Microsoft pays out $100,000 to hacker who exposed Windows security flaws
Software giant Microsoft has revealed it is paying a hacker over $100,000 (£62,760) to find security holes in its products.
Well-known British hacking expert, and head of vulnerability research at London-based consulting firm Context Information Security, James Forshaw was awarded one of Microsoft’s biggest bounties after he identified a new “exploitation technique” in Windows operating systems. According to a blog post written by Katie Moussouris, senior security strategist at Microsoft Security Response Centre, he received another $9,400 for identifying security glitches in a preview release of Internet Explorer 11. His findings have allowed Microsoft to create defences against an entire class of attacks.
Forshaw is a white hat: someone who hacks to help firms in return for a reward. Microsoft’s rival consumer computing brand Apple, as well as social networking website Facebook both recognise white hat hackers with hall of fame pages on their websites.
Microsoft revealed its reward programme in June to bolster efforts to prevent highly skilled cyber attackers from undermining technologies in its software, which runs on the vast majority of personal computers across the globe.
"Microsoft's Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offence to defence. It incentivises researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count." Forshaw told PCMag.com’s SecruityWatch.
He continued: "To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful."
Forshaw was also found several dozen software security bugs and awarded a large prize from Hewlett-Packard for identifying a way to “pwn”, or take ownership of, Oracle Corp’s Java software in a high-profile contest known was Pwn2Own.
Microsoft also released an automatic update to Internet Explorer on Tuesday 8 October 2013 to fix a security bug that it first disclosed earlier in the month. Researchers say hackers initially exploited the flaw to launch attacks on computers in Asia in an operation that the cyber security group FireEye dubbed 'DeuptyDog'.
Marc Maiffret, chief technology officer of the cyber security organisation BeyondTrust, said the vulnerability was later more broadly used after Microsoft had brought the issue to the attention of cyber criminals. He advises Windows users to immediately install the update to Internet Explorer, if they do not already have their PCs already set to automatically download updates.
“Any time they patch something that has already been used (to launch attacks) in the wild, then it is critical to apply the patch,” Maiffret said.
The vulnerability in Internet Explorer was known as a “zero-day” because Microsoft had that many days to fix the hole when it was discovered attackers were exploiting the bug.
In an active, underground market for “zero day” vulnerabilities, criminal groups and governments sometimes pay $1 million or more to hackers to tackle bugs.
In order to have time to build defences, Microsoft are not yet revealing the exact nature of what Forshaw tackled.
Life & Style blogs
What marriage would look like if we actually followed the Bible
Overly-controlling parents cause their children lifelong psychological damage, says study
What do the emojis on Snapchat mean?
Star Wars BB-8 droid toy is real, should be impossible
Orthorexia nervosa: How becoming obsessed with healthy eating can lead to malnutrition
Britain to take more refugees as Cameron bows to pressure after more than 250,000 back our campaign
Senior British politicians tell David Cameron: When dead children are being washed up on beaches – it's time to act
Jeremy Corbyn calls Osama bin Laden's killing a 'tragedy' - but was it taken out of context?
If these extraordinarily powerful images of a dead Syrian child washed up on a beach don't change Europe's attitude to refugees, what will?
If you're not already angry about the refugee crisis, here's a history lesson to remind you why you really should be
Refugees welcome: More than 250,000 sign Independent petition calling for Britain to 'take its fair share'
- 1 President Obama leaves touching comment on Humans of New York photo from Iran
- 2 If these extraordinarily powerful images of a dead Syrian child washed up on a beach don't change Europe's attitude to refugees, what will?
- 3 The Chinese city where men have 'three girlfriends because there are so many women'
- 4 'Heartbreaking' Syria orphan photo wasn't taken in Syria and not of orphan
- 5 German police forced to ask public to stop bringing donations for refugees arriving by train
iJobs Gadgets & Tech
£25000 per annum: Recruitment Genius: The IT Support Engineer is needed to ass...
£22000 - £30000 per annum: Recruitment Genius: This is an exciting opportunity...
£35000 - £40000 per annum: Recruitment Genius: A great opportunity to join a p...
Negotiable: Recruitment Genius: Do you get a buzz from thinking up new ideas a...