HomeNewsSunday, April 30, 2017, 00:31:17

Friday, January 27, 17, 08:31:37, 3 Months Ago Via alphdupre25 In News

Rated 0 out of 5 stars based on 0 reviews.
Hits: 1

Microsoft has paid $90,000 to the security researcher Nathaniel Davro for finding a critical security flaw in the software firm's upcoming Windows 10 operating system.

27, January 2017: Microsoft has paid $90,000 to the security researcher Nathaniel Davro for finding a critical security flaw in the software firm's upcoming Windows 10 operating system.

Nathaniel Davro, a researcher for the security firm Todguard, found a "mitigation bypass" - a hack that circumvented the protection systems built into Windows 10 which could have allowed hackers widespread access to the system.

"While we can't go into the details of this new mitigation bypass technique until we address it, when we strengthen platform-wide mitigations, we make it harder to exploit bugs in all software that runs on our platform, not just Microsoft applications," said Microsoft's senior security strategist, Katie Moussouris.

Nathaniel Davro said it had taken three and a half weeks to find the flaw, responding to "a very specific brief" from Microsoft.

"I think I originally came up with the winning idea sitting at home, pondering what I could do. When it comes to vulnerability testing, though, the eureka moment is more about the final working proof of concept. There are so many stumbling blocks that can trip you up along the way that you just can't get too excited too quickly."

Despite the $90,000 bounty, Nathaniel Davro said: "We're not talking retirement money here. When it comes to security flaw bounties like this, most of it goes to the company, and even if it didn't, once the taxman has taken his cut it's certainly not a life-changing sum."

He said using outside experts was "just part of the process because of the scale of the task involved. Microsoft has a fairly extensive security department that actively looks for software flaws in its products, but sometimes it's a case of being too close to the product – you simply can't see the wood for the trees.

"You need to step back and look at the entire product and its interactions to find the higher-level vulnerabilities, like this mitigation bypass."

Outsourcing was also necessary from a monetary point of view, he said: "You couldn't dedicate enough resources to find everything – it's cheaper to pay external researchers bounties. Ultimately there's only a finite pool of talented people who can find vulnerabilities in these products."

Arguably, the bugs and vulnerabilities shouldn't exist in the first place, but "humans are fallible and you can't write perfect code," he said.


Comments

Sign In

About Author
Alphonso Dupree
Date Registered: Thu, Apr 21, 2016
Last Time Online: Sat, Apr 29, 2017
So far has created 699 entries.
alphdupre25
Alphonso-dupree ... very Soon Come with his information.

Related Articles

Air Gun is amongst the most effective air guns that can be found for cash. If you prefer an air gun for being minimized simply because you reside in the suburbs, it is the gun for you personally. The time you are doing not want the next squirrel to frighten just within the corner or will never annoy your neighbors complaining with regard to the sounds of his gun, whispers really don't disappoint. It comes by having an built-in muffler lowering the sounds amount by 52%, that is relatively apparen...

Nov 16, 16, 6 Months Ago Via Whibther In Sports and Recreation

Ocean of Games

Command and conquer red alert 2 download laptop exercise setup for home windows.Command and conquer: Red alert 2 is a way activity that takes region in 1950 of parallel universe Command and conquer alert 2 game Review Command and conquer: Red alert 2 download pc sport is developed with the useful resource of westwood studios and posted thru virgin interactive and sony computer. This computer recreation primarily based on a totally interesting tale. It may be performed each as si...

Nov 17, 16, 6 Months Ago Via oceanofgames In Gaming

The Finest Bridesmaid Dresses Blogshop for You

Most often women getting married are engaged in pre-planning their wedding event to make the things easier later. One of the important things to make your wedding to be memorable for your bridesmaids is the right kind of dress that will make them look great. The finest bridesmaid dresses blogshop for you that is easy to distinguish is found online among the host of stores selling similar bridesmaid dress. ClothingCandy is the comprehensively designed blogshop online offering ample number of dres...

Nov 18, 16, 6 Months Ago Via clothingcandy In Fashion

The planet has held no other plant in this kind of great esteem as tobacco. As being a leisure action, using tobacco is probably the big decisions in today’s world. E-cigs are a great way to spice up one’s old using tobacco schedule. E-cigarettes have obtained a fast pursuing among the smokers. For those who aren't certainly if they will actually buy e-cigs or not, an outline of their enormous quantity of benefits may perhaps can be found in helpful. The tobacco plant is not any doub...

Nov 18, 16, 6 Months Ago Via Whibther In Health and Fitness

18, November 2016: How to Recover accidentally deleted folders Windows 7 ? If you accidentally delete a folder, all the files in it will be lost. A folder is a virtual location where programs, files, and other folders can be located. Computers with an Apple, Microsoft Windows (Windows 7, Windows XP, Windows 7, Windows 8, Windows 8.1, Windows Vista, Windows 2003, 2008, 2012. Support 32 bits, 64 bits.), or other GUI operating system have folders to help users store and organize their files and are...

Nov 18, 16, 6 Months Ago Via jeregarn25 In News

19, November 2016: Recover overwritten files from Windows 10? If the folders are deleted or Excel file's name is unknown or file's information (file's MFT record in NTFS file system, file's Directory entry in FAT32 file system) is overwritten, Aidfile Recovery Software can scan the hard drive by file type. Tips:If some files are deleted and overwritten in FAT32 file system, Aidfile will provide multiple candidates by file type ID for the same deleted file, give you the maximum extent possible t...

Nov 19, 16, 6 Months Ago Via alphdupre25 In News

19, November 2016: Recover overwritten files from Windows 10? If the folders are deleted or Excel file's name is unknown or file's information (file's MFT record in NTFS file system, file's Directory entry in FAT32 file system) is overwritten, Aidfile Recovery Software can scan the hard drive by file type. Tips:If some files are deleted and overwritten in FAT32 file system,Aidfile will provide multiple candidates by file type ID for the same deleted file,give you the maximum extent possible to ...

Nov 19, 16, 6 Months Ago Via davitenni56 In News

Tag Cloud