Microsoft Opens Vulnerability Bounty Program For Spartan Browser

← Back to Stories (view on slashdot.org)

Microsoft Opens Vulnerability Bounty Program For Spartan Browser

Posted by timothy on Friday April 24, 2015 @03:27PM from the why-not-leave-the-code-to-survive-infancy-alone? dept.

jones_supa writes: As it did in the past when it tried to make Internet Explorer more secure, Microsoft has launched a new bug bounty program for Spartan browser, the default application of Windows 10 for surfing the information highway. A typical remote code execution flaw can bring between $1,500 and $15,000, and for the top payment you also need to provide a functioning exploit. The company says that it could pay even more than that, if you convince the jury on the entry quality and complexity. Sandbox escape vulnerabilities with Enhanced Protected Mode enabled, important or higher severity vulnerabilities in Spartan or its engine, and ASLR info disclosure vulnerabilities are also eligible. If you want to accept the challenge, Microsoft provides more information on how to participate.

53 comments

Min score:

Reason:

Sort:

Sad news.. Internet Explorer dead at 19 by Anonymous Coward · 2015-04-24 15:46 · Score: 0

I just heard some sad news on talk radio - Standards defiant / patchworked internet web browser Internet Explorer was found shot dead in its Redmond, WA home this morning. There weren't any more details, and no signs of forced entry. I'm sure everyone in the Slashdot community will miss this web browser- even if you didn't enjoy its cluttered UI or various security holes, there's no denying its contributions to popular culture. Truly an American icon.
1. Re:Sad news.. Internet Explorer dead at 19 by ArcadeMan · 2015-04-24 16:06 · Score: 1
  
  http://i.imgur.com/oXafhtY.png
  http://techsalsa.com/wp-conten...
  
  --
  Get free satoshi (Bitcoin) and Dogecoins
2. Re:Sad news.. Internet Explorer dead at 19 by deviated_prevert · 2015-04-24 18:31 · Score: 1
  
  Turns out it is not dead it will rise from the grave and go for brains. The Sparton will have to fight it to the death, seeing that Sparton has no brain to go after, it might just win because you cannot uninstall it either once you cross the line and use a brain dead browser with no home button by default that just keeps popping up all over the place in ten billion window panes that you need to swat at to close or go crazy with the single back button to use!
  Bugs shmugs it will work fine for touch screens but on the workplace desktop it will suck! Got news for you Internut Exploiter is still there it is just hidden in preview 10061. The truth is Internet Explorer on 10 is very good indeed and is just a more advanced windowing gui using the same core system dlls. Sparton is a mish mashup of explorer with voice command interpretation capabilities. So any bug that effects the core html/xml etc rendering dlls will effect either browser.
  They would shoot themselves in both feet at the same time if they drop IE completely for the final release because Sparton is very much designed for touch screens not advanced use by keyboard and mouse. Sparton will work fine for some things on the desktop but it will be a steep learning curve for the work place users so IE will still reign supreme in places like Government Offices, Banks and the like where it is a religion and the users are zombies who cannot cope with any change!
  
  --
  This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
3. Re:Sad news.. Internet Explorer dead at 19 by Hognoxious · 2015-04-24 21:01 · Score: 1
  
  Was it eaten by wolves?
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
What? by ArcadeMan · 2015-04-24 16:00 · Score: 1

...the default application of Windows 10 for surfing the information highway.
The "information highway"? WTF is this, 1995?

--
Get free satoshi (Bitcoin) and Dogecoins
1. Re:What? by Anonymous Coward · 2015-04-24 16:26 · Score: 0
  
  ...the default application of Windows 10 for surfing the information highway.
  The "information highway"? WTF is this, 1995?
  Whatever, they didn't throw a "cyber" in there, so I'm happy with it.
2. Re:What? by jones_supa · 2015-04-24 16:35 · Score: 2
  
  I threw that intentionally there to give the summary some 1995 feeling. Hehheh.
3. Re:What? by deviated_prevert · 2015-04-24 17:52 · Score: 1
  
  I threw that intentionally there to give the summary some 1995 feeling. Hehheh.
  Hey Microsoft did('nt) fix the start menu OH NOES I AM HAVING AN ACID FLASH BACK VIDEO which is the default player you can still turn off flash in Sparton if you don't want to have Windows 10. There give me the money I fixed a security hole in Sparton for you!
  
  --
  This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
4. Re:What? by Jane+Q.+Public · 2015-04-24 18:06 · Score: 1
  
  The "information highway"? WTF is this, 1995?
  No... more like 480 BC. It seems reasonable to think that "Spartan" refers to "Sparta" which in turn implies (with deference to Slashdot's notably horrible character handling): "Molon labe"... which would mean in this context: "Come and get it." The reply to Xerces when he demanded they lay down their weapons was "come and get them".
  
  The historical reference hit me right away, and if Microsoft didn't really intend it, they screwed up bigtime. Because the name of their browser is historically a challenge to "try to go through me". So...
  
  Let's go try it. I kind of doubt if seriously attacked it would stand as they did.
5. Re:What? by Anonymous Coward · 2015-04-24 18:34 · Score: 0
  
  I kind of doubt if Jane would stand if she seriously attacked a paper bag.
6. Re:What? by ITRambo · 2015-04-24 18:42 · Score: 1
  
  Yeah, it's the information superhighway now. 20 years later it's all grown up.
7. Re:What? by Opportunist · 2015-04-24 23:20 · Score: 1
  
  Hey, 1995 Spartan would have been an awesome cutting-edge browser!
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I have a bug by slashmydots · 2015-04-24 16:00 · Score: 2

"All your new crap is named after Halo and Minecraft so nobody will respect it."
Is that considered a bug?
1. Re:I have a bug by Kagetsuki · 2015-04-24 17:08 · Score: 1
  
  MS is deploying agents to give you a Mountain Dew enema and throw Doritos dust in your face until you repent, blasphemer!
2. Re:I have a bug by jo_ham · 2015-04-24 23:14 · Score: 0
  
  "All your new crap is named after Halo and Minecraft so nobody will respect it."
  Is that considered a bug?
  "Bug closed: Issue only affects small portion of user base with mental age = 12"
3. Re:I have a bug by slashmydots · 2015-04-25 04:11 · Score: 1
  
  And they'll charge monthly for it
I'm feeling sensitive, people by Anonymous Coward · 2015-04-24 17:14 · Score: 0

Internet Explorer fills me with anxiety. Show me some jazz hands, you bastards.
Sure, I'd love to help. by o_ferguson · 2015-04-24 17:16 · Score: 4, Interesting

Just send me the source code.

--
- In Soviet Korea, only old people loose all their bases to Natalie Portman's petrified hot grits overlords.
1. Re:Sure, I'd love to help. by Anonymous Coward · 2015-04-24 21:39 · Score: 0
  
  I can't help wondering if Microsoft did this Spartan project in response to Mozilla's Servo project, which would greatly appreciate your help :)
2. Re: Sure, I'd love to help. by Anonymous Coward · 2015-04-24 23:59 · Score: 0
  
  Looks like a copy of Chrome, right down to the missing protocol in the omnibox err url bar ahh whatever it is called in this fork.
  I wonder if they will copy the Chrome url copy/paste bugs too.
Legacy code is going to be an issue by deviated_prevert · 2015-04-24 17:35 · Score: 1

I am running the preview and here is what is going on currently;
Right now many drivers that rely upon things like AMD Catalyst are causing issues. The reason is legacy code that is being dropped or at best slow to update. For instance the ATI Mobility Radeon X1400 video card is causing serious issues. Sparton is essentially a browser that is windows explorer so it is just a system integration experience like Chrome OS so anything the calls for legacy driver code for high definition net streaming is problematic system wide.
If AMD does not update some very common radeon drivers for Windows 10 or if the legacy drivers that worked in Win7 cannot be successfully used in Windows 10 then there is going to be a butt tonne of CHEAP great laptops available for us Linux users to scoop up for peanuts! This means either a pile of laptops from 2010-2011 will all be boat anchors or users will just ignore Win10. Tweet #cheap_linux_gear_2016 LOL. Naw Microsoft wouldn't do that would they?

--
This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
1. Re: Legacy code is going to be an issue by Anonymous Coward · 2015-04-24 23:32 · Score: 0
  
  Windows8 caused a lot of laptop lines to be flogged off cheaply. No buyers equals lower prices. Even today staff still tell people up front that they can't sell Windows 7.
  If W10 is anything like W7 we can expect cheap computers for the next decade.
Alternatives? by johannesg · 2015-04-24 17:48 · Score: 3, Interesting

How much is the Russian maffia or the Chinese government offering? Before we make any decisions on what the best economic choice is we should be aware of all the alternatives...
1. Re: Alternatives? by Anonymous Coward · 2015-04-24 18:16 · Score: 0
  
  You mean how much is the U.S. military (NSA being just one actors of many) spending for this ?
  I'll tell you: dozens of billions. It is not even a secret. Just listen carefully to their speeches.
Making Internet Explorer more secure? by DougPaulson · 2015-04-24 19:30 · Score: 1

How is allowing the Browser low level access to the OS through ActiveX calls and making HTML the default format for help files making Internet Explorer more secure? Microsoft the company that made browsing the WEB dangerous ...
Re: Security issue 2 by Anonymous Coward · 2015-04-24 20:02 · Score: 0

I don't want a girl you fuck wit, i'm a gay homo i like being banged by men.
Re: Security issue 2 by Hognoxious · 2015-04-24 20:58 · Score: 1

Wild guess, you don't use Windows or Linux?

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Wonder how Spartan will do? by Anonymous Coward · 2015-04-24 22:40 · Score: 0

You know the most exciting thing about Windows 10 is Spartan. Everything else is just Windows and except for being a re fresh again of Windows 8. I am not
looking forward to Windows 10 except for Spartan. Early feedbacks tells a story of a browser that is really focused on the here and now. I give Microsoft praise
for finally dumping IE for something truly new. I hope its not going to end up riddled with bad code and poorly implemented security. I would think not, given Microsoft's better commitment to security. Although I have been disappointed on how Microsoft of late has pretty dropped the ball on its Security Essentials and Defender products. Will Microsoft throw Spartan out there and forget about it? Or can Microsoft innovate consistently or even gain back any browser users lost to other browsers? I know myself I am fed up with Internet Explorer and anything has to be better.
1. Re:Wonder how Spartan will do? by deviated_prevert · 2015-04-25 07:50 · Score: 1
  
  You know the most exciting thing about Windows 10 is Spartan. Everything else is just Windows and except for being a re fresh again of Windows 8. I am not
  looking forward to Windows 10 except for Spartan. Early feedbacks tells a story of a browser that is really focused on the here and now. I give Microsoft praise
  for finally dumping IE for something truly new. I hope its not going to end up riddled with bad code and poorly implemented security. I would think not, given Microsoft's better commitment to security. Although I have been disappointed on how Microsoft of late has pretty dropped the ball on its Security Essentials and Defender products. Will Microsoft throw Spartan out there and forget about it? Or can Microsoft innovate consistently or even gain back any browser users lost to other browsers? I know myself I am fed up with Internet Explorer and anything has to be better.
  Sparton will be good for those who are visually impaired. It is designed for voice command. I am thinking of attaching a mic and seeing if I can have some fun with it. But as far as a work desktop interface goes, I do not think that in places like banks, doctors offices and all the other places where professionals use IE and Chrome and things like Citrix every day for real world work you will see them sitting at their desks talking to Sparton and as a file explorer to get their serious work done. The keyboard is not going away any time soon, neither is the mouse because touch screen typing is for finger painters not serious work and that is why many major banks are still USING XP it was still the cheapest and best terminal OS.
  Microsoft would shoot themselves in the foot miss and kill themselves if they completely if they do not support mouse and keyboard with Windows 10 and do it really well as a workplace terminal replacement for XP and 7. We will see if they manage to support enough old gear and pull it off. But with this OS I can tell you that 2 gig of ram is now almost impossible and is worse than 7 starter edition so all the 1 gig and 2 gig XP and 7 desktops will have to be dumped. Either they develop it to run on limited resources or they are going be in for a world of hurt next year when they try to peddle it to their real core fan base which is business and governments.
  
  --
  This message was not sent from an iPhone because Peter Sellers really was a deviated prevert without a dime for the call
Re: Security issue 2 by Opportunist · 2015-04-24 23:19 · Score: 2

So do I. Without MS, I'd probably be out of a job.
Seriously, people. MS is a lifesaver for me. And everyone else in IT security.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
mow by Anonymous Coward · 2015-04-24 23:22 · Score: 0

mantap http://sikartun.com
1.5-15k? For real? by Opportunist · 2015-04-24 23:22 · Score: 4, Interesting

Do you have a FAINT idea what a 0day, remote code execution bug in IE sells for?

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
1. Re:1.5-15k? For real? by Anonymous Coward · 2015-04-24 23:48 · Score: 0
  
  Microsoft retains sole discretion in determining which submissions are qualified. Microsoft retains sole discretion in determining which submissions are qualified.
2. Re:1.5-15k? For real? by dreamchaser · 2015-04-25 00:58 · Score: 1
  
  *Whoosh*
  Opportunist is referring to the fact that bad guys will pay many times more than that for a 0 day remote execution bug.
Good by Anonymous Coward · 2015-04-24 23:26 · Score: 0

Sikartun.com
1. Re: Good by Anonymous Coward · 2015-04-24 23:54 · Score: 0
  
  A goatse style link on slashdot. How original.
BS time by ruir · 2015-04-25 05:00 · Score: 1

So Microsoft believes a shitty product will get better acceptance by the consumer changing the skin and the name. Interesting.
1. Re:BS time by Njorthbiatr · 2015-04-25 07:15 · Score: 1
  
  IE and Spartan have different engines. It's an entirely rebuilt browser.
  Maybe you should do your research before you start talking shit.
2. Re:BS time by jones_supa · 2015-04-25 14:12 · Score: 1
  
  Not entirely rebuilt. Spartan's engine is EdgeHTML which is a fork of Trident that is used in IE.
3. Re:BS time by ruir · 2015-04-25 20:03 · Score: 1
  
  A "fork" is some project picked up by others.
4. Re:BS time by jones_supa · 2015-04-25 23:38 · Score: 1
  
  I don't see why a project couldn't be forked internally in a company as well, and possibly even be maintained by the same team.
5. Re:BS time by ruir · 2015-04-26 02:29 · Score: 2
  
  Me neither, but that just validates my initial point they are just changing the name of a very hated project, and throwing to our ears the usual crap. https://www.youtube.com/watch?...
Re: Security issue 2 by Anonymous Coward · 2015-04-25 06:00 · Score: 0

I hear they put male castration chemicals in the drinking water supply in Redmond, so that evilness does not reproduce.
Re: Security issue 2 by Hognoxious · 2015-04-25 09:52 · Score: 1

If you go back to white it never feels tight.
Umm, so I heard.

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Re:firs tpost by Anonymous Coward · 2015-04-25 11:41 · Score: 0

actually what that prize money gets you is a whole gang descending on you, your family and relatives, who finally found a talent, and you will be coerced into spend the rest of your life toiling away in their underground slave caverns writing code getting whipped by slavedrivers to row row row the boat faster, and you better do it if you care about the welfare of your kids and near and distant family members, or even your own life.. my answer to them though would be that in the Land of the Free and the Home of the Brave gimme liberty or gimme death, motherfuckers, and you don't run me and I'm not your fucking slave, slavery was banned with Lincoln and his generals winning the civil war (lucky for Lincoln he had good generals) and i don't care if you kill me or any of my relatives but principles of not negotiating with intellectual property slavery terrorists like the Microsoft gang come first, because once you do it then you always have to do it til the end of time. they can't get enough H1B visas for imported brainpower looking for talent along the lines of the DEC team they hired over in the 90's, and they can't find it, so now they want to use this bait method of giving people bounties.. motherfuckers!
~sillybilly
Re:firs tpost by eric_harris_76 · 2015-04-26 04:48 · Score: 1

Or you could learn how to say "No". Your call.

--
There's no time like the present. Well, the past used to be.