back to article Microsoft breaks bug-bounty virginity in $100,000 contest

Microsoft is breaking its long-standing tradition of not paying for security vulnerabilities by offering a $100,000 cash prize for the first penetration tester to crack Windows 8.1 and a $50,000 bonus to explain how they did it. At this year's Black Hat USA conference – held at the end of July in the sweaty hell that is Las …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Ah I see you have a virus installed

    Security vulnerability detected: MS Operating System

    Recommend fix: Format C: then install Linux

    G ;-)

    1. M Gale

      Re: Ah I see you have a virus installed

      I like Linux.

      I also dislike Microsoft as much as anybody except perhaps Eadon.

      However kindly explain how I'm going to run the Adobe or Autodesk creative suites, or Microsoft Office, in a nice straightforward manner, in Linux?

      No, "use LibreOffice, The GIMP and Blender" is not an answer. Neither is the "will it, won't it" WINE.

      1. jocaferro
        Alien

        Re: Ah I see you have a virus installed

        "However kindly explain how I'm going to run the Adobe or Autodesk creative suites, or Microsoft Office, in a nice straightforward manner, in Linux?"

        In a browser just as you do in other web apps!?

        Adobe Creative Cloud

        Autodesk 360

        Office 365

  2. AusMounty
    Linux

    Modify the UEFI security to allow installation of concurrent OS's

    I am sorry but Microsoft are trying to divert the attention from a major FU, the UEFI debate.

    I have been a consultant for many years and although I can see the direction in which MS have been trying to take in improving security with Windows 8.x however at the request of the CEO have been instructed to lock out the potential of other OS's being installed. Typical underhanded methodologies merely to gain a monopoly on the market.

    I personally do not like the UI of Window's 8.x, it is clunky & it does not adhere to typical processes of the user. As with all revisions of the Window's lineage, there are always flaws & security holes present. This is by design of Redmond to allow for future exploits by MS to monitor and potentially gain access to the systems remotely.

    I fervently do not own a license of Window's 8.x because I am a true believer in the GPL modelling, admittedly I do on-sell licensed copies of Windows 7 because that is what the client requests for HOWEVER I do also suggest & promote the point of dual-boot systems to those people I recognize would benefit from also operating with any one of the POSIX based operating systems (Linux/BSD/Open Solaris) due to far superior security these environments provide.

    1. TeeCee Gold badge
      Facepalm

      Re: Modify the UEFI security to allow installation of concurrent OS's

      This is by design of Redmond to allow for future exploits by MS to monitor and potentially gain access to the systems remotely.

      Er, citation needed? I doubt there is one, that looks like purest kneejerk tinfoil hattery to me. First thing it fails on is; "What would be in it for them?". The reputational damage, were that proven to be true, would far outweigh any possible benefit they might have gained from doing it and whatever faults they may have, I doubt that every single last one of their people being monumentally fucking stupid is one of them.

      1. Anonymous Coward
        Anonymous Coward

        Re: Modify the UEFI security to allow installation of concurrent OS's

        MS has a history of installing patches without the users permission. Their update system decided to ignore the "download but don't install" setting and install patches without the users permission (and then reboot). This effectively means the MS has the capability to monitor and gain access to your system any time it wants to.

        http://www.emailbattles.com/2006/02/08/vuln_aacfhddccc_de/

        1. Anonymous Coward
          Anonymous Coward

          Re: Modify the UEFI security to allow installation of concurrent OS's

          "A history of" is not equal to "one example from six years ago".

          1. Anonymous Coward
            Anonymous Coward

            Re: Modify the UEFI security to allow installation of concurrent OS's

            So how many examples are needed for it to be "A history of"? Would you include such things as labelling patches as critical security updates in order to trick users into installing monitoring software? They originally did that with "Windows Genuine Advantage" which sent details of your system, on a daily basis, back to Microsoft. They have also previously labelled new versions of IE as security updates as well as patches to DRM.

            Overall, MS has a habit of playing fast and loose with what it calls critical security patches.

    2. Matt_payne666

      Re: Modify the UEFI security to allow installation of concurrent OS's

      I think your muddling UEFI with secure boot.... UEFI brings more preboot control to the BIOS apple has been using it for years...

      and im not against secure boot... Commodity PCs are cheap enough to live and die with the shipped OS and not having to find a windows key from a smudged, faded sticker is a bonus... just poke a win 8 disk in and it self licences from the bios... Want to run an alternate OS? just do it the same as before... need to use legacy pxe boot? just disable UEFI...

  3. Anonymous Coward
    Anonymous Coward

    and Relax

    Breathe in, hold for 10, breathe out and relax...repeat as is necessary

  4. Anonymous Coward
    Anonymous Coward

    Microsoft cannot even get this right. It should have been $50,000 for the vulnerability and $100,000 to show how it was done.

    Now the real question; is that $100,000 vulnerability and can they be added together to increase the payout? Also, at the conference will they have a buzzer they hit to record who hacked it first?

  5. 0_Flybert_0

    "the" hacker ? .. they might need to hand out numbered tickets !

    I predict there will be at least 47 hackers waiting for the convention to open .. to claim that $150,000

    might be worse than Walmart on black friday

    1. Anonymous Coward
      Anonymous Coward

      Re: "the" hacker ? .. they might need to hand out numbered tickets !

      Not sure $150k is enough to get them firing up windows 8 in the first place.

      Virtual machine maybe, short bursts....

  6. Ken Hagan Gold badge
    Paris Hilton

    $100,000 ... plus a laptop ?

    $100,000 probably covers all my "laptop" needs, thanks. No need to post a crappy Surface machine as well.

This topic is closed for new posts.

Other stories you might like