Pwn2Own hacking contest revamped this year

This year's version of the Pwn2Own hacking competition will see a major facelift in terms of the scoring system and target. For one, the targets will basically be narrowed down to the four major web browsers. And instead of being a race to successfully pull off a zero-day attack, the tiered scoring system will encourage team play and reward technical hacking skills.

The organizers obviously want to avoid sensationalist headlines such as "Mac hacked in three seconds." Speaking to security site Dark Reading, Aaron Portnoy, director of Zero Day Initiative, said, "Unlike in prior years, if someone finds a zero-day, the target is not removed from the contest anymore and you can go after anything you want...and continually attack anything."

To make things more challenging, Portnoy outlined the inclusion of a new twist designed to test overall hacking proficiency: "On the first day of the contest, we will announce two patched vulnerabilities per target that my team has confirmed are exploitable. We will give out a virtual machine with the targeted browser, and the proof-of-concept that triggers it, but not the exploit."

Ultimately, the new contest rules reflect the growing importance of the web browser as a platform and cast the spotlight on how it can be used to break past traditional corporate defenses. The top-scoring team can also expect to take home a larger prize of $60,000, while the second and third prize will be $30,000 and $15,000 respectively. The full rules for the contest can be found published here.

The competition is to be held from March 7 to 9 at CanSecWest 2012.

For more:
- check out this article at Dark Reading
- check out this article at Computerworld

Related Articles:
Google offers $20k for Chrome hack in Pwn2Own
Apple laptop batteries can be hacked and destroyed