Microsoft pays out $100,000 to hacker who exposed Windows security flaws

 

Software giant Microsoft has revealed it is paying a hacker over $100,000 (£62,760) to find security holes in its products.

Well-known British hacking expert, and head of vulnerability research at London-based consulting firm Context Information Security, James Forshaw was awarded one of Microsoft’s biggest bounties after he identified a new “exploitation technique” in Windows operating systems. According to a blog post written by Katie Moussouris, senior security strategist at Microsoft Security Response Centre, he received another $9,400 for identifying security glitches in a preview release of Internet Explorer 11.  His findings have allowed Microsoft to create defences against an entire class of attacks.

Forshaw is a white hat: someone who hacks to help firms in return for a reward. Microsoft’s rival consumer computing brand Apple, as well as social networking website Facebook both recognise white hat hackers with hall of fame pages on their websites.

Microsoft revealed its reward programme in June to bolster efforts to prevent highly skilled cyber attackers from undermining technologies in its software, which runs on the vast majority of personal computers across the globe.

"Microsoft's Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offence to defence. It incentivises researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count." Forshaw told PCMag.com’s SecruityWatch.

He continued: "To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful."

Forshaw was also found several dozen software security bugs and awarded a large prize from Hewlett-Packard for identifying a way to “pwn”, or take ownership of, Oracle Corp’s Java software in a high-profile contest known was Pwn2Own.

Microsoft also released an automatic update to Internet Explorer on Tuesday 8 October 2013 to fix a security bug that it first disclosed earlier in the month. Researchers say hackers initially exploited the flaw to launch attacks on computers in Asia in an operation that the cyber security group FireEye dubbed 'DeuptyDog'.

Marc Maiffret, chief technology officer of the cyber security organisation BeyondTrust, said the vulnerability was later more broadly used after Microsoft had brought the issue to the attention of cyber criminals. He advises Windows users to immediately install the update to Internet Explorer, if they do not already have their PCs already set to automatically download updates.

“Any time they patch something that has already been used (to launch attacks) in the wild, then it is critical to apply the patch,” Maiffret said.

The vulnerability in Internet Explorer was known as a “zero-day” because Microsoft had that many days to fix the hole when it was discovered attackers were exploiting the bug.

In an active, underground market for “zero day” vulnerabilities, criminal groups and governments sometimes pay $1 million or more to hackers to tackle bugs.

In order to have time to build defences, Microsoft are not yet revealing the exact nature of what Forshaw tackled. 

Travel
travel
News
Tim Vine has won the funniest joke award at the Edinburgh Festival 2014
peopleTim Vine, winner of the Funniest Joke of the Fringe award, has nigh-on 200 in his act. So how are they conceived?
Sport
sportBesiktas 0 Arsenal 0: Champions League qualifying first-leg match ends in stalemate in Istanbul
News
Jamie and Emily Pharro discovering their friend's prank
video
PROMOTED VIDEO
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Life and Style
ebooksFrom the lifespan of a slug to the distance to the Sun: answers to 500 questions from readers
Sport
Manchester United are believed to have made a £15m bid for Marcos Rojo
sportWinger Nani returns to Lisbon for a season-long loan as part of deal
News
news
News
i100
Arts and Entertainment
O'Toole as Cornelius Gallus in ‘Katherine of Alexandria’
filmSadly though, the Lawrence of Arabia star is not around to lend his own critique
Life and Style
fashion
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Junior DBA (SQL Server, T-SQL, SSIS, SSAS) London - Finance

    £30000 - £33000 per annum + Benefits + Bonus: Harrington Starr: Junior DBA (SQ...

    Oil & Energy Business Anaylst

    £45000 - £75000 per annum + BONUS + BENEFITS: Harrington Starr: Harrington Sta...

    UI Developer (HTML5, CSS, JavaScript, Visualisation)

    £35000 - £55000 per annum + Benefits: Harrington Starr: UI Developer (HTML5, C...

    Senior Systems Test Analyst – Surrey – 12 month contract – £340 daily rate

    £300 - £340 Per Day: Clearwater People Solutions Ltd: We are currently seeking...

    Day In a Page

    Ferguson: In the heartlands of America, a descent into madness

    A descent into madness in America's heartlands

    David Usborne arrived in Ferguson, Missouri to be greeted by a scene more redolent of Gaza and Afghanistan
    BBC’s filming of raid at Sir Cliff’s home ‘may be result of corruption’

    BBC faces corruption allegation over its Sir Cliff police raid coverage

    Reporter’s relationship with police under scrutiny as DG is summoned by MPs to explain extensive live broadcast of swoop on singer’s home
    Lauded therapist Harley Mille still in limbo as battle to stay in Britain drags on

    Lauded therapist still in limbo as battle to stay in Britain drags on

    Australian Harley Miller is as frustrated by court delays as she is with the idiosyncrasies of immigration law
    Lewis Fry Richardson's weather forecasts changed the world. But could his predictions of war do the same?

    Lewis Fry Richardson's weather forecasts changed the world...

    But could his predictions of war do the same?
    Kate Bush asks fans not to take photos at her London gigs: 'I want to have contact with the audience, not iPhones'

    'I want to have contact with the audience, not iPhones'

    Kate Bush asks fans not to take photos at her London gigs
    Under-35s have rated gardening in their top five favourite leisure activities, but why?

    Young at hort

    Under-35s have rated gardening in their top five favourite leisure activities. But why are so many people are swapping sweaty clubs for leafy shrubs?
    Tim Vine, winner of the Funniest Joke of the Fringe award: 'making a quip as funny as possible is an art'

    Beyond a joke

    Tim Vine, winner of the Funniest Joke of the Fringe award, has nigh-on 200 in his act. So how are they conceived?
    The late Peter O'Toole shines in 'Katherine of Alexandria' despite illness

    The late Peter O'Toole shines in 'Katherine of Alexandria' despite illness

    Sadly though, the Lawrence of Arabia star is not around to lend his own critique
    Wicken Fen in Cambridgeshire: The joy of camping in a wetland nature reserve and sleeping under the stars

    A wild night out

    Wicken Fen in Cambridgeshire offers a rare chance to camp in a wetland nature reserve
    Comic Sans for Cancer exhibition: It’s the font that’s openly ridiculed for its jaunty style, but figures of fun have their fans

    Comic Sans for Cancer exhibition

    It’s the font that’s openly ridiculed for its jaunty style, but figures of fun have their fans
    Besiktas vs Arsenal: Five things we learnt from the Champions League first-leg tie

    Besiktas vs Arsenal

    Five things we learnt from the Champions League first-leg tie
    Rory McIlroy a smash hit on the US talk show circuit

    Rory McIlroy a smash hit on the US talk show circuit

    As the Northern Irishman prepares for the Barclays, he finds time to appear on TV in the States, where he’s now such a global superstar that he needs no introduction
    Boy racer Max Verstappen stays relaxed over step up to Formula One

    Boy racer Max Verstappen stays relaxed over step up to F1

    The 16-year-old will become the sport’s youngest-ever driver when he makes his debut for Toro Rosso next season
    Fear brings the enemies of Isis together at last

    Fear brings the enemies of Isis together at last

    But belated attempts to unite will be to no avail if the Sunni caliphate remains strong in Syria, says Patrick Cockburn
    Charlie Gilmour: 'I wondered if I would end up killing myself in jail'

    Charlie Gilmour: 'I wondered if I'd end up killing myself in jail'

    Following last week's report on prison suicides, the former inmate asks how much progress we have made in the 50 years since the abolition of capital punishment