The Daily Swig Web security digest

Pwn2Own returns with new targets and $2m prize pool

James Walker | 05 February 2018 at 16:29

Virtualization category expanded to include Oracle and Microsoft solutions in 2018.

Pwn2Own, the annual hacking contest run by Trend Micro’s Zero Day Initiative (ZDI), will return on March 14-16, complete with an expanded list of targets and its biggest-ever prize pool.

Now entering its second decade, Pwn2Own 2018 will once again take place during the CanSecWest conference in Vancouver, Canada. And thanks to a new partnership with Microsoft and sponsorship deal with VMware, this year’s event offers up to $2 million in cash and prizes to security researchers who can successfully demonstrate their attacks across various categories.

Web browsers, virtual machine guest-to-host escapes, servers, and enterprise applications return as targets in 2018. If this wasn’t enough for researchers to get their teeth into, the virtualization category has expanded to include Oracle’s VirtualBox, along with the Windows Insider Preview Challenge, which includes brand new targets for the company’s virtualization-based security stack.

“Server targets expand this year as well,” ZDI said in its event preview release. “Apache was included in last year’s event and is joined this year by NGINX, OpenSSL, and Windows SMB server. Over the years, we’ve seen some ground-breaking research demonstrated, so we can’t wait to see what contestants bring this year.”

Discussing the importance of hacking events for vendors looking to stress-test their latest innovations, David Weston, principle group manager of Windows and Devices Group Enterprise and Security, said: “With Windows as a Service (WaaS) shipping new security innovation to our customers this spring, Pwn2Own could not happen at a better time.

“We’re excited to have the best and brightest minds testing the limits of some of our flagship pre-release security technologies from the latest Windows Insider Preview for Business on our Surface Book 2 devices.”