Fri, 29 Mar 2024 Today's Paper

Microsoft awards hacking expert, repairs browser bug

By

9 October 2013 05:41 am - 0     - {{hitsCtrl.values.hits}}

A A A

Microsoft Corp said on Tuesday it is paying a well-known hacking expert more than $100,000 for finding security holes in its software, one of the largest such bounties awarded to date by a high-tech company.

The software maker also released a much anticipated update to Internet Explorer, which it said fixes a bug that made users of the world's most popular browser vulnerable to remote attack.

James Forshaw, who heads vulnerability research at London-based security consulting firm Context Information Security, won Microsoft's first $100,000 bounty for identifying a new "exploitation technique" in Windows, which will allow it to develop defenses against an entire class of attacks, the software maker said on Tuesday.

Forshaw earned another $9,400 for identifying security bugs in a preview release of Microsoft's Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Center, said in a blog.

Microsoft unveiled the reward programs four months ago to bolster efforts to prevent sophisticated attackers from subverting new security technologies in its software, which runs on the vast majority of the world's personal computers.

Forshaw has been credited with identifying several dozen software security bugs. He was awarded a large bounty from Hewlett-Packard Co for identifying a way to "pwn," or take ownership of, Oracle Corp's Java software in a high-profile contest known as Pwn2Own (pronounced "pown to own").

Microsoft also released an automatic update to Internet Explorer on Tuesday afternoon to fix a security bug that it first disclosed last month.

Researchers say hackers initially exploited that flaw to launch attacks on companies in Asia in an operation that the cybersecurity firm FireEye has dubbed DeputyDog.

Marc Maiffret, chief technology officer of the cybersecurity firm BeyondTrust, said the vulnerability was later more broadly used after Microsoft's disclosure of the issue brought it to the attention of cyber criminals.

He is advising computer users to immediately install the update to Internet Explorer, if they do not have their PCs already set to automatically download updates.

"Any time they patch something that has already been used (to launch attacks) in the wild, then it is critical to apply the patch," Maiffret said.

That vulnerability in Internet Explorer was known as a "zero-day" because Microsoft, the targeted software maker, had zero days notice to fix the hole when the initial attacks exploiting the bug were discovered.

In an active, underground market for "zero day" vulnerabilities, criminal groups and governments sometimes pay $1 million or more to hackers who identify such bugs.

(Reporting by Jim Finkle; Editing by Richard Valdmanis and Richard Chang)

(Source : Reuters)

Order Gifts and Flowers to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Grocery, Kids Toys, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,Astrology, Courier/Delivery, Medicine Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka

  Comments - 0

Order Gifts and Flowers to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Grocery, Kids Toys, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,Astrology, Courier/Delivery, Medicine Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka

Add comment

Comments will be edited (grammar, spelling and slang) and authorized at the discretion of Daily Mirror online. The website also has the right not to publish selected comments.

Reply To:

Name - Reply Comment





Order Gifts and Flowers to Sri Lanka. See Kapruka's top selling online shopping categories such as Toys, Grocery, Kids Toys, Birthday Cakes, Fruits, Chocolates, Clothing and Electronics. Also see Kapruka's unique online services such as Money Remittence,Astrology, Courier/Delivery, Medicine Delivery and over 700 top brands. Also get products from Amazon & Ebay via Kapruka Gloabal Shop into Sri Lanka

VAT increase: SOUNDs death knell for publishers, readers

Though the Government imposed VAT (Value Added Tax) on vegetables and other e

How female change-makers are driving Sri Lanka’s energy saving platform

Saving energy has become more of a responsibility than a habit in today’s c

A dull Ramadan awaits Muslims amidst the Soaring Cost of Living

In the coming days, Muslims across the world will welcome the Holy Month of R

New wildlife underpass to curtail HEC

As of February 2024, Sri Lanka lost another 38 elephants as a result of the H

MIRROR CRICKET

More