Follow Me

Thursday, 10 October 2013

Microsoft pays a British hacker $100,000

James Forshaw picked up the prize after hacking into the company's operating system in such a way that would potentially compromise all software running on Microsoft platforms.
The glitches found were so serious that Microsoft will not reveal the specifics of the hack until all their software has been updated.
The company created cash bounties in June to incentivise experts to uncover holes in their security before they can be exploited by fraudsters.
Mr Forshaw, head of vulnerability research at UK-based Context Information Security, is the first person to win one of the $100,000 bounties.
The company he works for provides advice on hacking to Ministry of Defence and other public sector organisations as part of the Government's UK Cyber Security Strategy.

Microsoft said they awarded such a large prize because Mr Forshaw's submission would help them "develop defences against entire classes of attack".
Mr Forshaw explained how he found the bug: "Over the past decade working in secure development and research, I have discovered many interesting security vulnerabilities with a heavy focus of complex logic bugs.
"I’m keenly interested in the intellectual puzzle of finding novel exploitation techniques and the creativity it requires ... To find my winning entry I studied the mitigations available today and after brainstorming I identified a few potential angles. Not all were viable but after some persistence I was finally successful."
Microsoft's bounty system reflects a wider monetisation of cyber hacking which has developed as governments and businesses become more aware of the issue.
A covert Chinese group known as Hidden Lynx is believed to have up to 100 skilled hackers who can be hired to carry out prolonged campaigns on behalf of clients.
Software company Symantec has been tracking the group for the last two years and found them to be behind six major online attacks against governments, banks and other companies.
More than half of Hidden Lynx's targets are based in America according to the company, with organisations in Taiwan, Germany, Russia and China itself also being attacked.

previous article
Newer Post
next article
Older Post


Email *

Message *