Talk:Pwn2Own

what is "At and Chrome" — Preceding unsigned comment added by 2600:6C5E:2F7F:7807:94E8:B1BA:269:DC1E (talk) 08:37, 18 August 2023 (UTC)

related information and links

 * Charlie Miller (security researcher)
 * some links can be found at favbrowser

mabdul 16:12, 10 April 2010 (UTC)

so where'd they get the silly name?
and what does it mean, if anything? —Preceding unsigned comment added by 134.223.116.201 (talk) 22:21, 8 June 2010 (UTC)

It has some significance in certain Internet circles, specifically the ones that the people participating in this contest frequent. The name is not an English name, and is in fact a L337 name. Specifically, the name comes from the L337 word "pwn" and the English word "own" (which pwn was derived from). The "2" part comes from the fact that "two", "to", and "too" are all pronounced the same, and therefore are sometimes all written as "2" on the Internet, especially when typing speed matters, such as when playing a video game. Charwinger21 (talk) 10:27, 17 January 2011 (UTC)

The the lack of a definition of "pwn2own" represents a glaring omission in my mind. I cannot find any definitive source on the definition, but here is what I propose for the text:


 * The name "pwn2own" is a compound word combining the slang leetspeak term pwn, which means to compromise or assume control of something (usually in the realm of information technology), the "2", which is shorthand for "to", and the standard English word "own". As is evident in the article, the name means to gain ownership of a host operating system by exploiting security flaws in web browsers. — Preceding unsigned comment added by General Ludd (talk • contribs) 17:09, 8 March 2011 (UTC)
 * Actually, the "own" part refers to the hackers being awarded the device they "pwn". --illythr (talk) 19:49, 8 March 2011 (UTC)

Page needs more info
I believe this page needs something more elaborate than "Contestants are challenged to exploit specific software." What are the rules? What is meant by exploit? (Remotely, something from the computer itself?)

Page needs more info
I believe this page needs something more elaborate than "Contestants are challenged to exploit specific software." What are the rules? What is meant by exploit? (Remotely, something from the computer itself?) Althepal (talk) 17:25, 10 March 2011 (UTC)

More info is coming!
Hey all, I've added additional detail to the 2007 contest. I frequently attend CanSecWest, I'm friends with Aaron Portnoy (who now runs the contest), and I work with Dino Dai Zovi (who won the contest in 2007). I'll be trying to clean up this entire article over the next few days. If you have any questions, just ask. Thanks! Dguido (talk) 02:40, 1 April 2012 (UTC)

Mobile pwn2own
Is this the right page to add info about mobile pwn2own 2012 at eusecwest? — Preceding unsigned comment added by 78.23.48.110 (talk) 22:36, 27 September 2012 (UTC)

Controversy with Google
"Pwn2Own defended the decision, saying that it believed that no hackers would attempt to exploit Chrome if their methods had to be disclosed." This statement is wrong, and it isn't even mentioned in the reference. The Pwn2Own contest was never about purchasing exploits, it was about demonstrating insecurities of mainstream software and submit a vulnerability to the ZDI program. The ZDI program was intending to back the TippingPoint IPS product which enables some remote defensive capability against some of these vulnerabilities and so was only interested in bugs that could be considered remotely triggerable.

In the ZDI program, it has always been up to the researcher whether they wished to submit a full weaponized exploit or just a proof-of-concept describing the vulnerability. Upon disclosure the weaponized exploit is always reduced to a pseudo-harmless proof-of-concept (defanged) to prevent a vendor from either leaking or abusing the tool. The Pwn2Own contest is simply mirroring the way the ZDI program has always worked, and so due to this policy of the ZDI we were not going to disqualify a user for not wanting to submit a weaponized exploit to the ZDI program+vendor as we were only interested in the remote aspect for the TippingPoint IPS product and to get the vulnerability fixed. This makes Pwn2Own just like iDefense's quarterly challenge just with more of a public face.

Google, as a vendor, wanted to only award a participant if they submitted the weaponized exploit and not just a proof-of-concept demonstrating the vulnerability. Since the exploit is not required to submit to the ZDI program, the amount awarded would've excluded what Google had originally offered to pay. To continue upon this conditional aspect of the rules would've possibly led to misreporting of the earnings won, and since we were not interested in the exploit as it is not a requirement of the ZDI program, there was a conflict of interest. This is why the contest was forked into Pwnium by Google. Simply that ZDI didn't care to see the exploit only the bug, and Google wanted the weapon in order to mitigate it in their browser. 66.68.161.156 (talk) —Preceding undated comment added 03:12, 8 September 2013 (UTC)

Contest 2012
The point system was added in order to add a more-dynamic feel to the Pwn2Own contest as opposed to the instant-fame style of the previous contests. In previous iterations of the contest, a single researcher could've had an arbitrary number of years to sit on a bug and code up an exploit. The original intention was to focus on the software being demolished and hopefully reporting to be focussed on bad software. Unfortunately, the audience was more interested in the participant as opposed to the software. So this new style of game, was intending to provide some stats on the real-world exploitation skill of each participant/team by adding more dynamic rules based on a time-limit. This should allow reporters to be able to write realistically about the exploitation skills of each participant.

The other group of participants at Contest 2012 were Willem Pinckaers (dvorak) and Vinco Iozzo (snagg) 66.68.161.156 (talk) —Preceding undated comment added 03:32, 8 September 2013 (UTC)

External links modified
Hello fellow Wikipedians,

I have just added archive links to 3 one external links on Pwn2Own. Please take a moment to review my edit. If necessary, add after the link to keep me from modifying it. Alternatively, you can add to keep me off the page altogether. I made the following changes:
 * Attempted to fix sourcing for http://cansecwest.com/
 * Added archive https://web.archive.org/20120301071036/http://pwn2own.zerodayinitiative.com:80/rules.html to http://pwn2own.zerodayinitiative.com/rules.html
 * Added archive https://web.archive.org/20120626144034/http://pwn2own.zerodayinitiative.com:80/status.html to http://pwn2own.zerodayinitiative.com/status.html

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Cheers.—cyberbot II  Talk to my owner :Online 21:39, 30 January 2016 (UTC)