Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Bug Facebook Microsoft The Almighty Buck

Microsoft and Facebook Launch Internet Bug Bounty Program 57

An anonymous reader writes "Microsoft and Facebook today jointly launched a new initiative called the Internet Bug Bounty program. In short, the two companies are looking to secure the Internet stack by rewarding anyone and everyone who hacks it, and responsibly discloses vulnerabilities they find. The minimum bounty for hacking any component of the Internet is $5,000."
This discussion has been archived. No new comments can be posted.

Microsoft and Facebook Launch Internet Bug Bounty Program

Comments Filter:
  • by arisvega ( 1414195 ) on Thursday November 07, 2013 @05:53AM (#45354623)
    .. bribe them.
    • .. bribe them.

      Strictly speaking, unless the bounties get substantially bigger than the minimum, and relatively quickly, it's more along the lines of 'If you can't beat them, see if you can provide additional motivation to people already on your side; but perhaps not bothering to focus on the problems you care about."

    • by Anonymous Coward

      If you can't beat them ..
      .. bribe them.

      Looks like that's what's happened to Slashdot. Microsoft seems to own the front page now.

      Does anyone know where we can go to discuss real tech?

      • phoronix, theregister, arstechnica, there is a whole plethora of sites for real tech.I'm getting tired of all M$ and facebook things too.
        If I liked facebook I'd be there already.
      • Looks like that's what's happened to Slashdot. Microsoft seems to own the front page now.

        Does anyone know where we can go to discuss real tech?

        I am but glad that Microsoft stuff is occasionally featured on the Slashdot front page too. It is as important company as Apple, Samsung, Red Hat, Intel or whatever. I want to hear about MS too: both their successes and embarrassing mistakes.

        However in addition to Slashdot I also read a site called InfoQ [infoq.com], they have pretty good stuff too.

  • Mistake (Score:4, Insightful)

    by Rosco P. Coltrane ( 209368 ) on Thursday November 07, 2013 @06:00AM (#45354645)

    The minimum fine for hacking any component of the Internet is $5,000

    There, fixed that for you.

    Didn't you know? Hacking has become a criminal activity that sends you to court nowadays...

  • by Anonymous Coward

    Hacking the Internet? Must be a new form of hacking the Gibson.

  • Redirect facebook.com and microsoft.com and all their servers and namesakes to 0.0.0.0 or to 127.0.0.1 in the root DNS servers. Problem solved.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Thursday November 07, 2013 @06:45AM (#45354793)
    Comment removed based on user account deletion
    • Hmm... You have a point there.

      Incidentally, I bet it would be cheaper to buy a law declaring people who sell exploits on the black market to be criminally responsible, as 'conspirators', for any and all subsequent use of them, thus encouraging people to remain in our sharecropper bounty system, than it would be to actually pay the workers more...
    • Just wondering why Microsoft and Facebook let code out of the door that has these defects, is it an altruistic gesture to foster and finance an informal quality control and code testing stratum of society?
      • I dispise MS and Facebook as much as the next guy but show me bug-free code and I have a bridge I'd like to sell you. However your point about the absymal lack of Quality Assurance is with merit considering the resources these have to do a better job of testing.

    • The difference is that with the black market one could fine oneself without need of a mortgage as one will have their housing provided by a state or federal penitentiary.
    • the black market on the other hand offered to pay handsomly a years salary for my exploit that breaks microsoft embedded security in appliances like ATM's and nuclear reactors, thereby recognizing and acknowledging my important work in the field of security.

      So what? It's well known that crime always pays significantly better than being honest - unless, of course, you get caught.

      A smash and grab robber in a Rolex store is going to make more $ per hour than your server in McDonalds or even a white collar work

  • by CuteSteveJobs ( 1343851 ) on Thursday November 07, 2013 @07:31AM (#45354955)
    NSA will pay me twice that much! :)
    • No they will not. They will pay the rate going on the black market, for the exploits they purchase. [theatlantic.com]

      I agree with the general gist, but if you're marketing to the NSA, you're also marketing to all the other black market exploit buyers. The price can be far higher depending on the exploit. Interestingly, this means the NSA is helping support the exploit vector black market, and this is a threat to national security...

  • "
    Be widespread: vulnerability manifests itself across a wide range of products, or impacts a large number of end users.
    Be vendor agnostic: vulnerability is present in implementations from multiple vendors or a vendor with dominant market share.
    Be severe: vulnerability has extreme negative consequences for the general public.
    Be novel: vulnerability is new or unusual in an interesting way.
    "

    So MS

    • by Burz ( 138833 )

      Notice there is no mention of IIS or other MS products in the article or the linked page.

      • by Skiron ( 735617 )
        I expect they was scared that the links would flag all sorts of virus/trojan warnings in a users browser...
  • I bet they could make $100,000,000 the first day.

  • Microsoft is the biggest and most harmful bug of all time in computing quality and security.
    And Facebook is the biggest privacy bug.

    Where do I report them?

  • by Skiron ( 735617 )
    What do Microsoft and Facebook have to do with the Internet, ffs. They are CUSTOMERS of it, not owners.
    • by kekx ( 2828765 )
      Even if that is the case (which it isn't in my opinion), why would you complain if your customers pay to improve your product? This is obviously good for "the internet" (whatever that is).
      • It's also good for Microsoft's bottom line. They are asking people to find exploits in the TCP/IP stack, which they will *NOT* patch in Windows XP. Then support will end for Windows XP, and with all these exploits floting around, will force people to buy more Microsoft Windows 8.1 goodness.
        • by kekx ( 2828765 )
          I did not debate that, it's also quite obvious, that it is good for Microsoft - in a variety of ways - , otherwise they wouldn't be paying $$ for it ;)

"If value corrupts then absolute value corrupts absolutely."

Working...