Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Google Pledges Pi Million Dollars In Pwnium 3 Prizes

samzenpus posted about 2 years ago | from the puns-are-fun dept.

Google 60

chicksdaddy writes "Google cemented its reputation as the squarest company around Monday (pun intended), offering prizes totaling Pi Million Dollars — that's right: $3.14159 million greenbacks — in its third annual Pwnium hacking contest, to be held at the CanSecWest conference on March 7 in Vancouver, British Columbia. Google will pay $110,000 for a browser or system level compromise delivered via a web page to a Chrome user in guest mode or logged in. The company will pay $150,000 for any compromise that delivers 'device persistence' delivered via a web page, the company announced on the chromium blog. 'We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems,' wrote Chris Evans of Google's Security Team."

Sorry! There are no comments related to the filter you selected.

First (0)

Anonymous Coward | about 2 years ago | (#42720505)

Be squared...

Needs to go to the cents... (4, Insightful)

sconeu (64226) | about 2 years ago | (#42720517)

$3,141,592.65 whould be better.

Re:Needs to go to the cents... (1)

Obfuscant (592200) | about 2 years ago | (#42720935)

I'd settle for e million.

Re:Needs to go to the cents... (1)

Anonymous Coward | about 2 years ago | (#42721115)

$3,141,592.65 whould be better.

Dude, why are you putting so much emphasis on the h?

The Tau of Pi (2)

aNonnyMouseCowered (2693969) | about 2 years ago | (#42721367)

We settle for Pi when you can have Tau?

http://tauday.com/ [tauday.com]

Re:The Tau of Pi (1)

chronokitsune3233 (2170390) | about 2 years ago | (#42723163)

I was just about to mention this. :-)

Tau > Pi

Re:The Tau of Pi (-1)

Anonymous Coward | about 2 years ago | (#42723391)

Oh, tau is so much better indeed. Why write pi * r^2 when you can have tau/2 * r^2? Or Euler's famous formula: exp(i * tau/2) - 1 = 0. And of course, it's a vast improvement to write the integral of exp(-x^2) from 0 to infinity as the square root of tau/8 rather than that of pi/4.

Re:The Tau of Pi (0)

Anonymous Coward | about 2 years ago | (#42723565)

I agree with your general point about tau but exp(i * tau/2) is -1 not 1 and exp(i * tau) - 1 = 0

Re:The Tau of Pi (0)

Anonymous Coward | about 2 years ago | (#42724791)

Well obviously you're not going to get neat equations by blindly substituting tau/2 for pi without even simplifying.

If you don't think tau/2 * r^2 is more elegant than pi * r^2 you don't do much math. Sure, it's slightly longer symbolically, but no one ever argued that all uses of Tau would make equations shorter, just that in general it's more semantically clear. So go on, *why* is the area of a circle pi * r^2 ? Is it obvious? Do you find it easy to visualize? Remember, pi is the ratio of circumference to diameter, not radius, so you've got a bit of juggling with your 2s and your halfs .... ...or you could just use tau, which is in terms of radius, which makes your equation tau/2 * r^2, which is familiar to anyone who's done calculus for more than a month as the integral of tau * r. Why tau * r? Because tau is a unit of measurement of *angles*, and one tau is a complete circle. So you sweep a radius through a complete circle and integrate it. Intuitive and straightforward.

As for Euler's formula, most people have no idea what it means and are not qualified to comment on its relative elegance with respect to alternative formulations. e ^ (theta * i) rotates around the origin on the complex plane. It starts at (1,0) and completes a revolution every time theta hits a multiple of tau (once again, a tau equals a complete turn). If you plug pi into theta, it only rotates halfway around, stopping at (-1,0). Adding a 1 thus does push it "right" and bring it across to 0, but is that really elegant? As another anonymous coward points out, e^(tau*i) - 1 = 0 just as well, by bringing it round a *complete* circle and then pushing it "left" to the middle.

Square? (1)

stewsters (1406737) | about 2 years ago | (#42720525)

Squarest? -1 troll? I would have gone well rounded.

Re:Square? (0)

Anonymous Coward | about 2 years ago | (#42720707)

Squarest? -1 troll? I would have gone well rounded.

To be fair, the person who wrote the article is just a reporter and probably failed at math in an American school.

From the article:

I'm an experienced writer, reporter and industry analyst with a decade of experience covering IT

First (0)

Anonymous Coward | about 2 years ago | (#42720543)

I think this idea is good because exploits on the open market are worth a lot less than what they are offering.

Niggers are criminals (-1, Troll)

SparrowOS (2792265) | about 2 years ago | (#42720553)

have fun with cereal box decoder rings and shit.

Exploits are worth more... (0)

Anonymous Coward | about 2 years ago | (#42720575)

Aren't exploits worth more than this?

It's about time (-1)

Anonymous Coward | about 2 years ago | (#42720607)

Google went and fucked themselves.
The bunch of tedious arseholes.

Cost of business (3, Interesting)

girlintraining (1395911) | about 2 years ago | (#42720649)

For exploits like that, the black market still pays somewhat better than Google is. All I'm saying is, if I were sitting on a chrome exploit that allowed remote code execution, I wouldn't sell it for a measily $150 grand. That's worth a couple million, easy.

Re:Cost of business (2)

kwerle (39371) | about 2 years ago | (#42720661)

I'll bite:
Where? Who is paying that kind of money?

Re:Cost of business (1)

SomePgmr (2021234) | about 2 years ago | (#42720721)

http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/ [forbes.com]

Chrome: $80-200k

Of course, one is legal and legit and the other is pretty evil. So for some people I imagine it's the only real option.

Re:Cost of business (1)

SomePgmr (2021234) | about 2 years ago | (#42720805)

I really should have said, I don't know that there's anything illegal about selling an exploit to your own government, even if it's through a broker (as is the case in the article).

But comparatively evil? I would say so. I think I'd rather get paid pretty well and just have Google fix the software for everyone.

Such activities are out of my league anyway, though.

Re:Cost of business (3, Insightful)

girlintraining (1395911) | about 2 years ago | (#42720825)

Chrome: $80-200k

Keep in mind, that's the sale price; It does not mean you get it exclusively. You can sell it to multiple parties, unlike Google.

Re:Cost of business (0)

Anonymous Coward | about 2 years ago | (#42720967)

Although there is a bit more risk dealing with that kind of business, and getting such payments even after you have found buyer(s).

Re:Cost of business (1)

cheater512 (783349) | about 2 years ago | (#42721169)

Who says you can't 'sell' it to Google too? They don't need to know it was you who sold it to botnet makers.

Re:Cost of business (1)

bobthesungeek76036 (2697689) | about 2 years ago | (#42721303)

Maybe you should read the article:

"...Each price assumes an exclusive sale, the most modern version of the software, and, of course, not alerting the software’s vendor..."

Re:Cost of business (1)

girlintraining (1395911) | about 2 years ago | (#42722947)

Maybe you should read the article:

Oh, I read it. I also saw a rather large blinking red arrow over the word "Assumed" that comes from real world experience with such things, unlike the journalist. Expecting a criminal to keep up his end of the bargain when there's potentially millions to be made selling to multiple parties is like expecting a terrorist to care his car bomb is taking up TWO parking spaces.

Re:Cost of business (1)

webmistressrachel (903577) | about 2 years ago | (#42723643)

I'm quite sure that any terrorist is likely to ensure that he takes great care over how his car bomb is parked, right down to the number of spaces.

First, he wants to ensure that bomb damages the target, and even more importantly the bomb has to go off.

Do you think somebody handbraking untidily across car parking spaces and jumping out in the way you imply isn't going to arouse suspicion? Obviously, he's unlikely to want to be caught, too, your analogy simply isn't working. Also, a lot of 'criminals' want to "go straight" and Google is offering them a perfect opportunity here.

Re:Cost of business (1)

girlintraining (1395911) | about 2 years ago | (#42723913)

Do you think somebody handbraking untidily across car parking spaces and jumping out in the way you imply isn't going to arouse suspicion?

In many locales, parking a car correctly and legally is out of the ordinary. Also... they tend to blow them up as soon as they're out of range... so I don't think anyone's going to call the bomb squad because someone double-parked... at least not before the boom.

Re:Cost of business (1)

webmistressrachel (903577) | about 2 years ago | (#42732885)

"In many locales, parking a car correctly and legally is out of the ordinary"

I'm not sure how many high-profile terrorist targets thare are where parking properly would be out of the ordinary - but I'm pretty sure there's not many. Dump your van near our big mall in Manchester and you'd have people onto you fairly quickly. Through a combination of pedestrianisation and planned parking, the risk to the mall is greatly reduced. Can you town say this? Maybe if it's "out of the ordinary" to park normally near where you live, you need to look at your local planning and "safety by design, not force" policies.

Re:Cost of business (0)

Anonymous Coward | about 2 years ago | (#42730767)

NSA, FBI, Chinese Government, the mafia. They all need 0-days and have plenty of cash.

Re:Cost of business (1)

bobthesungeek76036 (2697689) | about 2 years ago | (#42720671)

And you would have to pay taxes on the $150K...

Re:Cost of business (1)

RedHackTea (2779623) | about 2 years ago | (#42721141)

Eh, I'd rather take the money legally.

How will you make the swap between money and code? You'll have to make 100% sure that the buyer is not an undercover FBI agent. If he's not, then you'll have to make 100% sure that you can trust the middleman so that you don't get gutted like a pig (buyer pays middleman half of what he would pay you for this). If the buyer and middleman check out, then you'll have to have a mechanism/person to verify the money. If all of that checks out, you'll never be able to put that money in the bank. You'll have to keep it under your mattress or move to another country.

So if you already have money (to buy the "verifiers" and bodyguards) and "good" connections and you no longer wish to see your friends/family (and don't mind looking over your shoulder for "black helicopters" for the rest of your life), then you're fine. Wait a second... Code Monkies are generally loners/outcasts... have a decent paying job... and are always paranoid anyway...

See you guys later!

Re:Cost of business (1)

DrEldarion (114072) | about 2 years ago | (#42721267)

It's not just about the money. You get:

1) Assurance that you'll actually get paid instead of completely ripped off.
2) Assurance that you won't be found out and brought up on legal charges.
3) The publicity that comes with Google publishing your name as someone who's better than they are at finding vulnerabilities.
4) The money.

Re:Cost of business (1)

jopsen (885607) | about 2 years ago | (#42723813)

It's not just about the money. You get:

1) Assurance that you'll actually get paid instead of completely ripped off. 2) Assurance that you won't be found out and brought up on legal charges. 3) The publicity that comes with Google publishing your name as someone who's better than they are at finding vulnerabilities. 4) The money.

5) The ability to sleep at night.

(Having a clear conscious isn't worthless, after all money is only money)

Re:Cost of business (1)

DragonWriter (970822) | about 2 years ago | (#42721551)

For exploits like that, the black market still pays somewhat better than Google is.

Yes, but if you get caught, you can lose anything you got paid (as the profits of crime) plus go to jail.

Whereas if you sell to Google, you get money, publicity that you can use openly outside of the black market world, and you don't have to worry about going to jail for it.

Also, some people have moral codes which would discourage selling exploits on the black market, but not seeking rewards through something like Pwnium.

Re:Cost of business (1)

RivenAleem (1590553) | about 2 years ago | (#42728413)

Isn't that what separates criminals from the rest of us? I know that I could earn more money doing illegal activities than where I work right now.

Pi Million Dollars? (5, Funny)

Anonymous Coward | about 2 years ago | (#42720681)

That just ain't rational.

Re:Pi Million Dollars? (3, Informative)

steelfood (895457) | about 2 years ago | (#42721163)

At least it's real.

Re:Pi Million Dollars? (1)

Anonymous Coward | about 2 years ago | (#42721259)

It's like, transcendental, man.

mis-misread that headline (0)

beep54 (1844432) | about 2 years ago | (#42720685)

At first, it looked like Goolge was offering a million dollars to the (Rasberry) Pi and I was gonna joke on that, but....

Re:mis-misread that headline (1)

YurB (2583187) | about 2 years ago | (#42721301)

Same here.

Too bad (-1)

Anonymous Coward | about 2 years ago | (#42720705)

It's not tau dollars.

That amount (0)

Anonymous Coward | about 2 years ago | (#42720747)

is irrational

They're going to have a problem with that. (1, Funny)

EmagGeek (574360) | about 2 years ago | (#42720763)

pi * 10E6 != 3141592.65

Rounding (1)

tanujt (1909206) | about 2 years ago | (#42720779)

The bank is going to round that pi up.

It'll be more like a pie.

Cheapskates (1)

bistromath007 (1253428) | about 2 years ago | (#42720851)

Are you telling me Google can't afford tau million dollars?

Re:Cheapskates (1)

Nemyst (1383049) | about 2 years ago | (#42720911)

Google were never really into taoism, but they sure like pie.

I'd like a slice of that Pi, please. (2)

plalonde2 (527372) | about 2 years ago | (#42721007)

But if they were really trying to be correct they'd have made the price Tau dollars.

Chrome is not full of holes... (0)

Anonymous Coward | about 2 years ago | (#42721137)

Reading comments here one would think that because such an exploit could potentially be worth more on the black, illegal, market, then it means everyone finding an exploit shall sell it to the mafia. So they kneejerk thinking: "software can never be secure, Chrome is full of holes and they're all for sale on the black market".

This is so wrong. That's not how it works.

The way it works is this: because Google is offering lots of money for exploits, there are a *lot* of white-hat security hackers that are going to try to find an exploit. These people would never have tried to hack Chrome with the intent to sell their exploit on the black market.

My guess is that very few exploits are going to be found because security was at least somehow in the mind of the Chrome developers (something that is sadly not true for most devs out there: security seems to nearly always be an afterthought).

I'll make a better one: find me one buffer overflow in the seL4 microkernel and I'll sell my appartment and give the money + all my economy to you. Wanna try? Oh, that's too bad: it has been formally proven that the seL4 microkernel is immune to buffer overflows using automated proof verification software (it found 160 bugs in 7 500 lines of code, but they've all been fixed now).

So, please, people... Stop thinking sofware insecurity and exploits are a fatality. They're not. It's just that hardly anyone does conceive software with security in mind.

Better than 'e' (0)

Anonymous Coward | about 2 years ago | (#42721203)

It would have been more appropriate to be a Googol" [wikipedia.org] .

Cracking, not hacking (2)

YurB (2583187) | about 2 years ago | (#42721399)

This is a cracking contest: the goal is to break stuff. If the goal was to write a new compiler or OS, then I would call it hacking. Yep, only geeks use that word that way, but isn't Slashdot a geeky site? I believe it's a good idea to promote the distinction between hacking and cracking, because otherwise Gnu/Linux (and possibly things like Wikipedia) could be called 'cancer' again. And yet they are the opposite.

Re:Cracking, not hacking (1)

MatrixCubed (583402) | about 2 years ago | (#42721765)

RTFW [wikipedia.org]

And stop being so goddamn pedantic.

Re:Cracking, not hacking (1)

YurB (2583187) | about 2 years ago | (#42723547)

Someone has to be "goddamn pedantic".

Re:Cracking, not hacking (1)

MatrixCubed (583402) | about 2 years ago | (#42726927)

You're absolutely right. Thanks for making the world a better place, one nitpick at a time.

Re:Cracking, not hacking (0)

Anonymous Coward | about 2 years ago | (#42722891)

The word has both meanings now. Get over it.

Re:Cracking, not hacking (2)

YurB (2583187) | about 2 years ago | (#42723585)

Exactly. It has both meanings, but most people don't know that. If we used the word more carefully, we'd be educating more people that there's some difference between those hackers who have built Gnu/Linux, and those who and steal money from bank accounts. The problem is that most people don't know the other meaning. Why not let them know by occasionally using the 'cr' instead of 'h'? It's only one extra byte.

Re:Cracking, not hacking (0)

Anonymous Coward | about 2 years ago | (#42723767)

Keep fighting the good fight. We should not lose our language. We used to have freedom fighters, and are now left with terrorists.

Moreover, peers would have no reason to not reciprocate respect.

Raspberry Pi (1)

argee (1327877) | about 2 years ago | (#42721807)

Here, for a few seconds, I thought they were donating a million dollars to the
Raspberry Pi people. A noble cause in itself.

Alas, further reading disavowed me of *that* idea.

Re:Raspberry Pi (1)

arth1 (260657) | about 2 years ago | (#42724545)

Here, for a few seconds, I thought they were donating a million dollars to the
Raspberry Pi people. A noble cause in itself.

What would be noble about it?
Noble isn't a synonym for "donating to a non-profit".

Wouldn't that be the roundest company? (1)

fwc (168330) | about 2 years ago | (#42722955)

After all, a square company wouldn't know anything about circles....

Msoft (1)

empties (2827183) | about 2 years ago | (#42723841)

Meanwhile, Microsoft is offering a free copy of Windows 8 to anyone who cracks Windows 8. Accounting for pi percent of their anemic sales [zdnet.com] .

Apple should do this (1)

TheSkepticalOptimist (898384) | about 2 years ago | (#42725551)

Apparently Google is being sued in the EU because they found a way to exploit Safari's security and put device persistent cookies in spite of privacy settings.

Of course, Apple would go bankrupt if people actually started poking at Safari security.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?