Pwn2Own

Two researchers on Thursday took down the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, as Pwn2Own, the annual hacking contest that runs in tandem at CanSecWest, wound down in Vancouver.

The story of the day was Korean researcher Jung Hoon Lee, who worked alone under the name lokihardt and earned the single highest payout for an exploit in the competition’s history, a staggering $110,000 in just two minutes.

HP held its annual Mobile Pwn2Own competition in Tokyo, Japan from 11-12 November. The purpose of this event was for security researchers, developers and hackers to exploit various phones through some previously unknown bug and then report it to the respective handset maker so the vulnerability could be patched and fixed.

While developers are getting better about hardening their software, the 35 vulnerabilities revealed at the Pwn2Own tournament this week show that security remains a work in progress.

It’s become a familiar walk for Chaouki Bekrar. Year after year at the Pwn2Own contest, the controversial Vupen founder is scurried from a small room in the basement of the Sheraton hotel to a suite several floors above. It’s a short journey from where a string of zero-day exploits are executed to where formal disclosure is made to the vendor in question. It’s also where payment is arranged, and on this day, exclusivity is promised to HP’s Zero Day Initiative.

The annual Pwn2Own browser-hacking competition has risen to mythical status over the years, with tall tales of security researchers exploiting within minutes browser technologies thought to be secure. For their efforts, researchers have been awarded cash and prizes by the event's sponsor, Hewlett-Packard's Zero Day Initiative (ZDI).

HP has now released the rules for the upcoming 2014 event and is adding a new category never seen before in a security competition: the Exploit Unicorn.

Patch Tuesday approaches quickly. That time of the month when Microsoft deems it appropriate to fix the myriad security flaws that rear their ugly heads during the preceding time frame. As is custom,the company gives advance notice of what to expect, but no details regarding actual flaws -- a nod to not allowing (more) hackers taking advantage of the issues discovered.

Microsoft today said it will ship nine security updates next week, two rated "critical," to patch Internet Explorer (IE), Windows, SharePoint Server, Office Web Apps and the company's anti-malware software in Windows 8 and RT.

One security expert put his money on the IE update as the most important of the pending, in part because he expects Microsoft to fix the flaws revealed a month ago at the Pwn2Own hacking contest.

Adobe today patched Flash Player, the fifth time this year it's updated the vulnerability-plagued software.

Unlike two of the three updates last month, however, today's was part of Adobe's regularly-scheduled patch cadence.

The results from the annual Pwn2Own hacking contest are in, and the score is as follows: hackers one, software zero.

Research teams Wednesday cracked Microsoft's Internet Explorer 10 (IE10), Google's Chrome and Mozilla's Firefox at the Pwn2Own hacking contest, pulling in more than $250,000 in prizes.

Earlier in the day, a solo hacker exploited Oracle's Java to win $20,000.