Microsoft pays out $100,000 to hacker who exposed Windows security flaws

 

Software giant Microsoft has revealed it is paying a hacker over $100,000 (£62,760) to find security holes in its products.

Well-known British hacking expert, and head of vulnerability research at London-based consulting firm Context Information Security, James Forshaw was awarded one of Microsoft’s biggest bounties after he identified a new “exploitation technique” in Windows operating systems. According to a blog post written by Katie Moussouris, senior security strategist at Microsoft Security Response Centre, he received another $9,400 for identifying security glitches in a preview release of Internet Explorer 11.  His findings have allowed Microsoft to create defences against an entire class of attacks.

Forshaw is a white hat: someone who hacks to help firms in return for a reward. Microsoft’s rival consumer computing brand Apple, as well as social networking website Facebook both recognise white hat hackers with hall of fame pages on their websites.

Microsoft revealed its reward programme in June to bolster efforts to prevent highly skilled cyber attackers from undermining technologies in its software, which runs on the vast majority of personal computers across the globe.

"Microsoft's Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offence to defence. It incentivises researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count." Forshaw told PCMag.com’s SecruityWatch.

He continued: "To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful."

Forshaw was also found several dozen software security bugs and awarded a large prize from Hewlett-Packard for identifying a way to “pwn”, or take ownership of, Oracle Corp’s Java software in a high-profile contest known was Pwn2Own.

Microsoft also released an automatic update to Internet Explorer on Tuesday 8 October 2013 to fix a security bug that it first disclosed earlier in the month. Researchers say hackers initially exploited the flaw to launch attacks on computers in Asia in an operation that the cyber security group FireEye dubbed 'DeuptyDog'.

Marc Maiffret, chief technology officer of the cyber security organisation BeyondTrust, said the vulnerability was later more broadly used after Microsoft had brought the issue to the attention of cyber criminals. He advises Windows users to immediately install the update to Internet Explorer, if they do not already have their PCs already set to automatically download updates.

“Any time they patch something that has already been used (to launch attacks) in the wild, then it is critical to apply the patch,” Maiffret said.

The vulnerability in Internet Explorer was known as a “zero-day” because Microsoft had that many days to fix the hole when it was discovered attackers were exploiting the bug.

In an active, underground market for “zero day” vulnerabilities, criminal groups and governments sometimes pay $1 million or more to hackers to tackle bugs.

In order to have time to build defences, Microsoft are not yet revealing the exact nature of what Forshaw tackled. 

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: 3rd Line Virtualisation, Windows & Server Engineer

    £40000 - £47000 per annum: Recruitment Genius: A 3rd Line Virtualisation / Sto...

    Recruitment Genius: Partner Manager - EMEA

    £50000 - £100000 per annum: Recruitment Genius: A Partner Manager is required ...

    Recruitment Genius: Regional Sales Manager - OTE £100,000

    £45000 - £100000 per annum: Recruitment Genius: A Regional Sales Manager is re...

    Recruitment Genius: IT Support Engineer

    £18000 - £22000 per annum: Recruitment Genius: The company provides IT support...

    Day In a Page

    Syria civil war: Meet the military commander who says his soldiers will not rest until every inch of their war torn country is free of Islamist 'terrorists'

    ‘We won’t stop until Syria is back to normal’

    Near the front lines with Islamist-controlled towns where Assad’s troops were besieged just last month, Robert Fisk meets a commander confidently preparing his soldiers for battle
    The inside story of how Bill Clinton built a $2bn global foundation may undermine Hillary's chances

    The inside story of how Bill Clinton built a $2bn global foundation...

    ... and how it may undermine Hillary's chances in 2016
    12 best olive oils

    Extra-virgin, cold-press, early-harvest, ultra-premium: 12 best olive oils

    Choosing an olive oil is a surprising minefield. Save yourself the hassle with our handy guide
    Sepp Blatter resignation: The beginning of Fifa's long road to reform?

    Does Blatter's departure mean Fifa will automatically clean up its act?

    Don't bet on it, says Tom Peck
    Charles Kennedy: The baby of the House who grew into a Lib Dem giant

    The baby of the House who grew into a Lib Dem giant

    Charles Kennedy was consistently a man of the centre-left, dedicated to social justice, but was also a champion of liberty and an opponent of the nanny-state, says Baroness Williams
    Syria civil war: The harrowing testament of a five-year-old victim of this endless conflict

    The harrowing testament of a five-year-old victim of Syria's endless civil war

    Sahar Qanbar lost her mother and brother as civilians and government soldiers fought side by side after being surrounded by brutal Islamist fighters. Robert Fisk visited her
    The future of songwriting: How streaming is changing everything we know about making music

    The future of songwriting

    How streaming is changing everything we know about making music
    William Shemin and Henry Johnson: Jewish and black soldiers receive World War I Medal of Honor amid claims of discrimination

    Recognition at long last

    Jewish and black soldiers who fought in WWI finally receive medals after claims of discrimination
    Beating obesity: The new pacemaker which helps over-eaters

    Beating obesity

    The new pacemaker which helps over-eaters
    9 best women's festival waterproofs

    Ready for rain: 9 best women's festival waterproofs

    These are the macs to keep your denim dry and your hair frizz-free(ish)
    Cycling World Hour Record: Nervous Sir Bradley Wiggins ready for pain as he prepares to go distance

    Wiggins worried

    Nervous Sir Bradley ready for pain as he prepares to attempt cycling's World Hour Record
    Liverpool close in on Milner signing

    Liverpool close in on Milner signing

    Reds baulk at Christian Benteke £32.5m release clause
    On your feet! Spending at least two hours a day standing reduces the risk of heart attacks, cancer and diabetes, according to new research

    On your feet!

    Spending half the day standing 'reduces risk of heart attacks and cancer'
    With scores of surgeries closing, what hope is there for the David Cameron's promise of 5,000 more GPs and a 24/7 NHS?

    The big NHS question

    Why are there so few new GPs when so many want to study medicine?
    Big knickers are back: Thongs ain't what they used to be

    Thongs ain't what they used to be

    Big knickers are back