Borrowing a Win8.1 vulnerability, a man who took away $100,000 from Microsoft,

Computer store news: British James · James Forshaw has just received a bonus from Microsoft — — a full $100,000 .

In June of this year, after the release of the Windows 8.1 and IE11 previews, in order to better test the product, Microsoft announced a reward program: any user who found a major security vulnerability in the Win8.1 preview version, Get a $100,000 bonus. On October 8, Microsoft announced on the blog that Fushaw became the first person to receive a $100,000 prize.

James ·, 34, lives in London, and the authentic British accent makes him a bit like an old-fashioned English gentleman. Fushaw is a researcher at the Context of the technology security company. At the same time, it is also known as “White Hat Hacker” & mdash;— this title with a strong “color of the river” refers to the hacker group that earns commission by testing network security performance. Apple founder Stephen Wozniak and Linux system father Linus · Linus Torvalds are both masters.

The vulnerability discovered this time allows hackers to bypass the security protection set by Windows 8.1 and invade the entire system. However, Fu Xiao did not disclose the details of the specific holes.

The main reason is that Microsoft does not want to disclose. Katie Moussouris, head of Microsoft's security department, said the company hopes to make it public after it has been resolved to prevent hackers from invading the user's system. Microsoft engineer Thomas · Thomas Garnier also discovered the vulnerability, which is now being patched up.

Why do you have to pay such a costly fee for a security breach? Microsoft explained on the blog that understanding the new mitigation loopholes can help companies defend against malicious attacks and strengthen the entire platform. It's getting harder and harder for hackers to exploit system bugs, and it's not just Microsoft that benefits.

Fushaw said that it took him three and a half weeks to discover the loophole. “When I first came up with this idea, I was sitting cross-legged at home and thinking about what I could do. The whole (vulnerability search) process is filled with too many stumbling blocks, they can completely put you in the middle of the road. (Remember) Don't be too excited or too fast. ”

After the success, Fushaw is currently rushing to a security conference. Before discovering the Windows 8.1 security vulnerability, Fushaw was already a master of finding system bugs, and the large security failures he found in the HP system also earned him an award.

This experience brought him more exposure, and the Guardian reported him twice. However, Fushaw is not complacent. The modest Fushaw said that the Microsoft security department is actively looking for product vulnerabilities, but sometimes it is too close to see all. “You need to go back and revisit the entire product and its interaction design before looking for hidden vulnerabilities. ”

“ People can't make mistakes, no one can write perfect code. & quoquo; Fu Xiao said, "My relationship with Microsoft is very friendly, and I have already submitted many bugs to them before." ”

When it comes to how to deal with the huge $100,000 bonus, Fushaw says it would be premature to retire. Similar rewards are given to the majority of the company, even if the company does not, the tax will be deducted a lot of bonuses. “It’s really not a huge amount of money that can change lives. & rdquo;

In the past ten years in the field of security development and research, Fushaw has worked with a number of major issues, including the need for inquiry technology and creativity to make Fushaw intoxicated, which is what makes him deeply fascinated. s things.