Charlie Miller Looses Interest in CanSecWest Pwn2Own Contest, Stays Home
For the first time in years, Charlie Miller will not be attending CanSecWest, where he holds a record-breaking hat trick winning streak in the Pwn2Own vulnerability contest. Charlie Miller told CyberJungle Radio tonight that he is staying away due in part, to the winner-take-all, entrants picked at random, nature of the rules.
The Pwn2Own contest is a high-profile event that highlights the solitary work of security researchers that stare in front of code looking for vulnerabilities, or run fuzzing programs that try to find combinations of characters that spring open a previously-unpublished pathway further into a system. Successful contestants can win tens of thousands at Pwn2Own, and significant notoriety.
According to the contest rules, the first contest entrant to successfully breach IE, Firefox, Safari, Chrome browser, or a Google Android, Blackberry, or Windows 7 Phone wins $15,000 ($20,000 if Chrome is breaches). But there is the rub. The contestants don’t start at the same time. Each contestants are randomly chosen to determine their order in demonstrating their attack. Only the first contestant to breach one browser, and the first contestant to breach one phone wins one of the two cash prizes.
In previous years, there were just a handful of contestants, so the odds were pretty good for a skilled security researcher to get a crack at either a browser or phone platform. But with the success and popularity of the contest, a much larger number of contestant entered this year. So many entrants have entered this year, that Charlie Miller feels that luck will play a greater roll than skill, and others will win the contest before he can even get his hands on a keyboard. If by chance the entrants before Miller fail to breach a browser and a phone, Charlie told CyberJungle radio that a proxy contestant at the event will follow Miller’s instructions using successful attacks Miller has created.
CyberJungle Radio also spoke with CanSecWest spokesperson, Dragos. Dragos said that Charlie Miller’s complaints may have some validity. According to Dragos, it is probably too late to change the rules this year, but the rules may be changed next year due to the complaints highlighted by Mr. Miller.
We’ll have more on this story in the next episode of CyberJungle Radio.