back to article HP offers $150,000 for 'exploit unicorn' in Pwn2Own hacker competition

HP has been laying out the ground rules for the latest Pwn2Own contest and is offering a new prize of $150,000 to the cunning cracker who can get root access to a Windows 8.1 PC running Redmond's Enhanced Mitigation Experience Toolkit (EMET). "Last year we launched a plug-in track to the competition, in addition to our …

COMMENTS

This topic is closed for new posts.
Silver badge

Whatever.

Professionals don't play with toys at work.

1
11
Silver badge

Re: Whatever.

What.

1
0
Silver badge
Mushroom

Re: Whatever.

Ignore Jake, most people do, comes across as a 60 year old grey beard with the attitude of a 13 year old.

3
1

Re: Whatever.

Professionals do play with such toys at work Jake, that's how we learnt to be so exceptional at what we do. If your work doesn't include fun and games you're in the wrong job!.

1
0
Bronze badge
FAIL

Re: Whatever.

Not true, one can often find a Rubber Duck useful for debugging.

http://en.wikipedia.org/wiki/Rubber_duck_debugging

0
0

Re: Whatever.

IBM needs to get into this game too.

The talk below is on TN3270 exploits.

http://bit.ly/1aJ08dn

0
0
Anonymous Coward

HP - come on spill the beans

I can't see why HP would pay for Microsoft exploits.

So it looks like Micosoft have so little faith that they prefer to do it through a 3rd party !

5
2
Anonymous Coward

EMET - a utility that helps prevent vulnerabilities in software from being successfully exploited.

Maybe it is something that cripples the PC to be usable,

otherwise it would be standard .

Methinks it is a crutch.

4
3
Silver badge

Re: EMET - a utility that helps prevent vulnerabilities in software blah blah

No it does work and works very well. Unfortunately a lot of companies and domestics are using old software and old code that isnt approved for use with modern memory security standards and other standard techniques that EMET employs. Most of what EMET enforces should have been standard coding practice for the past 10 years or so.

If MS installed it as standard set to maximum there would be mass carnage and complaints as corporations found that Office 2003 and other such vintage software or even their own badly written in-house application would no longer work. Sure you can tweak EMET to allow them to work but it would be too much for Joe Average.

I wish they would install it as standard but the IT press would slaughter them. Damned if you do....

I've been using it on a lot of my machines for about a year now.

6
3
Silver badge

Re: EMET - a utility that helps prevent vulnerabilities in software blah blah

"...there would be mass carnage and complaints as corporations found that Office 2003 and other such vintage software or even their own badly written in-house application would no longer work."

I live it every day. The sheer magnitude of kludge out there is breathtaking.

3
0
Bronze badge
Facepalm

Re: EMET

"Maybe it is something that cripples the PC to be usable, otherwise it would be standard"

Se it's akin to SELinux?

3
1
Silver badge

I'm surprised that more vendors aren't involved

After all, $150k is less than HP, Dell, Acer or Lenovo would spend on a 30 second TV ad.

5
0
Silver badge

Re: I'm surprised that more vendors aren't involved

Or more than AMD would spend in a year!

0
1

I was surprised it was so high for Java. I was seriously expecting to read this:

Cracking Java on a similar system will net $3 to a nimble-fingered security specialist.

6
1
Bronze badge

Oracle Cheapskates; Java's Worst In Class Security

Damn pompurin! I was going to throw a shot at Oracle for being so cheap in their Java exploit award, but you totally out did me. And of course, as we all know, it's specifically Java that's the single most dangerous software we can run on our computers.

Hey Oracle: How about offering a $Million for whoever can permanently return Java to actual sandboxing forever. But you don't care, do you.

2
0
Silver badge

Re: Oracle Cheapskates; Java's Worst In Class Security

The amazing thing about Java is that 90% of the machines it's installed on and compromising don't actually need it installed in the first place.

If someone wrote a 'virus' that just simply uninstalled Java without the user noticing, it would be the biggest step forward in computer security to date.

1
0
Bronze badge
Linux

Re: it would be the biggest step forward in computer security to date.

The next step forward would be to write a virus that replaces WindblowZE installs with Linux.

</snark>

2
2
Silver badge

Java contestants

Entry is limited to kids 12 & under.

1
0

HP must be joking. Who in their right mind would reveal an exploit that bypasses EMET and Win8 for a lousy 150k? Should pull $500k from the NSA or GCHQ via the grey market. Possibly much more. Perfectly legal cash and enough to, after taxes, buy a decent house, provide an adequate retirement or a purchase new Ferrari to crash shortly thereafter.

1
0
Coat

Surely the successful hacker known as Pinkie Pie must be a shoo-in for this equine prize?

Mine's the one with the rainbow-coloured hood, thanks.

1
0
This topic is closed for new posts.

Forums