Thursday, August 5, 2021

Zoom, Groups, Alternate, Chrome and Edge “absolutely owned” – Bare Safety

The annual Pwn2Own contest features live hacking where top cybersecurity researchers duke it out under time pressure for huge cash prizes.

Their quest: to prove that the exploits they claim to have discovered really do work under real-life conditions.

Indeed, Pwn2Own is a bug bounty program with a twist.

The end result is still responsible disclosure, where the affected vendor gets a chance to fix any flaws before they are made public, but the bug hunters don’t just submit their bug descriptions with a list of instructions for the vendor to follow and investigate.

The competitors are faced with a standardised, patched, vanilla configuration of the system they’re targeting, set up for them on hardware they didn’t choose theselves, and they have just 30 minutes in which to complete their attack during the competition.

That means there is very little time to adjust, adapt, rethink and rewrite code during the timed part of the event itself, so this really is a showcase for meticulous research, scrupulous preparation, careful rehearsal…

…mixed with a dash of je ne sais quoi and a dose of plain old luck.