Microsoft pays out $100,000 to hacker who exposed Windows security flaws - News - Gadgets and Tech - The Independent

Microsoft pays out $100,000 to hacker who exposed Windows security flaws

 

Software giant Microsoft has revealed it is paying a hacker over $100,000 (£62,760) to find security holes in its products.

Well-known British hacking expert, and head of vulnerability research at London-based consulting firm Context Information Security, James Forshaw was awarded one of Microsoft’s biggest bounties after he identified a new “exploitation technique” in Windows operating systems. According to a blog post written by Katie Moussouris, senior security strategist at Microsoft Security Response Centre, he received another $9,400 for identifying security glitches in a preview release of Internet Explorer 11.  His findings have allowed Microsoft to create defences against an entire class of attacks.

Forshaw is a white hat: someone who hacks to help firms in return for a reward. Microsoft’s rival consumer computing brand Apple, as well as social networking website Facebook both recognise white hat hackers with hall of fame pages on their websites.

Microsoft revealed its reward programme in June to bolster efforts to prevent highly skilled cyber attackers from undermining technologies in its software, which runs on the vast majority of personal computers across the globe.

"Microsoft's Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offence to defence. It incentivises researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count." Forshaw told PCMag.com’s SecruityWatch.

He continued: "To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful."

Forshaw was also found several dozen software security bugs and awarded a large prize from Hewlett-Packard for identifying a way to “pwn”, or take ownership of, Oracle Corp’s Java software in a high-profile contest known was Pwn2Own.

Microsoft also released an automatic update to Internet Explorer on Tuesday 8 October 2013 to fix a security bug that it first disclosed earlier in the month. Researchers say hackers initially exploited the flaw to launch attacks on computers in Asia in an operation that the cyber security group FireEye dubbed 'DeuptyDog'.

Marc Maiffret, chief technology officer of the cyber security organisation BeyondTrust, said the vulnerability was later more broadly used after Microsoft had brought the issue to the attention of cyber criminals. He advises Windows users to immediately install the update to Internet Explorer, if they do not already have their PCs already set to automatically download updates.

“Any time they patch something that has already been used (to launch attacks) in the wild, then it is critical to apply the patch,” Maiffret said.

The vulnerability in Internet Explorer was known as a “zero-day” because Microsoft had that many days to fix the hole when it was discovered attackers were exploiting the bug.

In an active, underground market for “zero day” vulnerabilities, criminal groups and governments sometimes pay $1 million or more to hackers to tackle bugs.

In order to have time to build defences, Microsoft are not yet revealing the exact nature of what Forshaw tackled. 

Life and Style
tech
Arts and Entertainment
Robin Thicke's video for 'Blurred Lines' has been criticised for condoning rape
music
News
Paper trail: the wedding photograph found in the rubble after 9/11 – it took Elizabeth Keefe 13 years to find the people in it
newsWho are the people in this photo? It took Elizabeth Stringer Keefe 13 years to find out
Voices
Yes supporters gather outside the Usher Hall, which is hosting a Night for Scotland in Edinburgh
voicesBen Judah: Is there a third option for England and Scotland that keeps everyone happy?
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Arts and Entertainment
Matt Damon as Jason Bourne in The Bourne Ultimatum (2007)
filmMatt Damon in talks to return
News
peopleThe report and photo dedicated to the actress’s decolletage has, unsurprisingly, provoked anger
Arts and Entertainment
Evil eye: Douglas Adams in 'mad genius' pose
booksNew biography sheds light on comic genius of Douglas Adams
Life and Style
tech... and together they're worth at least £100 million
Arts and Entertainment
While many films were released, few managed to match the success of James Bond blockbuster 'Skyfall'
filmsDaniel Craig is believed to be donning skies as 007 for the first time
Arts and Entertainment
Fringe show: 'Cilla', with Sheridan Smith in the title role and Aneurin Barnard as her future husband Bobby Willis
tvEllen E Jones on ITV's 'Cilla'
Life and Style
Bono and Apple CEO Tim Cook announced U2's surprise new album at the iPhone 6 launch
tech(but you can't escape: Bono is always on your iPhone)
Sport
Tim Wiese
sport
Life and Style
Kim Kardashian drawn backlash over her sexy swimsuit selfie, called 'disgusting' and 'nasty'
fashionCritics say magazine only pays attention to fashion trends among rich, white women
Arts and Entertainment
TVShows like Agents of S.H.I.E.L.D are little more than marketing tools
Arts and Entertainment
Hit the roof: hot-tub cinema east London
architectureFrom pools to football pitches, rooftop living is looking up
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Programme Test Manager

    £400 Per Day: Clearwater People Solutions Ltd: Our client are currently seekin...

    Project Manager with some Agile experience

    £45000 Per Annum: Clearwater People Solutions Ltd: Our client based in Chelmsf...

    Data/ MI Analyst

    £25000 - £30000 Per Annum: Clearwater People Solutions Ltd: Our client are cur...

    Project Manager (retail, upgrades, rollouts)

    £40000 - £45000 Per Annum + benefits: Clearwater People Solutions Ltd: Project...

    Day In a Page

    Mystery of the Ground Zero wedding photo

    A shot in the dark

    Mystery of the wedding photo from Ground Zero
    His life, the universe and everything

    His life, the universe and everything

    New biography sheds light on comic genius of Douglas Adams
    Save us from small screen superheroes

    Save us from small screen superheroes

    Shows like Agents of S.H.I.E.L.D are little more than marketing tools
    Reach for the skies

    Reach for the skies

    From pools to football pitches, rooftop living is looking up
    These are the 12 best hotel spas in the UK

    12 best hotel spas in the UK

    Some hotels go all out on facilities; others stand out for the sheer quality of treatments
    These Iranian-controlled Shia militias used to specialise in killing American soldiers. Now they are fighting Isis, backed up by US airstrikes

    Widespread fear of Isis is producing strange bedfellows

    Iranian-controlled Shia militias that used to kill American soldiers are now fighting Isis, helped by US airstrikes
    Topshop goes part Athena poster, part last spring Prada

    Topshop goes part Athena poster, part last spring Prada

    Shoppers don't come to Topshop for the unique
    How to make a Lego masterpiece

    How to make a Lego masterpiece

    Toy breaks out of the nursery and heads for the gallery
    Meet the ‘Endies’ – city dwellers who are too poor to have fun

    Meet the ‘Endies’ – city dwellers who are too poor to have fun

    Urbanites are cursed with an acronym pointing to Employed but No Disposable Income or Savings
    Paisley’s decision to make peace with IRA enemies might remind the Arabs of Sadat

    Ian Paisley’s decision to make peace with his IRA enemies

    His Save Ulster from Sodomy campaign would surely have been supported by many a Sunni imam
    'She was a singer, a superstar, an addict, but to me, her mother, she is simply Amy'

    'She was a singer, a superstar, an addict, but to me, her mother, she is simply Amy'

    Exclusive extract from Janis Winehouse's poignant new memoir
    Is this the role to win Cumberbatch an Oscar?

    Is this the role to win Cumberbatch an Oscar?

    The Imitation Game, film review
    England and Roy Hodgson take a joint step towards redemption in Basel

    England and Hodgson take a joint step towards redemption

    Welbeck double puts England on the road to Euro 2016
    Relatives fight over Vivian Maier’s rare photos

    Relatives fight over Vivian Maier’s rare photos

    Pictures removed from public view as courts decide ownership
    ‘Fashion has to be fun. It’s a big business, not a cure for cancer’

    ‘Fashion has to be fun. It’s a big business, not a cure for cancer’

    Donatella Versace at New York Fashion Week