Bug Bounty

Hacking MS Team

July 30, 2015 Leave a comment

0705_imela_3

What is your very fist impression, when you hear a name for a group – the Hacking Team? Probably, not such a positive one. Right? Who is to blame us, for our cyber prejudices? However, in this particular case, the busy little bees in the Hacking Team helped both Microsoft and us, a lot.

The Hacking Team has identified a security bug associated with the specific font’s driver. On the other side, grandpa Microsoft has delivered a security update, silently and efficiently. This is how it is supposed to be done. I tell you that something is wrong or broken. You fix it.

The end of potentially dangerous cyber story. As simple and as complicated as that. We have to say that we area dying to hear, what grandpa Microsoft sent to the Hacking Team as a sign of its gratitude. This is something we would like to hear and share with you.

It seems that every time your hear words, such as hacking or a hacker, this does not necessarily mean that something bad is going to happen. Just ask grandpa Microsoft, we are quite sure, it has so much to tell you about it. Good job, Hacking Team!

Million Miles Away From Hacker’s Home

July 24, 2015 Leave a comment

wpid-wp-1413765967231.jpeg

When there is a will, there has to be a way of improving our extremely compromised cyber security. Even if you do not have or do not want to pay money for cyber security services, you can always compensate. Just ask United Airlines, because they certainly have a lot to tell you all about it.

For what is worth, the busy little bees in the United Airlines have launched a genuine bug bounty program. So, what is so special about it? Well, if you knock them off their feet, your reward is not going to be a financial one. Surprised?

How about a one million miles of free flights reward, for a change? The United Airlines has decided that it is worth of every mile. What for? Well, thanks to the cyber bug bounty hunters, their website is bulletproof, when it comes to potential hacker’s attacks.

That is not all. One of the biggest worries for every airline company is a serious threat of a cyber hijack of a plane. In this worst case scenario, no price is too high to pay for a proper safety measure. Our hats off to this brilliant move. We should follow United Airlines’ example.

300 MSpartans

July 7, 2015 Leave a comment

image

Grandpa Microsoft is in the Windows 10 mood. There are no exaggerations, when it comes to Windows 10 promotion. Yet, we are not particularly impressed with this Star-Wars-laser-logo-wallpaper-thing-whatever. There is something else that has caught our attention.

Did you know that Grandpa Microsoft was able to fix 300 bugs with its second  Windows 10 Insider Preview build? Two days and 300 bugs. How about that for a change? So, when there is a will, all of a sudden jumps a way. This is something we should remember. No more excuses, that is for sure.

Would not that be a sight to see this unparalleled bugs-fix-efficiency on a daily basis? What do we need to do? Is the only way to pump out with a new OS, in order to fix all the bugs? This is unbelievable. It feels almost like an election year. Grandpa Microsoft is willing to do anything and everything.

If you can fix 300 bugs in 2 days, then imagine what you can do in 2 months or 2 years. You can literally fix all the bugs in the world, and the entire cyber history. This is a bad news definitely. So, it is entirely up to us. But, we do not want to do it. Until the next Windows, be safe.

Android Security Rewards Program

July 1, 2015 Leave a comment

image

If you are looking for a legitimate way to earn some money while you live up to your hacker’s fantasies, Google presents you with the Android Security Rewards Program. This is such a lovely reminder of those good old days, when we had quite a few bugs bounty reward programs.

With this one you can earn from $2,000 up to $40,000 for a single bug hunt. The minimal amount in this bug bounty stories is reserved for the newest Nexus models. On the other hand, if you want to earn some serious money, then you have to do some serious work. Here is an example.

The five figure amounts are reserved for the guys, who can find a bug in the Android system itself. In addition, there is a nice way to double your reward. If you can find a bug, and a solution for it, as well, then you got yourself a rocking win-win. It seems that Google has figured it all out, isn’t it?

When it comes to bug bounty programs, there is no such thing as a wasted money. Every single dollar you invest for these purposes pays back two, three or more times. It is definitely better to reward people, than to compensate them once a certain cyber problem occurs. Right?

Open Your Door Grandpa Microsoft

May 9, 2015 Leave a comment

image

Why would grandpa Microsoft do such a thing? What kind of a door we are referring to? Well, we are eager to witness a moment when Windows will be treated as an open source code. Why? Well, this is supposed to improve its cyber security. Something is obviously wrong with this picture.

It is a bold and ear-catching claim to ask for an open source code Windows, but how grandpa Microsoft feels about it? If it is going to be free to access and alter, does it also mean that you can get it for free, as well? On the other hand, the strongest argument for an open source is improved security. How?

Allegedly, the new open source structure can help you to access Windows more easily in search for bugs and vulnerabilities. So, who is stopping you to do it right now? What about all previous successful bug bounty hunters? They did not ask for a permission, did they?

This is definitely a wrong turn for our troubled thoughts. Let grandpa Microsoft does its job the best it can. We do not need an open door, at all. If you want to improve Windows security and eliminate potential vulnerabilities, go on and earn some fair money. Grandpa Microsoft can be generous.

Hit The Spartan For $15K

April 29, 2015 Leave a comment

image

Here is a new bug bounty in our cyber-town. Someone may say that our dear old grandpa Microsoft is desperate, but to us it looks as a thoughtful move. If you can find a vulnerability in the new IE called Spartan, the grandpa Microsoft will reward your cyber bug bounty with the $15,000 cash.

The new browser Spartan is supposed to be a crown jewel of the latest and brightest Windows 10. Therefore, Microsoft just cannot afford itself a luxury of going through an embarrassing and troubling security problem associated with the Spartan itself. Is this amount enough for the trouble?

Well, for what is worth, these are tough times for the professional cyber-bug-bounty-hunters. If you avoid a common trap of not being paid at all, in the first place, the best case scenario ends up with the $5,000. On the other side, this is the cheapest and the most efficient solution for Microsoft.

It is better to pay before a security failure escalates, than to heal it afterwards. Because, it is going to be much cheaper and significantly less painful for both Microsoft and its users. Our hats off to Microsoft for this bug bounty decision, which comes right on time. Bug hunters get to work. Right now.

Forshaw’s Patch

January 8, 2015 Leave a comment

image

There is a busy little cyber bee, who works in Google. One day, we are not quite sure if he was curious or bored, this bee has discovered a serious security flaw in Windows 8.1. This guy works and publish under a nickname Forshaw. So, are you eager to know what went wrong with Windows 8.1?

Apparently, there is a way for you to gain administrator’s privileges, and all of that completely undetected. What can you do with them? Well, it comes without saying that in this case sky is the limit. Literally. Forshaw has done both necessary things in this unfortunate and embarrassing situation.

On the side, he has informed Microsoft directly about his findings. On the other side, he has published his conclusions supported with the proper evidence. So far, Microsoft has been silent on this one. Nevertheless, it is only a matter of time before the new patch hits our cyber shores with a solution.

For what is worth, Microsoft itself has some other troubles on its mind. What is going to happen with the new Windows 10 and how successful it is going to be? This is undoubtedly the mother of all questions for Microsoft at this moment. We sure hope that this bug will not wish to move to the new OS version.

Pwn2Own IE11

November 20, 2014 Leave a comment

image

There are no true winners in hackers contests or bug bounty rewarding programs. Someone will take the sweet prize, while we will end up in tears. Why? Because we will become more aware about the fragile and insecure character of our system. Yet, we cannot allow ourselves a luxury of neglecting them.

Some of them actually work. This is how a successful prevention has achieved. Can this be a comfort for Microsoft? Two HP security experts were able to find a weakness in the Internet Explorer 11. As a result, we have a complete malicious control over the computer, which runs the Windows 8.1.

As expected, Microsoft will clean this situation with the next security patch. However, we still have this bitter taste in our mouth. Why? Well, it is actually quite simple, and that is why is so painful. Who knows how many bugs are out there flying and crawling all over our cyber space? Do not bother to ask.

Unfortunately, we do not have enough hackers competitions or bug bounty programs to find and eliminate them all. If you want to say keep on trying, then you are moving into the wrong direction. Maybe, we are truly blessed with our cyber ignorance. There is a difference, though. What we do not know can hurt us badly in this case.

Microsoft Online Services Bug Bounty Program

October 3, 2014 Leave a comment

image

Here is a nice way for you to earn $500, or even more. Microsoft has launched the Bug Bounty Program for its online services. The awards begin with the amount of $500 and increase accordingly. Yet, you are required to focus your findings on the MS online services alone. And, there is one more thing.

You need to identify a problem as precisely as possible and offer the most suitable suggestion in order to resolve it successfully. Microsoft will carefully evaluate your contributions and award you accordingly. It comes without saying that is a good and highly recommended activity for any IT player.

This brings us back to the good old days when we had a promising abundance of the bug bounty programs and competitions. Those were the days, weren’t they? It seems that we needed some time to start appreciating again the benefits of these recently undermined ways of improving the cyber security.

We sure hope that other players of the major IT league will join the party, as well. This is an extremely efficient solution for our cyber troubles, which we often take for granted. Luckily, there is a sign of positive changes on the horizon. So, what are you waiting for? The grandpa Microsoft dares you.