Google Native Client Security/Hacking Contest – Win $8,192 USD!


What is Native Client?

Native Client is an open-source research technology for running x86 native code in web applications, with the goal of maintaining the browser neutrality, OS portability, and safety that people expect from web apps. We’ve released this project at an early, research stage to get feedback from the security and broader open-source communities. We believe that Native Client technology will someday help web developers to create richer and more dynamic browser-based applications.

About the contest

Do you think it is impossible to safely run untrusted x86 code on the web? Do you want a chance to impress a panel of some of the top security experts in the world? Then submit an exploit to the Native Client Security Contest and you could also win cash prizes, not to mention bragging rights.

What is the contest

This is a contest with the goal to test the security of Native Client.

To participate, you will need to:

  • Register yourself (or your team)
  • Download our latest build
  • Join the NaCl discussion group
  • Report the exploits you find to our team

When

You can register for the contest on Wednesday, February 25th 2009. The contest will end on Tuesday, May 5th 2009 at 11:59:59 Pacific time. Sign up early to start reporting exploits as soon as possible.

What’s in it for you

Participating in the contest means that you will engage with early stage research technology. In addition, your work will be reviewed by a panel of security experts from some of the world’s most renowned universities, chaired by Edward Felten of Princeton University. Finally, by submitting high impact bug(s), you will also have the chance to compete to win one of our five cash prizes, as well as the recognition of your peers.

Eligible participants that are ranked in the top 5 positions of the competition by Judges will receive the following awards in U.S. Dollars based on their rank:

1st prize: $8,192.00
2nd prize: $4,096.00
3rd prize: $2,048.00
4th prize: $1,024.00
5th prize: $1,024.00

Winning Entries will be announced on or about December 7th.

Details at:

http://code.google.com/contests/nativeclient-security/

Posted in: Hacking News, Secure Coding

, ,


Latest Posts:


Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.


4 Responses to Google Native Client Security/Hacking Contest – Win $8,192 USD!

  1. Deezy March 9, 2009 at 4:36 pm #

    How is this different than ActiveX?.. Other than it’s open and not done by MS

  2. navin March 9, 2009 at 5:19 pm #

    very weird, what with fractals shown on the nativeclient page, and the weird number of $8192 for a prize…..its more of a try to hack my app kinda contest!!

  3. HyPnOtIcHaCkEr March 10, 2009 at 12:16 pm #

    1st prize: $8,192.00/1024=8
    2nd prize: $4,096.00/1024=4
    3rd prize: $2,048.00/1024=2
    4th prize: $1,024.00/1024=1
    5th prize: $1,024.00/1024=1

    its all in megabytes…

  4. Morgan Storey March 10, 2009 at 12:16 pm #

    Deezy, I think google would have put more thought into having a security model than the ActiveX guys did who did it pre the big push for web security, and under a limited time frame. From a cursory glance it looks like it is running in a sandbox or virtual OS spawned by the client, something posix compatible.
    That being said, it looks cool, but I am not sure I like its security implications. Some really nifty stuff can be done with raw x86 code and I am sure some pretty tricky viruses, break-out of the sandbox and it is all over.