// Home / News / Security

Hacking contest focuses on patching rather than speed

By Nicole Kobie

Posted on 24 Jan 2012 at 09:36

Hacking is no longer about how fast you do it, but how completely - that's the message coming from changes to a major hacking competition.

One of the most-watched security contests of the year, Pwn2Own targets browsers, offering big prizes to whichever researcher can get through a system first.

This year, the contest has been changed to "more closely reflect the value of the exploits demonstrated," according to contest organisers HP Tipping Point, which said the new version would be a "welcome change both for the competitors as well as the spectators at the event".

What we had been ignoring is the fact that it's really important to actually patch vulnerabilities

Previously, the first researcher to hack a specific browser has won. This year, it's not a race to the finish; there will be only three winners, with their success based on points accumulated over the three day competition.

The contest will award 32 points for a fresh zero-day exploit, but will also announce vulnerabilities at the start of the competition, and award ten points to every working exploit created - showing the importance of patching old flaws, the company said.

"In the past, Pwn2Own has shown the importance of zero-day vulnerabilities and the fact that at any given time you are susceptible to attack regardless of your patch level," Aaron Portnoy, manager of the Security Research Team at HP TippingPoint, told InternetNews. "What we had been ignoring is the fact that it's really important to actually patch vulnerabilities."

As usual, the contest will target browsers Internet Explorer, Firefox and Chrome on Microsoft's Windows 7 or Safari on Apple's Mac OS Lion. Last year, IE and Safari were both successfully hacked, while Firefox and Chrome were not.

HP is offering $105,000 in prizes - with $60,000 plus a laptop to first place - while Google has for the second year running offered an extra $20,000 per qualifying Chrome bug.

The contest starts on 7 March at CanSecWest in Vancouver, Canada.

Subscribe to PC Pro magazine. We'll give you 3 issues for £1 plus a free gift - click here

From around the web

User comments

"Previously, the first researcher to hack a specific browser has one"

One what?!

By mulvaney on 24 Jan 2012

Too many commas

This year , it's not a race to the finish, with only three winners, based on their points accumulated over the three day competition.

You expect journalists to at least have a fundamental understanding of the English language. So many parts of this report are so badly written it makes it hard to figure out what the point of writing it was.

By SwissMac on 24 Jan 2012

(substitute taking a big breath for each comma and see how fluently the sentence does not flow after that.)

By SwissMac on 24 Jan 2012

@SwissMac - think a word was missing, but not entirely sure which one. Have fixed it, thanks for flagging.

By Nicole_Kobie on 24 Jan 2012

OMG

Dont worry about it Nicole keep up the good work. I believe the point of this article was to enlighten readers on the changes to the competition this year, a perfectly good reason in my eyes. SwissMac has nothing better to do than be a Trol (and a bad one at that)

By HolisticLA on 25 Jan 2012