Microsoft Opens Vulnerability Bounty Program For Spartan Browser

jones_supa writes: As it did in the past when it tried to make Internet Explorer more secure, Microsoft has launched a new bug bounty program for Spartan browser, the default application of Windows 10 for surfing the information highway. A typical remote code execution flaw can bring between $1,500 and $15,000, and for the top payment you also need to provide a functioning exploit. The company says that it could pay even more than that, if you convince the jury on the entry quality and complexity. Sandbox escape vulnerabilities with Enhanced Protected Mode enabled, important or higher severity vulnerabilities in Spartan or its engine, and ASLR info disclosure vulnerabilities are also eligible. If you want to accept the challenge, Microsoft provides more information on how to participate.

Re:

[eric_harris_76]

Or you could learn how to say "No". Your call.

Re:

[Hognoxious]

Wild guess, you don't use Windows or Linux?

Re:

[Hognoxious]

If you go back to white it never feels tight.

Umm, so I heard.

Re:

[Opportunist]

So do I. Without MS, I'd probably be out of a job.

Seriously, people. MS is a lifesaver for me. And everyone else in IT security.

Re:

[ArcadeMan]

http://i.imgur.com/oXafhtY.png [imgur.com]
http://techsalsa.com/wp-conten... [techsalsa.com]

Re:

[deviated_prevert]

Turns out it is not dead it will rise from the grave and go for brains. The Sparton will have to fight it to the death, seeing that Sparton has no brain to go after, it might just win because you cannot uninstall it either once you cross the line and use a brain dead browser with no home button by default that just keeps popping up all over the place in ten billion window panes that you need to swat at to close or go crazy with the single back button to use!

Bugs shmugs it will work fine for touch screens b

Re:

[Hognoxious]

Was it eaten by wolves?

What?

[ArcadeMan]

...the default application of Windows 10 for surfing the information highway.

The "information highway"? WTF is this, 1995?

Re:

[jones_supa]

I threw that intentionally there to give the summary some 1995 feeling. Hehheh.

Re:

[deviated_prevert]

I threw that intentionally there to give the summary some 1995 feeling. Hehheh.

Hey Microsoft did('nt) fix the start menu [youtube.com] OH NOES I AM HAVING AN ACID FLASH BACK VIDEO which is the default player you can still turn off flash in Sparton if you don't want to have Windows 10. There give me the money I fixed a security hole in Sparton for you!

Re:

[Opportunist]

Hey, 1995 Spartan would have been an awesome cutting-edge browser!

Re:

[Jane Q. Public]

The "information highway"? WTF is this, 1995?

No... more like 480 BC. It seems reasonable to think that "Spartan" refers to "Sparta" which in turn implies (with deference to Slashdot's notably horrible character handling): "Molon labe"... which would mean in this context: "Come and get it." The reply to Xerces when he demanded they lay down their weapons was "come and get them".

The historical reference hit me right away, and if Microsoft didn't really intend it, they screwed up bigtime. Because the name of their browser is historically a challenge t

Re:

[ITRambo]

Yeah, it's the information superhighway now. 20 years later it's all grown up.

I have a bug

[slashmydots]

"All your new crap is named after Halo and Minecraft so nobody will respect it."
Is that considered a bug?

Re:

[Kagetsuki]

MS is deploying agents to give you a Mountain Dew enema and throw Doritos dust in your face until you repent, blasphemer!

Re:

[slashmydots]

And they'll charge monthly for it

Re:

[jo_ham]

"All your new crap is named after Halo and Minecraft so nobody will respect it."

Is that considered a bug?

"Bug closed: Issue only affects small portion of user base with mental age = 12"

Sure, I'd love to help.

[o_ferguson]

Just send me the source code.

Legacy code is going to be an issue

[deviated_prevert]

I am running the preview and here is what is going on currently;

Right now many drivers that rely upon things like AMD Catalyst are causing issues. The reason is legacy code that is being dropped or at best slow to update. For instance the ATI Mobility Radeon X1400 video card is causing serious issues. Sparton is essentially a browser that is windows explorer so it is just a system integration experience like Chrome OS so anything the calls for legacy driver code for high definition net streaming is problema

Alternatives?

[johannesg]

How much is the Russian maffia or the Chinese government offering? Before we make any decisions on what the best economic choice is we should be aware of all the alternatives...

Making Internet Explorer more secure?

[DougPaulson]

How is allowing the Browser low level access to the OS through ActiveX calls and making HTML the default format for help files making Internet Explorer more secure? Microsoft the company that made browsing the WEB dangerous ...

Re:

[deviated_prevert]

You know the most exciting thing about Windows 10 is Spartan. Everything else is just Windows and except for being a re fresh again of Windows 8. I am not
looking forward to Windows 10 except for Spartan. Early feedbacks tells a story of a browser that is really focused on the here and now. I give Microsoft praise
for finally dumping IE for something truly new. I hope its not going to end up riddled with bad code and poorly implemented security. I would think not, given Microsoft's better commitment to security. Although I have been disappointed on how Microsoft of late has pretty dropped the ball on its Security Essentials and Defender products. Will Microsoft throw Spartan out there and forget about it? Or can Microsoft innovate consistently or even gain back any browser users lost to other browsers? I know myself I am fed up with Internet Explorer and anything has to be better.

Sparton will be good for those who are visually impaired. It is designed for voice command. I am thinking of attaching a mic and seeing if I can have some fun with it. But as far as a work desktop interface goes, I do not think that in places like banks, doctors offices and all the other places where professionals use IE and Chrome and things like Citrix every day for real world work you will see them sitting at their desks talking to Sparton and as a file explorer to get their serious work done. The keyboa

1.5-15k? For real?

[Opportunist]

Do you have a FAINT idea what a 0day, remote code execution bug in IE sells for?

Re:

[dreamchaser]

*Whoosh*

Opportunist is referring to the fact that bad guys will pay many times more than that for a 0 day remote execution bug.

BS time

[ruir]

So Microsoft believes a shitty product will get better acceptance by the consumer changing the skin and the name. Interesting.

Re:

[Njorthbiatr]

IE and Spartan have different engines. It's an entirely rebuilt browser.

Maybe you should do your research before you start talking shit.

Re:

[jones_supa]

Not entirely rebuilt. Spartan's engine is EdgeHTML which is a fork of Trident that is used in IE.

Re:

[ruir]

A "fork" is some project picked up by others.

Re:

[jones_supa]

I don't see why a project couldn't be forked internally in a company as well, and possibly even be maintained by the same team.

Re:

[ruir]

Me neither, but that just validates my initial point they are just changing the name of a very hated project, and throwing to our ears the usual crap. https://www.youtube.com/watch?... [youtube.com]