Hackers fear regulations ahead of Pwn2Own

Pwn2Own contest organisers have issued a warning saying that certain regulations could put foreign hackers exploiting vulnerabilities to risk, and urged them to seek legal advice before entering the contest.

The regulation in question is called the Wassenaar Arrangement, a 42-nation effort aimed at "promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies".

[embed]https://twitter.com/i0n1c/status/565931766868094976[/embed]

This basically means that even talking about infosec research abroad could land a hacker in trouble.

Pwn2Own is a contest in which hackers are asked to develop exploits and pop software in live demonstrations. After the demonstration, bigger vulnerabilities are bought by the organiser HP TippingPoint and given to the owners, so that they may patch themselves up.

The issues with the Arrangement were pointed out by the Chaos Computer Club (CCC), but some assurances were given that it was not created to hinder research, but to stop illegal activity.

Chaouki Bekrar, former co-founder of exploit brokers Vupen, and other industry bods reported the email alert over Twitter, the Register writes.

"Exploits are export controlled items and participants should work with their legal counsel on proper handling," the Zero Day Initiative email was reported as saying.

This year the event will be held at the CanSecWest security conference in Canada March 18 and 19.

The contest will reward hacks with $75,000 (£46,760) for flaws for 64 bit Google Chrome; $65,000 (£42,260) for 64 bit Microsoft Internet Explorer, and $60,000 (£39,000) for Adobe Reader or Flash running on that browser; $30,000 (£19,510) for Mozilla Firefox, and $50,000 (£32,510) for Apple's 64 bit Safari browser running on OS X Yosemite.