Microsoft offers $100,000 to hack its custom Linux OS

BlastemSkyHigh

The Original Fuck You Bomb
Premium
339
252
88
Microsoft is offering hackers up to $100,000 if they can break the security of the company’s custom Linux OS. The software giant built a compact and custom version of Linux last year for its Azure Sphere OS, which is designed to run on specialized chips for its Internet of Things (IoT) platform. The OS is purpose-built for this platform, ensuring basic services and apps run isolated in a sandbox for security purposes.

Microsoft now wants hackers to test the security of the Azure Sphere OS, paying up to $100,000 if the Pluton security subsystem or Secure World sandbox is breached. The bug bounty program is part of a three-month research challenge that runs from June 1st until August 31st. “We will award up to $100,000 bounty for specific scenarios in the Azure Sphere Security Research Challenge during the program period,” explains Sylvie Liu, a security program manager at Microsoft’s Security Response Center.
Microsoft wants a group of security researchers to join the challenge

The challenge is focused on the Azure Sphere OS itself, and not the underlying cloud portion that’s already eligible for Azure bounty program awards. Microsoft is specifically looking for a group of security researchers to try and break its Linux OS security. Physical attacks are out of scope, but researchers can apply to be part of the challenge here.
Azure Sphere was announced at last year’s Build developer conference, and it’s still relatively new. Businesses like Starbucks are rolling out Azure Sphere to secure its store equipment, which feeds back data points on the type of beans, coffee temperature, and water quality for every shot of espresso.
Microsoft CEO Satya Nadella sees IoT devices as a key area for the company, describing its cloud business as the biggest hardware business at Microsoft earlier this year. Nadella is chasing the billions of IoT devices that analysts predict will be in use over the next decade. Azure Sphere is a key part of the mission to help secure and manage these devices, and part of Microsoft’s increased push to win a world beyond Windows that’s increasingly moving to cloud computing.

====================================================================================
This got me to thinking,

Microsoft & Linux, with a supposedly ( not for long ) unhackable system....
Did Thanos really snap his fingers, but got distracted right before the snap, are we in the right freaking universe??
..i mean wtf...
 

BlastemSkyHigh

The Original Fuck You Bomb
Premium
339
252
88
Thing that really baffles me is the usage of the term Linux,
Linux is Open Source,
FREE and that is the reason I love my Linux Distros..

and the reason I dislike Microsoft, nothings free from that assclown, even his vaccines
 

BlastemSkyHigh

The Original Fuck You Bomb
Premium
339
252
88
True, but thats what Dual-Boot is for,
and I can find a Hacked windows OS anywhere with or without bugs init.
 

CoprophagousCop

Social Distancing Warrior
Premium
2,525
2,395
357
This sounds like Microsoft has two goals here: 1. Get more people to buy their products. 2. Get people to do quality assurance on their products but only pay them if they are the first to find a bug.

Personally I think hooking all these devices directly to the internet is dumb. If I had a business, I would only connect what absolutely needs to be connected to the internet. Everything else can be attached to a private, local network. The best security is keeping things offline.
 
  • 2Like
Reactions: 1 users

MaxPower

Sweep the leg
Staff
17,294
7,909
637
Microsoft does this on a regular basis. Every time they come out with a new version of Windows they pay bug bounties. In 2019 alone they paid out over $4 million to "independent vulnerability and penetration consultants" . ;)
 
  • 2Like
Reactions: 1 users

Dark Fader

[]D [] []V[] []D
2,412
3,531
357
Where are my Microsoft reparations?

If you combine the hours I've spent installing ...
SP3
Turning OFF Automatic Updates ...
Turning ON Automatic Updates !
Waiting 3 hours to DL my Automatic Updates
Staring at my Blue Screen of DETH
Rolling back to a previous install of WinXP
Updating SP2 to SP3
oh wait, where's my C++?
Why am I installing various versions of c++?
Defragging my HD
Format fs=ntfs
Install SP3 (AGAIN)

... I could have developed my own OS.
 
  • 1Like
Reactions: 1 user

BeautifulSniper

Lovely and deadly
1,003
574
136
Where are my Microsoft reparations?

If you combine the hours I've spent installing ...
SP3
Turning OFF Automatic Updates ...
Turning ON Automatic Updates !
Waiting 3 hours to DL my Automatic Updates
Staring at my Blue Screen of DETH
Rolling back to a previous install of WinXP
Updating SP2 to SP3
oh wait, where's my C++?
Why am I installing various versions of c++?
Defragging my HD
Format fs=ntfs
Install SP3 (AGAIN)

... I could have developed my own OS.
Still using Windows XP?
 
  • 1LOL
  • 1Like
Reactions: 1 users

CoprophagousCop

Social Distancing Warrior
Premium
2,525
2,395
357
I still have a PC with Windows XP which I use occasionally because I cannot get my compiler to work on Windows 8.1.
I never installed any service packs because I have never, to this day, connected it to the internet.
As for the PC I am using right now, turning off automatic updates was one of the first things I did with it. The updates are probably mainly for Windows Defender, which I do not need because I have a much better way to avoid viruses. They seriously make things more complicated and difficult than they need to be.
 

CoprophagousCop

Social Distancing Warrior
Premium
2,525
2,395
357
What's that?
I use software that automatically restores my hard drive every time I reboot. If I get a virus, rebooting my computer gets rid of the virus. The downside is that I need to store my documents on an external drive which is usually disconnected.

Now,, if only operating systems were written in such a way to keep mutable data separate from the application files, the application files could be put on a separate hard drive with a physical switch to make it read-only.

Also, web browsers could easily be written so that it would be impossible to get a virus directly. One would have to launch an executable file from outside of the web browser for the virus to run.

Alas, the software industry treats viruses as something that can be dealt with later. Rather than design a proactive environment that is immune to viruses, the focus is to react to viruses with so-called anti-virus software. With ever new viruses being written, this keeps a revenue stream flowing for subscription based anti-virus software companies.
 
  • 1Taters!
  • 1WTF!?
Reactions: 1 users

BeautifulSniper

Lovely and deadly
1,003
574
136
the focus is to react to viruses with so-called anti-virus software. With ever new viruses being written, this keeps a revenue stream flowing for subscription based anti-virus software companies.
There are plenty of free anti virus programs out there. Windows Defender kicks ass.