|
 |
Blogs |
|
|
|
|
|
|
 |
Michael P. from
Seneca College,
Seneca@York wrote at
January 11, 2007
Send Link: http://studentsmetro.com/blg/blogDetails.php?blogID=229
|
|
|
idefense pays $8000 for hacking windows.
|
|
Vulnerability Challenge:
Both Microsoft Internet Explorer and Microsoft Windows dominate their respective markets, and it is not surprising that the decision to update to the current release of Internet Explorer 7.0 and/or Windows Vista is fraught with uncertainty. Primary in the minds of IT security professionals is the question of vulnerabilities that may be present in these two groundbreaking products.
To help assuage this uncertainty, iDefense Labs is pleased to announce the Q1, 2007 quarterly challenge. iDefense will pay $8,000 for each submitted vulnerability that allows an attacker to remotely exploit and execute arbitrary code on either of these two products. Only the first submission for a given vulnerability will qualify for the award, and iDefense will award no more than six payments of $8,000. If more than six submissions qualify, the earliest six submissions (based on submission date and time) will receive the award. The iDefense Team at VeriSign will be responsible for making the final determination of whether or not a submission qualifies for the award. The criteria for this phase of the challenge are:
Technologies Covered:
-Microsoft Internet Explorer 7.0
-Microsoft Windows Vista
Vulnerability Challenge Ground Rules:
-The vulnerability must be remotely exploitable and must allow arbitrary code execution in a default installation of one of the technologies listed above
-The vulnerability must exist in the latest version of the affected technology with all available patches/upgrades applied
-`RC` (Release candidate), `Beta`, `Technology Preview` and similar versions of the listed technologies are not included in this challenge
-The vulnerability must be original and not previously disclosed either publicly or to the vendor by another party
-The vulnerability cannot be caused by or require any additional third party software installed on the target system
-The vulnerability must not require additional social engineering beyond browsing a malicious site
Working Exploit Challenge:
In addition to the $8,000 award for the submitted vulnerability, iDefense will pay from $2,000 to $4,000 for working exploit code that exploits the submitted vulnerability. The arbitrary code execution must be of an uploaded non-malicious payload. Submission of a malicious payload is grounds for disqualification from this phase of the challenge.
Technologies Covered:
-Microsoft Internet Explorer 7.0
-Microsoft Windows Vista
Working Exploit Challenge Ground Rules:
Working exploit code must be for the submitted vulnerability only - iDefense will not consider exploit code for existing vulnerabilities or new vulnerabilities submitted by others. iDefense will consider one and only one working exploit for each original vulnerability submitted.
The minimum award for a working exploit is $2,000. In addition to the base award, additional amounts up to $4,000 may be awarded based upon:
- Reliability of the exploit
- Quality of the exploit code
- Readability of the exploit code
- Documentation of the exploit code
(Text from: idefense.com)
When they`ll post the results, I`ll let you know! |
|
|
|
|
|
|
|
|
|
|
Stumble It!
