Microsoft is serious about security, and they're paying to prove it.
The company just gave one hacker a $100,000 payday for finding a vulnerability in Windows 8.1. It's a part of Microsoft's payment program for hackers: if they're able to crack their security and reveal how they did it, Microsoft will fix it and pay them. Other companies have been taking on similar programs as well, such as Facebook and Yahoo. (Though, Yahoo came under fire recently for giving their hackers t-shirts instead of cash.) The hacker, James Forshaw, is the head of vulnerability research at a security-consulting firm in London. Microsoft isn't giving out details about what Forshaw was able to find, but it was probably something pretty substantial. As of now, the company is calling it a “mitigation bypass technique."
So why the big payout? “The reason we pay so much more for a new attack technique versus for an individual bug is that learning about new mitigation bypass techniques helps us develop defenses against entire classes of attack,” says Katie Moussouris, Microsoft's senior security strategist. “This knowledge helps us make individual vulnerabilities less useful when attackers try to use them against customers. When we strengthen the platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications.”
So far, Microsoft has given out $128,000 in its program, and Forshaw has claimed $109, 400 of that.
[via Venture Beat]