CanSecWest 2013, a security conference held every year in Vancouver, British Columbia, may prove to be prime hunting grounds for hackers looking to discover and exploit browser plug-ins in a tight, totally patched environment. For once, however, they are being paid to perform their normally frowned-upon work.
At the PWN2OWN competition, contestants will be offered the opportunity to win nothing less than sizeable prizes (ranging from laptops to $100,000.00) for carrying out exploits within fully-patched browsers on fully-patched computers. Browsers that will be tested include Microsoft's Internet Explorer, Mozilla's Firefox, Google's Chrome, and Apple's Safari. Prizes vary depending upon how difficult the organizers—backed by HP—believe that each platform will be to exploit.
In order to claim their prize, each contestant will have to provide in detail and in sequence the vulnerabilities they exploited in order to “PWN” the equipment on which they will be working. Afterward, HP will claim rights to the exploit, and the contestant will be prohibited from sharing the information they garnered during the course of the competition.
In what appears to be an attempt to entice the hackers of the world to hack for, and not against, the technology powers that be, events such as PWN2OWN are becoming more and more common within the industry. With events like SparkFun's Free Day, an open invitation to inadvertently DDoS SparkFun's web servers, and Google's own Pwnium, which was Google's way of opting out of PWN2OWN last year due to policy concerns, the number of opportunities for hackers to earn massive prizes in a legitimate way is growing steadily with every passing year.