This year's Pwn2Own competition, held at the CanSecWest conference in Vancouver, challenged leading security experts to find previously undiscovered vulnerabilities in some of the market's leading Web browsers. The cast of characters included Internet Explorer 8, Firefox 3, Safari, and Google Chrome. The competition, which is quickly becoming a staple of the annual conference, awards contestants a combination of cash prizes and laptops to those who successfully unearth new bugs.
Pwn2Own is not just a bunch of rogue hackers trying to break the latest browsers. It is, in fact, much more productive than that. The contest's sponsor, TippingPoint, provides details of each discovered vulnerability to the respective browser vendors and does not disclose its details until a patch is released. In a sense, this competition provides a very valuable service to browser security as a whole.
The big winner this year was a German student, only known by the alias Nils, who won a total of $15,000 as well as a Sony Vaio for his efforts. Nils was able to remotely exploit vulnerabiliites in IE8, Firefox, and Safari for OS X. Another serious flaw was discovered in Safari for OS X by security analyst Charlie Miller, who took home $5,000 and a brand new Macbook.
There was a browser that wasn't pwned this year, no matter how hard the experts tried to crack it. Google Chrome, a relatively new browser that just hit the scene back in September, stood strong under pressure with no legitimate exploits unveiled. This is a pretty impressive feat, considering the brain power and experience of the folks that were pitted against it. In a separate portion of Pwn2Own, no vulnerabilities were discovered in the mobile browser realm. This part of the contest offered $10,000 as well as a new mobile device to the potential winner.(Photo © vacuum3d - #27161631/stockxpert)