>For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
eweek.com
Wow, pretty intesting to see what will come of this.
good, they'll find bugs and the resulting patches for them will make Linux more secure
>idiots on Sup Forums will still say 'lol linux=insecure' even after bugs and exploits are found and fixed
Sup Forums is going to be overrun with more Sup Forumsedditors than usual with garbage shitpost threads.
Yep
I'm actually interested on what they'll find
What?
There's nothing to be overrun, if you haven't noticed, there hasn't been a reasonable thread here in a very long time.
This is actually a good thing, anything they dig up will be immediately fixed.
Shit like gets posted by unfunny Sup Forumsedditors every time a linux exploit is found.
don't act like you'll be able to tell the difference
Sup Forums tends to go more about muh gaymes and other trash they use windows for.
lol linux is an insecure piece of shit (just like it's users)
...
LINUX BTFO
LINUX IS FINISHED AND BANKRUPT
>ubuntu
lol shouldn't be that difficult
>Implying you can do anything similar
It's not Linux that will be more secure, it's that the bugs will be fixed in webservers such as nginx, apache and so on, resulting in a more bugfree ecosystem, but I highly doubt that Linux itself, or any other kernel for that matter would be responsible for a bug in say, apache
yeah it will be.
>There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10
that sounds a lot like they'll be looking for things like local escalation-of-privilege attacks and stuff
f**king PWND n00bs XD
Would $200,000 be worth it for a greyhat?
I mean, you get the notoriety (plus it'd look killer on your resume/CV) and 200k in cold hard, legal cash but I imagine a blackhat could sell a remote apache vuln for much more.
I'd say yes. A big bounty like that is enough of a feather in your cap to get you some pretty lucrative security jobs. The blackhat route might pay more, but to keep getting paid you need to keep finding holes.
Guess it depends on your risk/reward appetite though
>tfw could easily do this but too lazy
Why you gotta lie to yourself
Is that what you told yourself in high school
/thread
Wait, did canonical ever even release 16.10?
Good shite.
Bounties are a great way of rushing your devs to fix stuff if you have the money.
Goat model of open source development here.
>Researchers that target Linux will be awarded $15,000 if they can leverage a kernel vulnerability to escalate privileges. The same feat on Windows will earn a researcher $30,000, while a macOS escalation of privilege will be rewarded with $20,000.
You'd think that in the grand scheme of things finding a kernel vulnerability in Linux would be worth more than that of Windows or macOS
Far more people run Windows and even macOS.
And how many of these Windows and macOS oses run a service that would enable you to remotely execute such vulnerability?
I doubt these people are interested in someone physically attacking the machine no?
many of those Windows and Mac machines have a dumb user who will execute your code for you. Show of hands, who here has had to teach a normie that they shouldn't run random programs they find on shady sites?
Most Linux machines are servers who have a sysadmin looking after them. Who is at least somewhat more competent than your average grandma about securing shit.
>15k for linux privesc
>30k for windows privesc
that's all they're worth? must be a lot of them out there.