HP To Battle Google Staff In Hacking Contest

Hewlett-Packard and its Zero Day Initiative (ZDI) effort have sponsored the Pwn2Own contest at the CanSecWest conference for years now.

At the Pwn2Own event, independent security researchers square off against each other hacking Web browsers for prize money. Never before has HP’s own researchers participated in the actual hacking contest, but that is now set to change.

Hacking Contest

HP is announcing today the Pwn4Fun event at Pwn2Own, where HP ZDI staff will compete against Google staff to see who can hack browsers with new previously undisclosed exploits.

In the regular Pwn2Own event, researchers are awarded prize money for successful exploitation of Microsoft’s Internet Explorer 11, Mozilla’s Firefox, Apple’s Safari and Google’s Chrome Web browsers. This year’s Pwn2Own event will include a special $150,000 (£90,000) prize for a researcher who is able to successfully exploit IE 11 running on a 64-bit Windows 8.1 operating system, with the Enhanced Mitigation Experience Toolkit (EMET) running.

For the Pwn4Fun event, instead of giving HP and Google researchers prize money, HP is donating money to charity. For an IE or Chrome exploit, HP will donate $50,000 (£29,997); for a Flash exploit, $37,500 (£22,507) will be donated. The Canadian Red Cross will be the recipient.

Brian Gorenc, manager of Vulnerability Research at HP’s Security Research division, told eWEEK that his team will be limiting itself to vulnerabilities discovered internally by members of the ZDI team.

“Vulnerabilities submitted through our external research community are out of scope for our entries,” Gorenc said. “ZDI is using any means necessary to find the flaws that can be used in the competition, with a goal of donating as much money to charity as possible.”

Charity Win

Gorenc said the charity attempts by ZDI and Google will be the first to go at Pwn2Own when the event starts on 12 March.

“Our goal is to ensure every contestant has equal opportunity to win,” he said.

As to why HP is now starting the Pwn4Fun event, Gorenc has a simple answer: “Why not?”

“Pwn2Own highlights some of the best exploit developers in the world,” Gorenc said. “This new session within Pwn2Own provides employees in both HP and Google with the ability to participate, show off their skills and donate a bunch of money to charity.”

He added, “It is a win-win for everyone.”

Are you a security pro? Try our quiz!

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

21 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

22 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

23 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago