Microsoft pays out $100,000 to hacker who exposed Windows security flaws

 

Software giant Microsoft has revealed it is paying a hacker over $100,000 (£62,760) to find security holes in its products.

Well-known British hacking expert, and head of vulnerability research at London-based consulting firm Context Information Security, James Forshaw was awarded one of Microsoft’s biggest bounties after he identified a new “exploitation technique” in Windows operating systems. According to a blog post written by Katie Moussouris, senior security strategist at Microsoft Security Response Centre, he received another $9,400 for identifying security glitches in a preview release of Internet Explorer 11.  His findings have allowed Microsoft to create defences against an entire class of attacks.

Forshaw is a white hat: someone who hacks to help firms in return for a reward. Microsoft’s rival consumer computing brand Apple, as well as social networking website Facebook both recognise white hat hackers with hall of fame pages on their websites.

Microsoft revealed its reward programme in June to bolster efforts to prevent highly skilled cyber attackers from undermining technologies in its software, which runs on the vast majority of personal computers across the globe.

"Microsoft's Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offence to defence. It incentivises researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count." Forshaw told PCMag.com’s SecruityWatch.

He continued: "To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful."

Forshaw was also found several dozen software security bugs and awarded a large prize from Hewlett-Packard for identifying a way to “pwn”, or take ownership of, Oracle Corp’s Java software in a high-profile contest known was Pwn2Own.

Microsoft also released an automatic update to Internet Explorer on Tuesday 8 October 2013 to fix a security bug that it first disclosed earlier in the month. Researchers say hackers initially exploited the flaw to launch attacks on computers in Asia in an operation that the cyber security group FireEye dubbed 'DeuptyDog'.

Marc Maiffret, chief technology officer of the cyber security organisation BeyondTrust, said the vulnerability was later more broadly used after Microsoft had brought the issue to the attention of cyber criminals. He advises Windows users to immediately install the update to Internet Explorer, if they do not already have their PCs already set to automatically download updates.

“Any time they patch something that has already been used (to launch attacks) in the wild, then it is critical to apply the patch,” Maiffret said.

The vulnerability in Internet Explorer was known as a “zero-day” because Microsoft had that many days to fix the hole when it was discovered attackers were exploiting the bug.

In an active, underground market for “zero day” vulnerabilities, criminal groups and governments sometimes pay $1 million or more to hackers to tackle bugs.

In order to have time to build defences, Microsoft are not yet revealing the exact nature of what Forshaw tackled. 

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
SPONSORED FEATURES
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: IT Support Engineer - 2nd & 3rd Line

    £25000 per annum: Recruitment Genius: The IT Support Engineer is needed to ass...

    Recruitment Genius: Junior / Mid Software Developer

    £22000 - £30000 per annum: Recruitment Genius: This is an exciting opportunity...

    Recruitment Genius: IT Service Desk Manager

    £35000 - £40000 per annum: Recruitment Genius: A great opportunity to join a p...

    Recruitment Genius: Graphic and Motion Designer

    Negotiable: Recruitment Genius: Do you get a buzz from thinking up new ideas a...

    Day In a Page

    Refugee crisis: David Cameron lowered the flag for the dead king of Saudi Arabia - will he do the same honour for little Aylan Kurdi?

    Cameron lowered the flag for the dead king of Saudi Arabia...

    But will he do the same honour for little Aylan Kurdi, asks Robert Fisk
    Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

    Our leaders lack courage in this refugee crisis. We are shamed by our European neighbours

    Humanity must be at the heart of politics, says Jeremy Corbyn
    Joe Biden's 'tease tour': Could the US Vice-President be testing the water for a presidential run?

    Joe Biden's 'tease tour'

    Could the US Vice-President be testing the water for a presidential run?
    Britain's 24-hour culture: With the 'leisured society' a distant dream we're working longer and less regular hours than ever

    Britain's 24-hour culture

    With the 'leisured society' a distant dream we're working longer and less regular hours than ever
    Diplomacy board game: Treachery is the way to win - which makes it just like the real thing

    The addictive nature of Diplomacy

    Bullying, betrayal, aggression – it may be just a board game, but the family that plays Diplomacy may never look at each other in the same way again
    Lady Chatterley's Lover: Racy underwear for fans of DH Lawrence's equally racy tome

    Fashion: Ooh, Lady Chatterley!

    Take inspiration from DH Lawrence's racy tome with equally racy underwear
    8 best children's clocks

    Tick-tock: 8 best children's clocks

    Whether you’re teaching them to tell the time or putting the finishing touches to a nursery, there’s a ticker for that
    Charlie Austin: Queens Park Rangers striker says ‘If the move is not right, I’m not going’

    Charlie Austin: ‘If the move is not right, I’m not going’

    After hitting 18 goals in the Premier League last season, the QPR striker was the great non-deal of transfer deadline day. But he says he'd preferred another shot at promotion
    Isis profits from destruction of antiquities by selling relics to dealers - and then blowing up the buildings they come from to conceal the evidence of looting

    How Isis profits from destruction of antiquities

    Robert Fisk on the terrorist group's manipulation of the market to increase the price of artefacts
    Labour leadership: Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea

    'If we lose touch we’ll end up with two decades of the Tories'

    In an exclusive interview, Andy Burnham urges Jeremy Corbyn voters to think again in last-minute plea
    Tunisia fears its Arab Spring could be reversed as the new regime becomes as intolerant of dissent as its predecessor

    The Arab Spring reversed

    Tunisian protesters fear that a new law will whitewash corrupt businessmen and officials, but they are finding that the new regime is becoming as intolerant of dissent as its predecessor
    King Arthur: Legendary figure was real and lived most of his life in Strathclyde, academic claims

    Academic claims King Arthur was real - and reveals where he lived

    Dr Andrew Breeze says the legendary figure did exist – but was a general, not a king
    Who is Oliver Bonas and how has he captured middle-class hearts?

    Who is Oliver Bonas?

    It's the first high-street store to pay its staff the living wage, and it saw out the recession in style
    Earth has 'lost more than half its trees' since humans first started cutting them down

    Axe-wielding Man fells half the world’s trees – leaving us just 422 each

    However, the number of trees may be eight times higher than previously thought
    60 years of Scalextric: Model cars are now stuffed with as much tech as real ones

    60 years of Scalextric

    Model cars are now stuffed with as much tech as real ones