Pwn2Own ndeye kukwikwidza kukwikwidza inoitwa gore rega pamusangano weCanSecWest wekuchengetedza, kutanga muna 2007. Vatori vechikamu vanotarisana nedambudziko rekushandisa software uye nhare mbozha inowanzoshandiswa neazvino kusazivikanwa kusagadzikana.
Vanokunda mumakwikwi vanogashira chishandiso chavakashandisa, mubairo wemari, uye “MastersKupemberera gore rekukunda kwake. Zita rekuti "Pwn2Own" rakatorwa kubva pachokwadi chekuti vatori vechikamu vanofanira "pwn" kana kubaya chishandiso kuitira kuti "ive yavo" kana kuikunda.
Mumakwikwi Pwn2Own inoshandiswa kuratidza kushomeka kwemidziyo inoshandiswa zvakanyanya uye software uye inopawo cheki yekutarisa kufambira mberi kwakaitwa mukuchengeteka kubvira gore rapfuura.
Nezve Pwn2Own 2020
Mune ino nyowani shanduro yePwn2Own 2020, mune rino gore makwikwi akaitwa zvese uye kurwiswa kwakaratidzwa online, nekuda kwematambudziko akagadzirwa nekupararira kweCornonavirus (Covid-19), kuve ino inguva yako yekutanga murongi Zero Zuva Initiative (ZDI), vafunga kuronga chiitiko kubvumira vatori vechikamu kuratidzira kure mabasa ake.
Panguva yemakwikwi nzira dzakasiyana siyana dzebasa dzakapihwa kushandisa kusagadzikana zvaisazivikanwa kare muUbuntu Desktop (Linux kernel), Windows, macOS, Safari, VirtualBox uye Adobe Reader.
Huwandu hwese hwekubhadhara hwasvika mazana mazana maviri nemakumi masere emadhora (Iyo yakazara mubairo dziva yaive pamusoro peUS $ 4 mamirioni).
Muchidimbu, mhedzisiro yemazuva maviri emakwikwi Pwn2Own 2020 inoitwa gore rega pamusangano weCanSecWest ndeiyi inotevera:
-
- Munguva yezuva rekutanga rePwn2Own 2020, timu kubva kuGeorgia Software uye Security Lab Tech Maitiro (@SSLab_Gatech) Safari kubira pamwe nemacOS kernel nhanho mukana wekukwira uye tanga karukureta nerombo remidzi. Iyo yekurwisa cheni yaisanganisira matanhatu kudzvinyirira uye yakabvumira timu kuti iwane $ 70,000.
- Panguva yechiitiko Manfred Paul anobva ku "RedRocket" anga achitarisira kuratidzira kukwidziridzwa kweropafadzo dzemuno muUbuntu Desktop kuburikidza nekushandiswa kwekusagadzikana muLinux kernel inosanganisirwa nekusarongeka kwechokwadi kwekuisa kukosha. Izvi zvakaita kuti akunde mubairo we $ 30.
- Tambien kuratidzwa kwakaitwa kwekusiya nharaunda yevashanyi muVirtualBox uye kuitisa kodhi nekodzero dzehypervisorNekushandisa zvishuwo zviviri: kugona kuverenga data kubva kunharaunda iri kunze kwenzvimbo yakapihwa bhagi uye kukanganisa paunenge uchishanda nemhando dzisina kuvhurwa, mubairo wekuratidza chikanganiso ichi yaive $ 40. Kunze kwemakwikwi, vamiririri kubva kuZero Day Initiative zvakare vakaratidza imwe hunyengeri hweVirtualBox, iyo inobvumidza kupinda kune iyo inomiririra system kuburikidza nekunyengedza munzvimbo yevaenzi.
- Zviratidzo zviviri zve runyararo rwemuno kukwira muWindows nekushandisa zvakashata izvo zvinotungamira mukuwaniswa kwenzvimbo yekurangarira yakatosunungurwa, nemibairo miviri iyi yemakumi mana ezviuru zvemadhora imwe neimwe yakapihwa.
- Tora maneja kupinda muWindows kana uchivhura gwaro rePDF yakagadzirirwa muAdobe Reader. Kurwiswa kunosanganisira kushomeka muAcrobat uye muWindows kernel inoenderana nekuwana ndangariro nzvimbo dzakatoburitswa ($ 50 mubairo).
Kusara kusingazivikanwe kusarudzwa kwakaendeswa kubira Chrome, Firefox, Edge, Microsoft Hyper-V Client, Microsoft Office, uye Microsoft Windows RDP.
Paive zvakare kuyedza kubira VMware Workstation, asi kuyedza hakuna kubudirira. Segore rapfuura, kubiridzira kwemazhinji emapurojekiti akavhurwa (nginx, OpenSSL, Apache httpd) haina kupinda muzvikamu zvemubairo.
Tsiyana, tinogona kutarisa nyaya yekubiridzira Tesla mota ruzivo masisitimu.
Pakanga pasina kuyedza kubira Tesla mumakwikwi.a, kunyangwe hazvo mari yepamusoro yemadhora zviuru mazana manomwe, asi paive neruzivo rwakaparadzaniswa nezvekuonekwa kwekutambudzika kweDOS (CVE-2020-10558) muTesla Model 3, iyo inobvumidza kudzima peji rakasarudzika mune yakavakirwa-mukati mubhurawuza autopilot notisi uye kukanganisa mashandiro ezvinhu zvakaita sesipimeter, navigator, mhepo inodziya, yekufambisa system, nezvimwe.
mabviro: https://www.thezdi.com/