$5,000 of bounties are offered in Metasploit exploit race

BOUNTIES ARE UP FOR GRABS by computer users who can submit valid exploits in thirty different areas, with a total cash payout of $5,000 on offer.

The competition is being held by the team behind Metasploit, an open source software framework used to test how secure a system is against cyber attacks, and which with the recent increase in hacking cases around the world will undoubtedly become a popular tool.

There are five prizes of $500 and 25 prizes of $100 on offer. Entrants must pick an unclaimed vulernability and develop a valid exploit for it, which they must then email to the Metasploit team. Only one claim per user is permitted.

In the top slot, would-be exploiters are tasked with finding holes in the pre-11.0.696.71 build of Google Chrome that fails to properly handle blobs' execution of arbitrary code.

The remaining four of the big prizes involve Lotus Notes, IBM Trivoli Directory Server, a vulnerability in DNS Resolution for remote code execution, and a vulnerability in GDI+ for the same. All four of these have been claimed, but the bounty for Google Chrome is up for the taking.

The remaining 25 possible exploits range from IBM server vulnerabilities and a Microsoft Windows memory corruption error to Mozilla Firefox and Apple Safari vulernabilities, while there's also still another Google Chrome vulnerability on offer. Twelve of the 25 have been exploited so far, leaving $1,300 left to claim.

It's interesting that Chrome tops the list and that the attacks on it so far have been largely unsuccessful. Google has prided itself on the security of its web browser, offering a $3,133 bounty against successful exploits and for having escaped the Pwn2own exploit contest unscathed.

An exploit was later found by Vupen, but not in time to claim the prize. With the Metasploit contest running until July 20, it remains to be seen if either of the two Chrome bounties will be taken. µ