The annual Pwn2Own hacking contest has been so merciless at thrashing the security of popular computing products that most vendors groan when they learn their wares will be entered. Not Google. When the search company recently learned that its Chrome browser wasn't going to be included in this year's competition, which is …
"like a condom"?
Yes, I see it now. A faraday cage is just like a condom. Now I understand.
...in that it stop unwanted stuff leaking out in the wrong place.
Yeah, if you want to get important work done, it's the place to be...
I often retreat to my big latex room with gossamer-thin walls, in order to concentrate. I'm not sure if its the total inability to block out sound that does it, for me, or the banana-flavoured liquid that periodically drips from the ceiling.
I think this simile deserves to go up on the Great Wall of Bad Computer similes - somewhere in between 'Any Car Analogy' and the BBC's infamous "CPU is like the brain of a computer".
I always wear a faraday cage when I'm rooting a new host.
The isolation booth is like a condom
And henceforth shall be named so.
Opera is excluded
Because all the hackers in Pwn2Own use Opera and have already tried it.
... because they only want browsers people actually use.
(Seriously though, as a former OS/2 user I know how you guys feel.)
Because of the eula, allegedly.
Come on have you read that thing!
user numbers? les the 1% so they dont count?
Opera is excluded...
...because both users are participating the competition.
This is a brilliant way to validate a products security. When there is actual money on the line (plus the more onerous and embarrassing press coverage if flaws are found) corporate programmers are motivated to do a good job before release.
White hat hackers now have a forum to grow in talent/experience and make a few bucks to boot.
When flaws are found the companies are there to understand the issues instantly and they can be fixed quickly and economically as well. Thumb up lads. Keep it up.
>This year's contest rules will be roughly the same, except that a phone running the Symbian operating system has been replaced with one running Windows Phone 7. Prizes for browser hacks have also been increased to $15,000.
2nd price is 2 of the Windows Phone 7.
"Since then, Google has also paid more than $14,000 in bounties to researchers who uncovered security bugs in the browser."
Imagine the cost if Microsoft did that.
It's not about the security
This is a marketeering excercise. Every bounty is good publicity, and as marketeering budgets go, this is pocket change. Especially for ad giant google, who sit on a lot of cash but are limited in how much they can use their own ad delivery systems to promote themselves; it might easily backfire and cost them sales and credibility elsewhere.
Besides, the original was a marketing excercise too, for tipping point. The reason chrome was first excluded ("it's webkit based") is reasonable sounding bunk as the sandbox feature ought to've made it extra interesting if it _was_ about the security. But it wasn't.
Why this cannot be about security is equally simple: As a concept for securing applications, finding holes and plugging them before somebody else finds them and abuses them is, if you look at the probabilities, a losing game. We know that, the IT security showbiz knows that, but nobody is going to stop because the money's too good and it gives more tangible "results" than just writing proper code in the first place. (Banks and "due dilligence", anyone?) Even if at the end of the day that fresh patch means very little indeed in the greater scheme of securing the application.
So this is a bit of a ballsy move for google to hijack tipping point's show like that, but all the more effective for all that. I wouldn't be surprised if another fat envelope was passed backstage to sweeten the deal some more. What this'll mean for firefox --recall where mozilla gets the bulk of its income from-- in the long term remains to be seen.
- Product round-up Coming clean: Ten cordless vacuum cleaners
- Something for the Weekend, Sir? I need a password to BRAKE? What? No! STOP! Aaaargh!
- Episode 13 BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
- Vulture at the Wheel Ford's B-Max: Fiesta-based runaround that goes THUNK
- Worstall @ the Weekend BIG FAT Lies: Porky Pies about obesity