Security

Microsoft offers hefty bounties to thwart hackers

20:18 Tuesday Jun 25, 2013

            

Microsoft is looking to recruit computer geeks in its ongoing efforts to protect Windows PCs from attacks

Microsoft Corp is looking to recruit computer geeks in its ongoing efforts to protect Windows PCs from attacks, offering rewards of as much as $150,000 to anybody who helps identify and fix major security holes in its software.

Microsoft unveiled the rewards program, one of the most generous in the high-tech industry to date, on Wednesday as it sought ways to prevent sophisticated attackers from subverting new security technologies it has introduced in the latest versions of the Windows operating system.

The program is open to computer experts as young as 14, though minors need permission from their parents. Residents of countries under U.S. sanctions, such as Cuba, Iran, North Korea, Sudan and Syria, are banned from the program.

The sheer size of the bonus is likely to grab the attention of the hacking community, though claiming the big money will require them to do battle with Microsoft’s latest anti-hacking technology and then detail their approach.

“It’s pretty generous, though what they are asking for is a pretty high bar,” said Chris Wysopal, chief technology officer of Veracode, a security firm that helps identify software bugs.

Microsoft has plenty of competition in getting elite hackers to turn their attention on its aging Windows franchise, which operates the vast majority of the world’s personal computers.

Windows computers have been involved in most major attacks to date, including the recent Citadel cyber crime ring that stole more than $500 million from banks and the Stuxnet virus that attacked Iran’s nuclear program in 2010 by exploiting previously unknown bugs in Microsoft software.

COMPETING FOR TALENT

The best hackers are heavily recruited by the military, intelligence agencies and big corporations, who lure them with scholarships and high-paying jobs.

Microsoft is also competing for the attention of the top hacking talent on a growing global gray market, where information about vulnerabilities is sold to criminals as well as governments that use it in military and intelligence operations. Bounties start at $50,000 for tools that enable attackers to break into computers, even when they are protected by up-to-date security software.

In the industry, exploits of such vulnerabilities are called “zero-days,” because a targeted software maker has had zero days’ notice to fix the hole when the malicious software is eventually discovered.

Mike Reavey, senior director with the Microsoft Security Response Center, declined in an interview to talk about the “zero day” market for vulnerabilities in Windows products, saying the company was seeking to encourage hackers to use their skills in helpful ways.

“It’s difficult to comment on the dark side,” he said. “The intention of these (bounty) programs is to incentivize good behavior.”

Reavey said he hoped Microsoft’s new program would woo some candidates away from an annual contest known as Pwn2Own (pronounced “pown to own”), which has become a key venue for elite hackers to disclose major security flaws in software.

The latest Pwn2Own, which was held in Vancouver in March and sponsored by Hewlett-Packard Co, paid out nearly $480,000 in prize money, according to HP’s website.

Hackers won the competition by identifying new ways to “pwn,” or take ownership of, browsers from Microsoft, Firefox and Google Inc, Oracle Corp‘s Java and Adobe System Inc‘s Flash and Reader software.

Some other big technology firms already offer similar programs. Google has handed out $1.7 million in 3 years, including prizes as big as $60,000. Facebook Inc said it has paid out $500,000 to $1 million since it began its program two years ago. Adobe does not offer bounties, though it brings in hackers as temporary consultants to help fix problems that they identify.

Microsoft is also running a one-month contest, starting July 26, offering bounties of up to $11,000 to hackers who find bugs in the trial version of its new Internet Explorer 11 browser, which will be in preview release.

Source: mybroadband.co.za

 

< Back

    Add your comment

    We aim to have healthy debate. But we won't publish comments that abuse others

    1200 characters left

     

     

    LATEST NEWS

     
      

    © copyright 2013 Website News. All rights reserved.

     

    SECTIONS

    ABOUT

    SUBSCRIBE

     

    Website News is for and about the website design, development, marketing industry. We will endeavor to bring you up-to-date news and information to help you in your work as well as give you useful information and tips for your clients and their businesses.

    We are always keen for you to submit any information you find from elsewhere, or about your business, that you feel will be relevant.

     

     

     

     

    Contact Us:

    For advertising enquiries or to submit a story, please email us at: editor@websitenews.co

     

    Login

    Website News

    Sign-up to Website News and create your universal Woogloo ID

    Your details

    Your login details

    Your address


    Is your address not being found?

    Company

    Company address

    Yes No


    To register on the Website News website you either need to use your
    exisitng Woogloo ID or create a new one (see below).

    Sign Up

    Why sign up?

    • Get access to Registered User's priviledges, which may include hidden pages, special features and special pricing, if they exist, on this website.
    • Get access to all sites powered by Woogloo V3 without having to enter your details everytime.

    Login Error

    Forgot your password?

    Enter your email address below and click 'Reset Password' Button




    What is a Woogloo ID

    Logging in...