
Google pledges $2 million in prizes to hackers who exploit Chrome  - evo_9
http://arstechnica.com/security/2012/08/google-pledges-million-in-hacking-prizes/
======
DanielRibeiro
Limiting Daniel J. Bernstein to _the creator of djbdns_ is quite an
understatement. He is a very important cryptographer, to say the least[1].

Specially for a man that has been ulogized[2,3] as _the greatest programmer in
the history of the world._

HN has in the past done a good job telling his great story[4]

[1] <http://en.wikipedia.org/wiki/Daniel_J._Bernstein>

[2] <http://www.aaronsw.com/weblog/djb>

[3] <http://news.ycombinator.com/item?id=890034>

[4]
[http://www.hnsearch.com/search#request/all&q=Bernstein+&...](http://www.hnsearch.com/search#request/all&q=Bernstein+&sortby=points+desc)

~~~
casca
So true, djb is a legend in the field. To give an example, he wrote qmail as a
replacement for sendmail and the last stable release was in 1998. There have
been no identified security vulnerabilities in that time. If you want to learn
how to program securely, read ""Some thoughts on security after ten years of
qmail 1.0" - <http://cr.yp.to/qmail/qmailsec-20071101.pdf>

------
casca
Link to the actual announcement: <http://blog.chromium.org/2012/08/announcing-
pwnium-2.html>

If I had a "Full Chrome exploit: Chrome / Win7 local OS user account
persistence using only bugs in Chrome itself", I could sell it for far more
than the $60k on offer. Why not offer $1m?

~~~
mda
Nowadays this sort of exploits in Chrome uses a chain of several bugs,
(remember flash now runs in a strong sandbox as well); I would say it is
probable that your exploit would be obsolete before you find a real buyer in
the market. So I would argue that taking the money on the table immediately
would be the right thing to do. Also added bonus karma of not dealing with
shady organizations, compromising innocent peoples computers, etc.

