Beranda » Apps & Software » Microsoft pays hacker $100,000 for finding security holes

Microsoft pays hacker $100,000 for finding security holes

T Diposting oleh pada 10 October 2013
F Kategori
b Belum ada komentar
@ Dilihat 3589 kali

Microsoft is paying a well-known British hacking expert more than $100,000 for finding security holes in its software, one of the largest bounties awarded to date by a tech company.

The company also released a much anticipated update to Internet Explorer, which it said fixes a bug that made users of the browser vulnerable to remote attack.

James Forshaw, who heads vulnerability research at British consulting firm Context Information Security, won Microsoft’s first $US100,000 ($106,000) bounty for identifying a new “exploitation technique” in Windows, which will allow it to develop defences against an entire class of attacks, the company said.

Microsoft Office

Forshaw is among the many “white hat” hackers who hack for good and get rewarded for their efforts. Companies such as Apple and Facebook have hall of fame pages on their websites to recognise hackers, and some companies even pay them.

Forshaw, who is currently travelling to attend a security conference, earned another $US9400 for identifying security bugs in a preview release of Microsoft’s Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Centre, said in a blog post.

“Over the past decade working in secure development and research, I have discovered many interesting security vulnerabilities with a heavy focus of complex logic bugs,” Forshaw said.

“I’m keenly interested in the intellectual puzzle of finding novel exploitation techniques and the creativity it requires.”

To find his winning entry, Forshaw studied the mitigations available today and after brainstorming identified a few potential angles.

“Not all were viable but after some persistence I was finally successful.”

He said receiving recognition for his entry was “exciting” to him and his employer.

“It also gives me the satisfaction that I am contributing to improving the security of both Microsoft’s and Context’s customers.”

Microsoft unveiled the reward programs four months ago to bolster efforts to prevent sophisticated attackers from subverting new security technologies in its software, which runs on the majority of the world’s PCs.

Forshaw has been credited with identifying several dozen software security bugs. He was awarded a large bounty from Hewlett-Packard for identifying a way to “pwn”, or take ownership of, Oracle’s Java software in a high-profile contest known as Pwn2Own (pronounced “pown to own”).

Microsoft also released an automatic update to Internet Explorer on Tuesday afternoon to fix a security bug that it first disclosed last month.

Researchers say hackers initially exploited that flaw to launch attacks on companies in Asia in an operation that cyber security firm FireEye has dubbed DeputyDog.

Marc Maiffret, chief technology officer of the cyber security firm BeyondTrust, said the vulnerability was later more broadly used after Microsoft’s disclosure of the issue brought it to the attention of cybercriminals.

He is advising PC users to immediately install the update to Internet Explorer, if they do not have their PCs already set to automatically download updates.

“Any time they patch something that has already been used [to launch attacks] in the wild, then it is critical to apply the patch,” Maiffret said.

That vulnerability in Internet Explorer was known as a “zero-day” because Microsoft, the targeted software maker, had zero days notice to fix the hole when the initial attacks exploiting the bug were discovered.

In an active, underground market for “zero day” vulnerabilities, criminal groups and governments sometimes pay $US1 million or more to hackers who identify such bugs.

Microsoft’s reward is slightly more generous than that of Yahoo!, which recently offered a security researcher a $US25 voucher to the company’s online store for reporting three security flaws.

Yahoo later opened up a program, with rewards of up to $US15,000, after security researchers ridiculed the minuscule $US25 prize.

Correction: This article originally said Mr Forshaw was based in Melbourne and an Australian. The error came about due to information distributed by Context’s British public relations firm. Context Australia’s managing director said the information was “misleading” and confirmed Mr Forshaw was based in Britain.

Diposting oleh

Saat ini bekerja di Triboxmedia sebagai web developer dan graphic designer. Bizniz Theme adalah template wordpress company profile. Sangat cocok digunakan untuk membuat website perusahaan penyedia jasa online maupun offline.

Belum ada Komentar untuk Microsoft pays hacker $100,000 for finding security holes

Silahkan tulis komentar Anda

Your email address will not be published. Required fields are marked *

*

a Artikel Terkait Microsoft pays hacker $100,000 for finding security holes

iOS-7-Features-725x375

10 Cool Features Hiding in iOS 7

T 28 September 2013 F A Tri Yuli Kurniawan

Apple’s new iOS 7 is either the company’s most beautiful operating system yet or a hideous abomination (your choice!). Either way, there’s a lot more to iOS 7 than just a handful of new icons – there are a lot of... Selengkapnya

Evernote

Evernote Gets ‘Post-it Note Mode’ for Digitizing Those Square Sticky Things You Write On

T 28 September 2013 F A Tri Yuli Kurniawan

  Pens! Who needs ‘em? The last pen I used tried to kill me. Within a split-second of writing something, my hand — withered from decades of not writing — cramped up and sent shooting pains up my entire arm,... Selengkapnya

+ SIDEBAR

Ada Pertanyaan? Silahkan hubungi customer service kami untuk mendapatkan informasi lebih lengkap mengenai jasa/produk kami.

Tentang Bizniz Theme

Bizniz Theme adalah template wordpress company profile. Sangat cocok digunakan untuk membuat website perusahaan penyedia jasa online maupun offline. Dilengkapi dengan fitur-fitur menarik yang dapat dengan mudah Anda setting dari halaman pengaturan template yang telah disediakan. SEO friendly, fast loading, desain elegan dan mudah penggunaannya. Free update & Full Support!