Online since 2002. Over 3300 puzzles, 2600 worldwide members, and 270,000 messages.

TwistyPuzzles.com Forum

It is currently Wed Apr 23, 2014 10:46 am

All times are UTC - 5 hours



Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: A news article that made me want to help Sandy and TP
PostPosted: Fri Jun 21, 2013 8:25 pm 
Offline
User avatar

Joined: Sun Dec 13, 2009 5:48 pm
Hi everyone! I'm posting here, for the suggestion part of this forum, and came across this article: http://gadgets.ndtv.com/laptops/news/microsoft-will-pay-you-100000-to-find-a-bug-in-windows-81-382603

I then proceeded to think it was fake, but this made me think different: http://www.microsoft.com/security/msrc/report/bypass_bounty.aspx#

I bring this to you all, because I wanted to see if we could use our abilities to get some money to give to Sandy to help run the site! While there is still time before Microsoft launches this, maybe we could think of ways to approach this "Challenge" I'll call it. Opinions? Thoughts? I have some ideas on approaching this, but I'll ask what everyone else thinks! :)

And @Moderators, I wasnt sure where to place this, so I hope this is the right choice.

_________________
I should probably find a better signature....


Top
 Profile  
 
 Post subject: Re: A news article that made me want to help Sandy and TP
PostPosted: Fri Jun 21, 2013 8:56 pm 
Offline
User avatar

Joined: Fri Feb 18, 2000 8:50 am
Location: chicago, IL area U.S.A
This is a very bold move by Microsoft. I hope it works for them to help reduce security holes. I can see hackers deciding that it's more lucrative to submit their exploits for a $100,000 than to turn other computers into zombies.

I would love to help, but I don't have the knowledge. If the group can work on it and find something and get paid, that would truly be something!

-d


Top
 Profile  
 
 Post subject: Re: A news article that made me want to help Sandy and TP
PostPosted: Fri Jun 21, 2013 9:18 pm 
Offline
User avatar

Joined: Sun Dec 13, 2009 5:48 pm
I'm currently burning a Windows 8.1 Preview to install it to my extra laptop. From there I can see what I can do. But I was intending to form a small group to do this, because I feel that Sandy could use the extra money. At least that is what I would do if I got some money in the process.

_________________
I should probably find a better signature....


Top
 Profile  
 
 Post subject: Re: A news article that made me want to help Sandy and TP
PostPosted: Fri Jun 21, 2013 11:23 pm 
Offline
User avatar

Joined: Thu Dec 31, 2009 8:54 pm
Location: Bay Area, California
The news coverage of this has been pretty poor (no surprise there). The headline of that news article is "Microsoft will pay you $100,000 to find a bug in Windows 8.1" however that's not an accurate description. Microsoft is looking for a fully weaponized exploit using a novel (new) technique.

For example, ROP and Heap Spraying are exploitation techniques used to bypass various mitigation techniques.

Microsoft is looking for a new exploitation technique that can bypass DEP and ASLR and SafeSEH and stack canneries. Finding a bug and using a known-bypass technique to get code execution isn't enough.

Microsoft has set the bar REALLY HIGH on this one. They may get submissions based on a neat permutation of existing methods but I doubt they'll get any truly novel submissions that qualify for the full $100k.

_________________
Prior to using my real name I posted under the account named bmenrigh.


Top
 Profile  
 
 Post subject: Re: A news article that made me want to help Sandy and TP
PostPosted: Sat Jun 22, 2013 3:21 am 
Offline
User avatar

Joined: Mon Mar 30, 2009 5:13 pm
There are some *really* smart hackers out there who will see this as a great puzzle/challenge. I have no doubt that somebody will do it. Maybe someone in China or Eastern Europe...

_________________
If you want something you’ve never had, you’ve got to do something you’ve never done - Thomas Jefferson


Top
 Profile  
 
 Post subject: Re: A news article that made me want to help Sandy and TP
PostPosted: Sat Jun 22, 2013 10:06 am 
Offline
User avatar

Joined: Thu Dec 15, 2011 10:04 pm
Location: Sioux Lookout, Canada
This bug bounty really seems like Microsoft is offering protection money to hackers, "here is some money, now please don't burn down my business". I am *very* careful about my computer security, but a couple of months ago my Windows 8 system was hit with a "drive by" virus infection that disabled Windows Defender. The attack was specific to Windows Defender; I still was able to run another antivirus program. Microsoft's official "fix" was a reinstall of Windows 8 (refresh or whatever they call it). After periodically trying to get Windows Defender to work without resorting to a reinstall, I finally got it working in the past week. I knew what the problem was from early on - tampered registry permissions - I just didn't have the Windows 8 specific documentation to implement a fix. I held out for a non-reinstall solution because if I have to reinstall the OS and all my software I'm going to go back to Windows 7. That may still happen after Windows 8.1 anyway, but I want to give them a chance. Windows 3 didn't hit its stride until 3.11 and Vista had to get to SP2 to be reasonable.

As for helping TP and Sandy, I'd just like to know where I could make a financial contribution. I value this community and I can certainly provide a small amount of help with the costs of providing it.

_________________
PeteTheGeek196 on YouTube


Top
 Profile  
 
 Post subject: Re: A news article that made me want to help Sandy and TP
PostPosted: Sat Jun 22, 2013 11:10 am 
Offline
User avatar

Joined: Sun Feb 17, 2008 2:32 pm
Pete the Geek wrote:
I am *very* careful about my computer security [...] my Windows 8 system


I don't want to start a flame, but this doesn't even make sense ;)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Forum powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group