Microsoft pays out $100,000 to hacker who exposed Windows security flaws

 

Software giant Microsoft has revealed it is paying a hacker over $100,000 (£62,760) to find security holes in its products.

Well-known British hacking expert, and head of vulnerability research at London-based consulting firm Context Information Security, James Forshaw was awarded one of Microsoft’s biggest bounties after he identified a new “exploitation technique” in Windows operating systems. According to a blog post written by Katie Moussouris, senior security strategist at Microsoft Security Response Centre, he received another $9,400 for identifying security glitches in a preview release of Internet Explorer 11.  His findings have allowed Microsoft to create defences against an entire class of attacks.

Forshaw is a white hat: someone who hacks to help firms in return for a reward. Microsoft’s rival consumer computing brand Apple, as well as social networking website Facebook both recognise white hat hackers with hall of fame pages on their websites.

Microsoft revealed its reward programme in June to bolster efforts to prevent highly skilled cyber attackers from undermining technologies in its software, which runs on the vast majority of personal computers across the globe.

"Microsoft's Mitigation Bypass Bounty is very important to help shift the focus of bounty programs from offence to defence. It incentivises researchers like me to commit time and effort to security in depth rather than just striving for the total vulnerability count." Forshaw told PCMag.com’s SecruityWatch.

He continued: "To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful."

Forshaw was also found several dozen software security bugs and awarded a large prize from Hewlett-Packard for identifying a way to “pwn”, or take ownership of, Oracle Corp’s Java software in a high-profile contest known was Pwn2Own.

Microsoft also released an automatic update to Internet Explorer on Tuesday 8 October 2013 to fix a security bug that it first disclosed earlier in the month. Researchers say hackers initially exploited the flaw to launch attacks on computers in Asia in an operation that the cyber security group FireEye dubbed 'DeuptyDog'.

Marc Maiffret, chief technology officer of the cyber security organisation BeyondTrust, said the vulnerability was later more broadly used after Microsoft had brought the issue to the attention of cyber criminals. He advises Windows users to immediately install the update to Internet Explorer, if they do not already have their PCs already set to automatically download updates.

“Any time they patch something that has already been used (to launch attacks) in the wild, then it is critical to apply the patch,” Maiffret said.

The vulnerability in Internet Explorer was known as a “zero-day” because Microsoft had that many days to fix the hole when it was discovered attackers were exploiting the bug.

In an active, underground market for “zero day” vulnerabilities, criminal groups and governments sometimes pay $1 million or more to hackers to tackle bugs.

In order to have time to build defences, Microsoft are not yet revealing the exact nature of what Forshaw tackled. 

News
A 1930 image of the Karl Albrecht Spiritousen and Lebensmittel shop, Essen. The shop was opened by Karl and Theo Albrecht’s mother; the brothers later founded Aldi
people
Arts and Entertainment
Standing the test of time: Michael J Fox and Christopher Lloyd in 'Back to the Future'
filmA cult movie event aims to immerse audiences of 80,000 in ‘Back to the Future’. But has it lost its magic?
Arts and Entertainment
Flora Spencer-Longhurst as Lavinia, William Houston as Titus Andronicus and Dyfan Dwyfor as Lucius
theatreThe Shakespeare play that proved too much for more than 100 people
News
exclusivePunk icon Viv Albertine on Sid Vicious, complacent white men, and why free love led to rape
PROMOTED VIDEO
Life and Style
ebookA wonderful selection of salads, starters and mains featuring venison, grouse and other game
Arts and Entertainment
Stir crazy: Noel Fielding in 'Luxury Comedy 2: Tales from Painted Hawaii'
comedyAs ‘Luxury Comedy’ returns, Noel Fielding on why mainstream success scares him and what the future holds for 'The Boosh'
Life and Style
Flow chart: Karl Landsteiner discovered blood types in 1900, yet scientists have still not come up with an explanation for their existence
lifeAll of us have one. Yet even now, it’s a matter of debate what they’re for
Arts and Entertainment
'Weird Al' Yankovic, or Alfred Matthew, at the 2014 Los Angeles Film Festival Screening of
musicHis latest video is an ode to good grammar. But what do our experts think he’s missed out?
Sport
New Real Madrid signing James Rodríguez with club president Florentino Perez
sportColombian World Cup star completes £63m move to Spain
Travel
Hotel Tour d’Auvergne in Paris launches pay-what-you-want
travelIt seems fraught with financial risk, but the policy has its benefits
Arts and Entertainment
booksThe best children's books for this summer
Life and Style
News to me: family events were recorded in the personal columns
techFamily events used to be marked in the personal columns. But now Facebook has usurped that
Independent
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
santorini
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Project Coordinator/Order Entry, SC Clear

    £100 - £110 per day: Orgtel: Project Coordinator/Order Entry Hampshire

    C# Developer

    £35000 - £50000 per annum + benefits: Progressive Recruitment: My client is lo...

    SAP FICO CONSULTANT - LONDON

    £55000 - £65000 per annum + Benefits: Progressive Recruitment: SENIOR SAP FICO...

    SAP BI/BO CONSULTANT

    £60000 - £70000 per annum + Benefits: Progressive Recruitment: SAP BI CONSULTA...

    Day In a Page

    Noel Fielding's 'Luxury Comedy': A land of the outright bizarre

    Noel Fielding's 'Luxury Comedy'

    A land of the outright bizarre
    What are the worst 'Word Crimes'?

    What are the worst 'Word Crimes'?

    ‘Weird Al’ Yankovic's latest video is an ode to good grammar. But what do The Independent’s experts think he’s missed out?
    Can Secret Cinema sell 80,000 'Back to the Future' tickets?

    The worst kept secret in cinema

    A cult movie event aims to immerse audiences of 80,000 in ‘Back to the Future’. But has it lost its magic?
    Facebook: The new hatched, matched and dispatched

    The new hatched, matched and dispatched

    Family events used to be marked in the personal columns. But now Facebook has usurped the ‘Births, Deaths and Marriages’ announcements
    Why do we have blood types?

    Are you my type?

    All of us have one but probably never wondered why. Yet even now, a century after blood types were discovered, it’s a matter of debate what they’re for
    Honesty box hotels: You decide how much you pay

    Honesty box hotels

    Five hotels in Paris now allow guests to pay only what they think their stay was worth. It seems fraught with financial risk, but the honesty policy has its benefit
    Commonwealth Games 2014: Why weight of pressure rests easy on Michael Jamieson’s shoulders

    Michael Jamieson: Why weight of pressure rests easy on his shoulders

    The Scottish swimmer is ready for ‘the biggest race of my life’ at the Commonwealth Games
    Some are reformed drug addicts. Some are single mums. All are on benefits. But now these so-called 'scroungers’ are fighting back

    The 'scroungers’ fight back

    The welfare claimants battling to alter stereotypes
    Amazing video shows Nasa 'flame extinguishment experiment' in action

    Fireballs in space

    Amazing video shows Nasa's 'flame extinguishment experiment' in action
    A Bible for billionaires

    A Bible for billionaires

    Find out why America's richest men are reading John Brookes
    Paranoid parenting is on the rise - and our children are suffering because of it

    Paranoid parenting is on the rise

    And our children are suffering because of it
    For sale: Island where the Magna Carta was sealed

    Magna Carta Island goes on sale

    Yours for a cool £4m
    Phone hacking scandal special report: The slide into crime at the 'News of the World'

    The hacker's tale: the slide into crime at the 'News of the World'

    Glenn Mulcaire was jailed for six months for intercepting phone messages. James Hanning tells his story in a new book. This is an extract
    We flinch, but there are degrees of paedophilia

    We flinch, but there are degrees of paedophilia

    Child abusers are not all the same, yet the idea of treating them differently in relation to the severity of their crimes has somehow become controversial
    The truth about conspiracy theories is that some require considering

    The truth about conspiracy theories is that some require considering

    For instance, did Isis kill the Israeli teenagers to trigger a war, asks Patrick Cockburn