey from where a string of zero-day exploits are executed to where formal disclosure is made to the vendor in question. It’s also where payment is arranged, and on this day, exclusivity is promised to HP’s Zero Day Initiative.

Pwn2Own Hacking Contest Adds Exploit Category: Unicorns

posted onFebruary 3, 2014
by l33tdawg

The annual Pwn2Own browser-hacking competition has risen to mythical status over the years, with tall tales of security researchers exploiting within minutes browser technologies thought to be secure. For their efforts, researchers have been awarded cash and prizes by the event's sponsor, Hewlett-Packard's Zero Day Initiative (ZDI).

HP has now released the rules for the upcoming 2014 event and is adding a new category never seen before in a security competition: the Exploit Unicorn.

Better late than never -- Microsoft to fix Pwn2Own flaw

posted onMay 10, 2013
by l33tdawg

Patch Tuesday approaches quickly. That time of the month when Microsoft deems it appropriate to fix the myriad security flaws that rear their ugly heads during the preceding time frame. As is custom,the company gives advance notice of what to expect, but no details regarding actual flaws -- a nod to not allowing (more) hackers taking advantage of the issues discovered.

Microsoft to patch IE10 Pwn2Own bugs next week, says security expert

posted onApril 5, 2013
by l33tdawg

Microsoft today said it will ship nine security updates next week, two rated "critical," to patch Internet Explorer (IE), Windows, SharePoint Server, Office Web Apps and the company's anti-malware software in Windows 8 and RT.

One security expert put his money on the IE update as the most important of the pending, in part because he expects Microsoft to fix the flaws revealed a month ago at the Pwn2Own hacking contest.