January 30, 2014
When considering sustainability, vulnerabilities are key. It is prudent to ask what are the factors that prevent or disrupt sustainability, long-term health. Organizations are very good at looking out and seeking solutions for prevention such as, firewalls, alarms, cameras, detection, key cars, scans, algorithms yet, sustainability requires seeking gaps. One step is to unleash the hounds as “Google’s ready to give away over $2.7 million to folks that hack Chrome OS successfully” and pay to identify your weaknesses.
Google hosts the Pwnium 4 competition. “Google’s been holding these Pwnium contests for years as a means to crowdsource the finding of security bugs in both the Chrome browser and Chrome OS. This year, like last year, Google’s offering $110,000 for each “browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page,” and $150k to anyone who can “compromise with device persistence: guest to guest with interim reboot, delivered via a web page.” Plus, there are “significant” bonuses available for “particularly impressive or surprising” exploits — so feel free to get creative, folks. Would-be winners should also know that the offers are good for hacks performed on the ARM-based HP Chromebook 11 or the Intel-packing Acer C720, and you’ve gotta register by 5PM Pacific Time on March 10th to compete.
Chromium Security Reward Program
NO PURCHASE NECESSARY TO ENTER OR WIN. VOID WHERE PROHIBITED. CONTEST IS OPEN TO RESIDENTS OF THE 50 UNITED STATES, THE DISTRICT OF COLUMBIA AND WORLDWIDE, EXCEPT FOR RESIDENTS OF ITALY, BRAZIL, QUEBEC, CUBA, IRAN, SYRIA, NORTH KOREA, and SUDAN.
ENTRY IN THIS CONTEST CONSTITUTES YOUR ACCEPTANCE OF THESE OFFICIAL RULES.
The Pwnium4@CanSecWest2014 Chromium Security Reward Program (“Program”) is a skill contest designed to encourage involvement in improving the security of the Chromium project. Entrants submit original and unreported exploits relying on security bugs in Chrome OS including Chrome coupled with Flash / Chrome OS kernel and firmware / default apps on Chrome OS (an “Exploit”). The Exploits entrants develop will be evaluated by judges, who will award rewards to entrants who submit full and reliable Exploits (or Incomplete Exploits, as described below) with critical impact as determined in the sole discretion of the Judges.
1. BINDING AGREEMENT: In order to enter the Program, you must agree to these Official Rules (“Rules”). Therefore, please read these Rules prior to entry to ensure you understand and agree. You agree that submission of an Exploit in the Program constitutes agreement to these Rules. You may not submit an Exploit to the Program and are not eligible to receive the rewards described in these Rules unless you agree to these Rules. These Rules form a binding legal agreement between you and Google with respect to the Program.
2. ELIGIBILITY: To be eligible to enter the Program, you must be: (1) above the age of majority in the country, state, province or jurisdiction of residence (or at least twenty years old in Taiwan) at the time of entry; (2) not a resident of Italy, Brazil, Quebec, Cuba, Iran, Syria, North Korea, or Sudan; (3) not a person or entity under U.S. export controls or sanctions; and (4) have access to the Internet as of January 23rd, 2014. Contest is void in Italy, Brazil, Quebec, Cuba, Iran, Syria, North Korea, Sudan), and where prohibited by law.
Employees, interns, contractors, and official office-holders of Google, and their parent companies, subsidiaries, affiliates, and their respective directors, officers, employees, advertising and promotion agencies, representatives, and agents (“Program Entities”), and members of the Program Entities’ and their immediate families (parents, siblings, children, spouses, and life partners of each, regardless of where they live) and members of the households (whether related or not) of such employees, officers and directors are ineligible to participate in the Program. Google reserves the right to verify eligibility and to adjudicate on any dispute at any time.
If you are entering as part of a company or on behalf of your employer, these rules are binding on you, individually, and/or your employer. If you are acting within the scope of your employment, as an employee, contractor, or agent of another party, you warrant that such party has full knowledge of your actions and has consented thereto, including your potential receipt of a reward. You further warrant that your actions do not violate your employer’s or company’s policies and procedures.
3. SPONSOR: The Program is sponsored by Google Inc. (“Google” or “Sponsor”), a Delaware corporation with principal place of business at 1600 Amphitheatre Parkway, Mountain View, CA, 94043, USA.
4. PROGRAM PERIOD: The Program begins at 10:00:00 A.M. Pacific Time (PT) Zone (in Vancouver, Canada) at CanSecWest 2014 on March 12th, 2014 and ends at 12:00:00 P.M. PT on March 12th, 2014 (“Program Period”). Google may extend the Program Period in its sole discretion. ENTRANTS ARE RESPONSIBLE FOR DETERMINING THE CORRESPONDING TIME ZONE IN THEIR RESPECTIVE JURISDICTIONS.
Read more of the official Rules.