Hewlett-Packard and its Zero Day Initiative (ZDI) effort have sponsored the Pwn2Own contest at the CanSecWest conference for years now.
At the Pwn2Own event, independent security researchers square off against each other hacking Web browsers for prize money. Never before has HP’s own researchers participated in the actual hacking contest, but that is now set to change.
HP is announcing today the Pwn4Fun event at Pwn2Own, where HP ZDI staff will compete against Google staff to see who can hack browsers with new previously undisclosed exploits.
In the regular Pwn2Own event, researchers are awarded prize money for successful exploitation of Microsoft’s Internet Explorer 11, Mozilla’s Firefox, Apple’s Safari and Google’s Chrome Web browsers. This year’s Pwn2Own event will include a special $150,000 (£90,000) prize for a researcher who is able to successfully exploit IE 11 running on a 64-bit Windows 8.1 operating system, with the Enhanced Mitigation Experience Toolkit (EMET) running.
Brian Gorenc, manager of Vulnerability Research at HP’s Security Research division, told eWEEK that his team will be limiting itself to vulnerabilities discovered internally by members of the ZDI team.
“Vulnerabilities submitted through our external research community are out of scope for our entries,” Gorenc said. “ZDI is using any means necessary to find the flaws that can be used in the competition, with a goal of donating as much money to charity as possible.”
Gorenc said the charity attempts by ZDI and Google will be the first to go at Pwn2Own when the event starts on 12 March.
“Our goal is to ensure every contestant has equal opportunity to win,” he said.
As to why HP is now starting the Pwn4Fun event, Gorenc has a simple answer: “Why not?”
“Pwn2Own highlights some of the best exploit developers in the world,” Gorenc said. “This new session within Pwn2Own provides employees in both HP and Google with the ability to participate, show off their skills and donate a bunch of money to charity.”
He added, “It is a win-win for everyone.”
Are you a security pro? Try our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…