Взялись за кого-то конкретного...

Sep 15, 2017 02:48

Sep. 13, 2017 - ZERODIUM, the premium zero-day acquisition platform, announces and hosts a Tor Browser Zero-Day Bounty. ZERODIUM will pay a total of one million U.S. dollars ($1,000,000) in rewards to acquire zero-day exploits for Tor Browser on Tails Linux and Windows. The bounty is open until November 30th, 2017 at 6:00pm EDT, and may be terminated prior to its expiration if the total payout to researchers reaches one million U.S. dollars ($1,000,000).

With the increased number (and effectiveness) of exploit mitigations on modern systems, exploiting browser vulnerabilities is becoming harder every day, but still, motivated researchers are always able to develop new browser exploits despite the complexity of the task, thanks to their skills and a bit of scripting languages such as JavaScript. Today, ZERODIUM sets the bar even higher with a new technical challenge: develop a fully functional zero-day exploit for Tor Browser with JavaScript BLOCKED! Exploits for Tor Browser with JavaScript allowed are also accepted/eligible but have lower payouts (see below).


Q: Why are you launching this special bounty for Tor Browser?

A: While Tor network and Tor Browser are fantastic projects that allow legitimate users to improve their privacy and security on the internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse. We have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all.

Полагаю, что речь не только о crime...

Кстати, задача по Tor по сравнению с остальными задачами значительно проще, т.к. там используется Firefox (абсолютно беззащитный в сравнении с остальными браузерами), да еще и ESR edition. Думаю, exploit-maker'ам такое предложение будет по душе. Т.е. это не сравнить с эксплоитами для Chrome.

Общая информация по ценам и направлениям интересов:
(до $500K за Signal, Telegram и др. мессенджеры -- думаю, в ту же степь; выше только iOS)

tor, мессенджеры, exploits, nsa, signal, telegram

Previous post Next post