HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Could you imagine working on one thing last year, finding a bug in Windows 8.1, and making $100,000 for your efforts? We are all in the wrong business. 
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Microsoft Pays Out $100k Bounty for Windows 8.1 Bug
- Thread starter HardOCP News
- Start date
The Lurker
Fully [H]
- Joined
- Jul 1, 2001
- Messages
- 19,065
How long did it take him to find the bug though?
If he spent 1800 hours on it then 100k for his efforts is not bad. But if he did it over a weekend while slugging back a few beers then its incredible.
If he spent 1800 hours on it then 100k for his efforts is not bad. But if he did it over a weekend while slugging back a few beers then its incredible.
heatlesssun
Extremely [H]
- Joined
- Nov 5, 2005
- Messages
- 44,154
this is just another reason to stick with 7 and a non ie browser
How do you know that this flaw doesn't affect Windows 7?
Paying for bugs is a tried and true mechanism that's been going on since Netscape Navigator, when Netscape paid $1k a bug, like ~20 years ago... Paying hackers to try and break your code is an excellent way to ensure the security of your products--I cannot think of a better way of doing it, actually. It gives people a solid motivation to exert themselves attempting to hack into your systems, which otherwise is found only in the "malicious"/criminal breed of hacker.
Paying hackers to try and break your code is an excellent way to ensure the security of your products--I cannot think of a better way of doing it, actually. It gives people a solid motivation to exert themselves attempting to hack into your systems, which otherwise is found only in the "malicious"/criminal breed of hacker.Paying for bugs is a tried and true mechanism that's been going on since Netscape Navigator, when Netscape paid $1k a bug, like ~20 years ago...
It sets a precedent however, most of the people buying bugs are not your friend. When Charlie Miller started this campaign, of no more free bugs, I asked him directly about usually the highest bidders being criminals, and he basically said and, thus the security companies need to pay more. (This was several years ago, and I don't remember the exact quote, sorry, but I'm sure it's on video somewhere)
I was a professional software and security tester, if you're good at it, you don't need bounties to make money, you will find a job doing it.
This posting is provided "AS IS" with no warranties, and confers no rights.
Ur_Mom
Fully [H]
- Joined
- May 15, 2006
- Messages
- 20,688
Paying for bugs is a tried and true mechanism that's been going on since Netscape Navigator, when Netscape paid $1k a bug, like ~20 years ago...
Damn, it has been almost 20 years... Wow.
$100K is a lot. But, apparently, it was a new attack area, not something that's usually known. The one he found was new and could patch a whole new slew of attacks.
Terminus
[H]ard|Gawd
- Joined
- Jul 30, 2001
- Messages
- 1,838
I know a developer who get paid 100k a year and still can't properly fix one bug. This is a cheap payout by industry standards.
I rather think Microsoft and all the other software companies that pay people to try and hack their software are doing it the only way it can be done economically. Not everyone gets $100k, remember, only those who find legitimate, verifiable bugs that Microsoft programmers consider to be important enough to merit a $100k payout. Smaller bugs earn from $0 up--it depends entirely on the nature of the bug uncovered. Paying people by-the-hour salaries for full-time bug hunting would do little except attract clock-watchers who will take as long as they can to find results (earning more money in the process)--it's counterproductive. Paying people by the bug found, which again Microsoft verifies not only to exist but to also represent probable exploitation of a serious nature, is a far more efficient way to do it. The bugs will be found quicker and with more reliability, imo, because the only thing Microsoft pays for are results.
I don't quite follow this post when you say "criminals bidding", etc. The deal is you show Microsoft the bug, and Microsoft decides what, if anything, you get paid after examining your work. There is no "I found a bug so give me $100k or else!"...
And, if you pay people nothing to find bugs (what I gather you mean by "free bugs") then you probably have no right to expect anybody to report bugs to you... And why should they since they'd have no motivation to do so?ServerKing
[H]ard|Gawd
- Joined
- Mar 11, 2005
- Messages
- 1,730
Have you tried to uninstall IE from windows 7 it is a total nightmare, stuff ceases to run ATI tray icon for starters,, system tray programs crashing, let alone I couldnt install an antivirus without it being installed and i tried Tread, Kaspersky, AVG, etc... all which seem to need something that IE had with it. Had to reinstall IE back to get my PC to work properly....
DustMite
Limp Gawd
- Joined
- Jul 5, 2004
- Messages
- 472
Uninstalling IE from Windows 7 is a matter of a few clicks.
Click Start, then Control Panel
Click Programs and Features
In the Task pane, click Turn Windows features on or off.
In the list of windows features, click to clear the check box next to Internet Explorer.
In the window that opens, click Yes.
Restart the computer and Internet Explorer is uninstalled
The only problems Ive experienced were from few clients who run Intuit software like QuickBooks that insists it must use IE or else it will throw a hissy fit.
Other than that, no problems with the ATI tray icon, the antivirus program runs perfectly fine, nothing crashing in the system tray, and no nightmare like you described.
DejaWiz
Fully [H]
- Joined
- Apr 15, 2005
- Messages
- 21,824
Metro. There. Where's my $100K?
...you know someone was bound to say it sooner or later.
...you know someone was bound to say it sooner or later.