Teenage Hacker Scores $60,000 From Go...

Teenage Hacker Scores $60,000 From Google

Posted in the Top Stories Forum

Since: Oct 12


#1 Oct 12, 2012
A teenage hacker who goes by the name of “Pinkie Pie” will receive $60,000 in prize money from Google, by producing the first Chrome vulnerability at the Hack in the Box conference on Wednesday. The exploit was discovered and successfully launched just ahead of the deadline for completion, according to early reports from the event. Before awarding the cash prize, Google had to first verify and confirm the vulnerability – which it just now did, the company tells us via email. More details have also been posted to the Google Chrome blog.
According to the blog post, the hack involves the following exploit:
[$60,000][154983][154987] Critical CVE-2011-2358: SVG
use-after-free and IPC arbitrary file write. Credit to Pinkie Pie.
Google has set aside $2 million in prize money for hackers who find security vulnerabilities in its Chrome web browser, with $60,000 being reserved for those who find “full Chrome exploits.”$50,000 which is offered for partial exploits, and $40,000 for non-Chrome exploits – that is, other bugs found in Flash, Windows, or a driver that are not necessarily specific to Chrome, but could cause issues for users. Google said in February that it would awards those latter prizes because it also served the company’s overall mission of “making the entire web safer.”(The prize amounts have since changed.) Incomplete exploits may also be rewarded, based on judges’ decisions.
This is the second time “Pinkie Pie” has earned the top prize. In March, the hacker also earned $60,000 in the first “Pwnium competition”(as the event is called) by stringing together six vulnerabilities in order to break out of Chrome’s sandbox. According to a report from Infoworld, the hacker was not attending the Hack in the Box event this week, but had a colleague submit his latest entry for him.
In case you’re curious, the hacker is only identified by his handle “Pinkie Pie” because his employer doesn’t authorize his activity, noted Wired in March.(And yes,“Pinkie Pie” refers to the My Little Pony TV show, which has quite the following on Reddit).
Google has been offering cash rewards for those discovering security vulnerabilities and other bugs for some time. In March 2010, for example, the company began offering bounties for bugs found in the open-source browser Chromium (Chrome’s code base), which started at $500 and went up to $1,337 (yep,“leet” in hacker lingo).

Tell me when this thread is updated:

Subscribe Now Add to my Tracker

Add your comments below

Characters left: 4000

Please note by submitting this form you acknowledge that you have read the Terms of Service and the comment you are posting is in compliance with such terms. Be polite. Inappropriate posts may be removed by the moderator. Send us your feedback.

Top Stories Discussions

Title Updated Last By Comments
News Plurality of Americans think Trump is failing (Mar '17) 17 min Deep Grope 65,130
privates on snapchat for paypal? 22 min sugarrrr babyyyy 1
Mike Tyson: the most FEARED Boxer of All-Time 23 min Doctor REALITY 68
Flights 77 and 93: America's SECRET SHAME 35 min Doctor REALITY 207
Trumps wants to fire Mueller, but he won't dare 40 min Doctor REALITY 18
help starting a local support group 1 hr Thunderware 1
News Roman Catholic church only true church, says Va... (Jul '07) 2 hr PadMark 697,980
Why I’m no longer a Christian (Jul '08) 3 hr Dang Jersey Piney 446,522
Prove there's a god. (Mar '08) 8 hr Dang Jersey Piney 994,257