James Forshaw picked up the prize after hacking into the
company's operating system in such a way that would potentially compromise all
software running on Microsoft platforms.
The glitches found were so serious that Microsoft will not
reveal the specifics of the hack until all their software has been updated.
The company created cash bounties in June to incentivise experts
to uncover holes in their security before they can be exploited by fraudsters.
Mr Forshaw, head of vulnerability research at UK-based Context
Information Security, is the first person to win one of the $100,000 bounties.
The company he works for provides advice on hacking to Ministry
of Defence and other public sector organisations as part of the Government's UK
Cyber Security Strategy.
Microsoft said they awarded such a large prize because Mr
Forshaw's submission would help them "develop defences against entire
classes of attack".
Mr Forshaw explained how he found the bug: "Over the past
decade working in secure development and research, I have discovered many
interesting security vulnerabilities with a heavy focus of complex logic bugs.
"I’m keenly interested in the intellectual puzzle of
finding novel exploitation techniques and the creativity it requires ... To
find my winning entry I studied the mitigations available today and after
brainstorming I identified a few potential angles. Not all were viable but
after some persistence I was finally successful."
Microsoft's bounty system reflects a wider monetisation of cyber
hacking which has developed as governments and businesses become more aware of
the issue.
A covert Chinese group known as Hidden Lynx is believed to have up to 100 skilled
hackers who
can be hired to carry out prolonged campaigns on behalf of clients.
Software company Symantec has been tracking the group for the
last two years and found them to be behind six major online attacks against
governments, banks and other companies.
More than half of Hidden Lynx's targets are based in America
according to the company, with organisations in Taiwan, Germany, Russia and
China itself also being attacked.
previous article
Newer Post
No comments
Post a Comment