Wadanda suka shirya Zero Day Initiative (ZDI) ya sanar da taron Pwn2Own 2019wanda Ana gayyatar masu shiga don nuna dabarun aiki don amfani da raunin da ba a sani ba a baya.
Aukuwa zai faru a ranar 20 zuwa 22 ga Maris a taron CanSecWest a Vancouver. Girman kudin kyautar ya fi dala miliyan biyu da rabi.
Pwn2Own gasa ce ta masu kutse a komputa wanda ake gudanarwa kowace shekara a taron tsaro na CanSecWest, farawa a 2007.
Ana kalubalanci masu halartar suyi amfani da software da na'urori masu amfani da wayar hannu tare da raunin rashin sanin har zuwa yanzu.
Wadanda suka lashe gasar sun karbi na'urar da suka fashe, kyautar kudi da jaket "Masters" na murnar shekarar da suka yi nasara.
Sunan "Pwn2Own" ya samo asali ne daga gaskiyar cewa mahalarta dole ne su "pwn" ko kuma su shiga na'urar ta hanyar "mallaka" ko kuma su ci ta.
Gasar Pwn2Own tana aiki ne don nuna raunin na'urorin da aka saba amfani dasu da kuma software sannan kuma yana ba da abin duba kan ci gaban da aka samu a cikin tsaro tun shekarar da ta gabata.
Game da Pwn2Own 2019
A wannan shekarar hacking din kernel na Linux da kuma mafi yawan ayyukan budewa (nginx, OpenSSL, Apache httpd) an cire su daga gabatarwar lambar yabo.
A cikin 'yan shekarun nan, an iyakance kutse cikin zanga-zangar nuna rashin kwayar cutar ta Linux dangane da raunin ranar Zero a shekarar 2017 wanda ke bawa mai amfani na gari damar daukaka damar su akan tsarin.
Hakanan, rarraba Linux "Ubuntu" an cire shi daga yawan yanayin hacking. Na ayyukan buɗewa, masu bincike kawai (Firefox, Chrome) da VirtualBox sun kasance a cikin nade-naden, amma fa'idar da ake samu a gare su dole ne a nuna ta cikin muhallin Windows.
A lokaci guda, an kara sabon rukuni na lambar yabo ga Tesla Model 3 tsarin hacking din motoci zuwa gasar ta gaba, jimlar adadin kyaututtukan kyaututtuka sun zarce $ 900 dubu.
Nade-naden da ke da alaƙa da Tesla sun haɗa da samun iko akan CAN Bus, barin malware suna aiki bayan sake yi, suna aiwatar da hare-hare a kan modem, mai gyara, Wi-Fi, Bluetooth, tsarin haɓaka, autopilot, da amfani da wayar.
Babban kyauta shine $ 250 a girma, an bayar da shi don aiwatar da lambar sarrafawa a cikin yanayin ƙananan hanyoyin Gateway (haɗi duk tsarin bayanin abin hawa), Autopilot ko VCSEC (tsarin kare lafiya).
Don fara gazawar autopilot, ana ba da kyautar $ 50, don buɗe makullai, kunna injin ba tare da maɓalli ba, da kuma samun iko akan motar CAN - 100, don samun damar shiga tushen tsarin infotainment $ 85.
Game da lada
Nade-naden da ke da alaƙa da fasahar sabar an iyakance su ne da kyautar kutsen da aka yiwa Microsoft Windows RDP (kyautar $ 150).
da An bayar da lada don yin amfani da rauni a aikace-aikacen masu amfani Adobe Reader (dubu 40), Microsoft Office 365 Pro Plus (Dubu 60) da Microsoft Outlook (dubu 100).
Ana neman gabatarwar harin masu bincike don Google Chrome (80), Microsoft Edge (50, 60, da 80), Apple Safari (55 da 65) da kuma Mozilla Firefox (40 da 50).
Daga cikin tsarin kirkirar kirki da ke shiga gasar, VirtualBox (35), VMware Workstation (70), VMware ESXi (150) da Microsoft Hyper-V Client (250).
An bayar da shi daban don gabatarwa don haɓaka gata ta hanyar amfani da rauni a cikin kwayar Windows (dubu 30).
Daga qarshe, babu Pwn2Own da zai cika ba tare da ya nada Jagora na Pwn ba. Tunda an yanke hukuncin yin gasar ne ta hanyar zane bazuwar, mahalarta wadanda zasu iya gabatar da bincike mai girma amma sune na karshe da zasu gabatar zasu sami karancin kudi yayin da zagaye na gaba suka rasa daraja.
Koyaya, maki da aka bayar don kowace nasarar shigarwa baya sauka. Wani zai iya samun mummunan zane kuma har yanzu ya tara ƙarin maki.
Mutum ko ƙungiyar da ke da mafi yawan maki a ƙarshen hamayya za a nada Master of Pwn, karɓi maki 65,000 ZDI
Maraba da wannan sabon aikace-aikacen. Zamu kasance tare da wannan sabon kayan aikin.
Kyautar dala dubu dari da hamsin ta hacking din windows tana da gamsuwa guda biyu wacce bata da kwatancen !!!