>For the first time in its ten-year history, the annual Pwn2Own hacking competition is taking direct aim at Linux. Pwn2Own in the past has typically focused mostly on web browsers, running on Windows and macOS. There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10. The bigger prize though is a massive $200,000 award for exploiting Apache Web Server running on Ubuntu.
Wow, pretty intesting to see what will come of this.
Jason Miller
good, they'll find bugs and the resulting patches for them will make Linux more secure
James Clark
>idiots on Sup Forums will still say 'lol linux=insecure' even after bugs and exploits are found and fixed
Ryder Hernandez
Sup Forums is going to be overrun with more Sup Forumsedditors than usual with garbage shitpost threads.
Gavin Mitchell
Yep I'm actually interested on what they'll find What?
Christian Rodriguez
There's nothing to be overrun, if you haven't noticed, there hasn't been a reasonable thread here in a very long time.
Asher Hernandez
This is actually a good thing, anything they dig up will be immediately fixed.
Jaxon Adams
Shit like gets posted by unfunny Sup Forumsedditors every time a linux exploit is found.
Luke Taylor
don't act like you'll be able to tell the difference
Gavin Howard
Sup Forums tends to go more about muh gaymes and other trash they use windows for.
Cooper Richardson
lol linux is an insecure piece of shit (just like it's users)
Dominic Lewis
...
Justin Ortiz
LINUX BTFO LINUX IS FINISHED AND BANKRUPT
Charles Roberts
>ubuntu lol shouldn't be that difficult
Henry Sanchez
>Implying you can do anything similar
Cameron Turner
It's not Linux that will be more secure, it's that the bugs will be fixed in webservers such as nginx, apache and so on, resulting in a more bugfree ecosystem, but I highly doubt that Linux itself, or any other kernel for that matter would be responsible for a bug in say, apache
Matthew Green
yeah it will be.
>There is a $15,000 reward for security researchers that are able to get a local user kernel exploit on Ubuntu 16.10
that sounds a lot like they'll be looking for things like local escalation-of-privilege attacks and stuff
Charles Davis
f**king PWND n00bs XD
Samuel Thompson
Would $200,000 be worth it for a greyhat?
I mean, you get the notoriety (plus it'd look killer on your resume/CV) and 200k in cold hard, legal cash but I imagine a blackhat could sell a remote apache vuln for much more.
Dylan Bell
I'd say yes. A big bounty like that is enough of a feather in your cap to get you some pretty lucrative security jobs. The blackhat route might pay more, but to keep getting paid you need to keep finding holes.
Guess it depends on your risk/reward appetite though
Thomas Green
>tfw could easily do this but too lazy
Asher Lee
Why you gotta lie to yourself
Jeremiah Peterson
Is that what you told yourself in high school
Samuel Cook
/thread
Joshua Stewart
Wait, did canonical ever even release 16.10?
Kayden Scott
Good shite.
Bounties are a great way of rushing your devs to fix stuff if you have the money. Goat model of open source development here.
Sebastian Hernandez
>Researchers that target Linux will be awarded $15,000 if they can leverage a kernel vulnerability to escalate privileges. The same feat on Windows will earn a researcher $30,000, while a macOS escalation of privilege will be rewarded with $20,000.
You'd think that in the grand scheme of things finding a kernel vulnerability in Linux would be worth more than that of Windows or macOS
Henry James
Far more people run Windows and even macOS.
Noah Adams
And how many of these Windows and macOS oses run a service that would enable you to remotely execute such vulnerability?
I doubt these people are interested in someone physically attacking the machine no?
Jeremiah Wilson
many of those Windows and Mac machines have a dumb user who will execute your code for you. Show of hands, who here has had to teach a normie that they shouldn't run random programs they find on shady sites?
Most Linux machines are servers who have a sysadmin looking after them. Who is at least somewhat more competent than your average grandma about securing shit.
Levi Perez
>15k for linux privesc >30k for windows privesc
that's all they're worth? must be a lot of them out there.