Feeds

back to article Google sets $2.7m Pwnium prize for cunning cracks for Chrome OS

The fourth Pwnium hacking competition will be held in March, and this year Google is offering some major prizes for anyone who can subvert its Chrome OS. And, for the first time, it's not as picky about its hardware. "Past Pwnium competitions have focused on Intel-based Chrome OS devices, but this year researchers can choose …

COMMENTS

This topic is closed for new posts.
Silver badge

I'd like to see someone crack Chrome or Chrome OS the way I run them

Google, being an ad company, has made Chrome and Chrome OS very friendly to online ads and plugins by default. I wonder if they would be much harder to crack the way I run them:

- AdBlock Plus, HTTPS Everywehere, and Ghostery extensions installed with all possible cookies and ads blocked;

- all plug-ins click-to-play only;

- java disabled

- all but whitelisted cookies destroyed on browser exit

I'm assuming that most pwnage will be due to the insecure nature of the default setup?

4
1

Roll up! Roll up! Step this way...

...and see your box ravaged just the same. Of the 2.5 successes that "Pinkie Pie" has had at previous Pwnium contests, at least 1.5 look as if they would have worked against your sort of config (and just possibly the other one would too - although you're blocking plugins & scripting code it was exploiting a defect in the controlling when native client code was allowed to run, so maybe it would bypass NoScript too).

It's worth a coffee-break to go through the details of the attacks - they're scary-good:

http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html

http://blog.chromium.org/2013/03/pwnium-3-and-pwn2own-results.html

http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html

1
0
Silver badge

Re: Roll up! Roll up! Step this way...

Holy Cow! That pinkie pie dude is freaking brilliant.

However, looks like my Chromebook would have been safe from all his attempts at pwnage. Two of them only worked against Chrome on a Windows machine, and his Chrome OS exploits were only partial exploits - he was able to point out some vulnerabilities, but he wasn't able to gain control of the system.

But there's no doubt - that dude is brilliant beyond belief.

2
0
JDX
Gold badge

Re: I'd like to see someone crack Chrome or Chrome OS the way I run them

They wouldn't be able to crack your computer if you unplugged it and buried it in a lead box either. Well done, you've metaphorically made yourself safe from athlete's foot by hobbling yourself.

1
0
Anonymous Coward

Re: I'd like to see someone crack Chrome or Chrome OS the way I run them

Isn't Chrome Linux based? Somehow I don't think the money will last long....

0
2
Silver badge
Boffin

Re: I'd like to see someone crack Chrome or Chrome OS the way I run them

@JDX - "Well done, you've metaphorically made yourself safe from athlete's foot by hobbling yourself."

I've hobbled myself by getting rid of ads and non-white-listed cookies and auto-play flash videos? You've got a weird definition of the term "hobbled".

3
0

"That figure's not random by the way, just Google geekery in action again. It's the value of the natural logarithm to the base e, although there's been some rounding in Mountain View's interpretation of the figure."

And someone else's interpretation in a finite number of digits doesn't round?

Go on, stop teasing.

0
0
Anonymous Coward

thumbs up here

Replaced a PC with a chromebook for a previously high maintenance relative and not had a single support call, they love it and constantly shout about how good it is to their bowling club friends.

0
0
This topic is closed for new posts.