Microsoft Opens Vulnerability Bounty Program For Spartan Browser

jones_supa writes: As it did in the past when it tried to make Internet Explorer more secure, Microsoft has launched a new bug bounty program for Spartan browser, the default application of Windows 10 for surfing the information highway. A typical remote code execution flaw can bring between $1,500 and $15,000, and for the top payment you also need to provide a functioning exploit. The company says that it could pay even more than that, if you convince the jury on the entry quality and complexity. Sandbox escape vulnerabilities with Enhanced Protected Mode enabled, important or higher severity vulnerabilities in Spartan or its engine, and ASLR info disclosure vulnerabilities are also eligible. If you want to accept the challenge, Microsoft provides more information on how to participate.

What?

[ArcadeMan]

...the default application of Windows 10 for surfing the information highway.

The "information highway"? WTF is this, 1995?

Re:What?

[jones_supa]

I threw that intentionally there to give the summary some 1995 feeling. Hehheh.

Re:What?

[deviated_prevert]

I threw that intentionally there to give the summary some 1995 feeling. Hehheh.

Hey Microsoft did('nt) fix the start menu OH NOES I AM HAVING AN ACID FLASH BACK VIDEO which is the default player you can still turn off flash in Sparton if you don't want to have Windows 10. There give me the money I fixed a security hole in Sparton for you!

Re:What?

[Jane+Q.+Public]

The "information highway"? WTF is this, 1995?

No... more like 480 BC. It seems reasonable to think that "Spartan" refers to "Sparta" which in turn implies (with deference to Slashdot's notably horrible character handling): "Molon labe"... which would mean in this context: "Come and get it." The reply to Xerces when he demanded they lay down their weapons was "come and get them".

The historical reference hit me right away, and if Microsoft didn't really intend it, they screwed up bigtime. Because the name of their browser is historically a challenge to "try to go through me". So...

Let's go try it. I kind of doubt if seriously attacked it would stand as they did.

Re:What?

[ITRambo]

Yeah, it's the information superhighway now. 20 years later it's all grown up.

Re:What?

[Opportunist]

Hey, 1995 Spartan would have been an awesome cutting-edge browser!

I have a bug

[slashmydots]

"All your new crap is named after Halo and Minecraft so nobody will respect it."
Is that considered a bug?

Re:I have a bug

[Kagetsuki]

MS is deploying agents to give you a Mountain Dew enema and throw Doritos dust in your face until you repent, blasphemer!

Re:I have a bug

[slashmydots]

And they'll charge monthly for it

Re:Sad news.. Internet Explorer dead at 19

[ArcadeMan]

http://i.imgur.com/oXafhtY.png
http://techsalsa.com/wp-conten...

Sure, I'd love to help.

[o_ferguson]

Just send me the source code.

Legacy code is going to be an issue

[deviated_prevert]

I am running the preview and here is what is going on currently;

Right now many drivers that rely upon things like AMD Catalyst are causing issues. The reason is legacy code that is being dropped or at best slow to update. For instance the ATI Mobility Radeon X1400 video card is causing serious issues. Sparton is essentially a browser that is windows explorer so it is just a system integration experience like Chrome OS so anything the calls for legacy driver code for high definition net streaming is problematic system wide.

If AMD does not update some very common radeon drivers for Windows 10 or if the legacy drivers that worked in Win7 cannot be successfully used in Windows 10 then there is going to be a butt tonne of CHEAP great laptops available for us Linux users to scoop up for peanuts! This means either a pile of laptops from 2010-2011 will all be boat anchors or users will just ignore Win10. Tweet #cheap_linux_gear_2016 LOL. Naw Microsoft wouldn't do that would they?

Alternatives?

[johannesg]

How much is the Russian maffia or the Chinese government offering? Before we make any decisions on what the best economic choice is we should be aware of all the alternatives...

Re:Sad news.. Internet Explorer dead at 19

[deviated_prevert]

Turns out it is not dead it will rise from the grave and go for brains. The Sparton will have to fight it to the death, seeing that Sparton has no brain to go after, it might just win because you cannot uninstall it either once you cross the line and use a brain dead browser with no home button by default that just keeps popping up all over the place in ten billion window panes that you need to swat at to close or go crazy with the single back button to use!

Bugs shmugs it will work fine for touch screens but on the workplace desktop it will suck! Got news for you Internut Exploiter is still there it is just hidden in preview 10061. The truth is Internet Explorer on 10 is very good indeed and is just a more advanced windowing gui using the same core system dlls. Sparton is a mish mashup of explorer with voice command interpretation capabilities. So any bug that effects the core html/xml etc rendering dlls will effect either browser.

They would shoot themselves in both feet at the same time if they drop IE completely for the final release because Sparton is very much designed for touch screens not advanced use by keyboard and mouse. Sparton will work fine for some things on the desktop but it will be a steep learning curve for the work place users so IE will still reign supreme in places like Government Offices, Banks and the like where it is a religion and the users are zombies who cannot cope with any change!

Making Internet Explorer more secure?

[DougPaulson]

How is allowing the Browser low level access to the OS through ActiveX calls and making HTML the default format for help files making Internet Explorer more secure? Microsoft the company that made browsing the WEB dangerous ...

Re: Security issue 2

[Hognoxious]

Wild guess, you don't use Windows or Linux?

Re:Sad news.. Internet Explorer dead at 19

[Hognoxious]

Was it eaten by wolves?

Re: Security issue 2

[Opportunist]

So do I. Without MS, I'd probably be out of a job.

Seriously, people. MS is a lifesaver for me. And everyone else in IT security.

1.5-15k? For real?

[Opportunist]

Do you have a FAINT idea what a 0day, remote code execution bug in IE sells for?

Re:1.5-15k? For real?

[dreamchaser]

*Whoosh*

Opportunist is referring to the fact that bad guys will pay many times more than that for a 0 day remote execution bug.

BS time

[ruir]

So Microsoft believes a shitty product will get better acceptance by the consumer changing the skin and the name. Interesting.

Re:BS time

[Njorthbiatr]

IE and Spartan have different engines. It's an entirely rebuilt browser.

Maybe you should do your research before you start talking shit.

Re:BS time

[jones_supa]

Not entirely rebuilt. Spartan's engine is EdgeHTML which is a fork of Trident that is used in IE.

Re:BS time

[ruir]

A "fork" is some project picked up by others.

Re:BS time

[jones_supa]

I don't see why a project couldn't be forked internally in a company as well, and possibly even be maintained by the same team.

Re:BS time

[ruir]

Me neither, but that just validates my initial point they are just changing the name of a very hated project, and throwing to our ears the usual crap. https://www.youtube.com/watch?...

Re:Wonder how Spartan will do?

[deviated_prevert]

You know the most exciting thing about Windows 10 is Spartan. Everything else is just Windows and except for being a re fresh again of Windows 8. I am not
looking forward to Windows 10 except for Spartan. Early feedbacks tells a story of a browser that is really focused on the here and now. I give Microsoft praise
for finally dumping IE for something truly new. I hope its not going to end up riddled with bad code and poorly implemented security. I would think not, given Microsoft's better commitment to security. Although I have been disappointed on how Microsoft of late has pretty dropped the ball on its Security Essentials and Defender products. Will Microsoft throw Spartan out there and forget about it? Or can Microsoft innovate consistently or even gain back any browser users lost to other browsers? I know myself I am fed up with Internet Explorer and anything has to be better.

Sparton will be good for those who are visually impaired. It is designed for voice command. I am thinking of attaching a mic and seeing if I can have some fun with it. But as far as a work desktop interface goes, I do not think that in places like banks, doctors offices and all the other places where professionals use IE and Chrome and things like Citrix every day for real world work you will see them sitting at their desks talking to Sparton and as a file explorer to get their serious work done. The keyboard is not going away any time soon, neither is the mouse because touch screen typing is for finger painters not serious work and that is why many major banks are still USING XP it was still the cheapest and best terminal OS.

Microsoft would shoot themselves in the foot miss and kill themselves if they completely if they do not support mouse and keyboard with Windows 10 and do it really well as a workplace terminal replacement for XP and 7. We will see if they manage to support enough old gear and pull it off. But with this OS I can tell you that 2 gig of ram is now almost impossible and is worse than 7 starter edition so all the 1 gig and 2 gig XP and 7 desktops will have to be dumped. Either they develop it to run on limited resources or they are going be in for a world of hurt next year when they try to peddle it to their real core fan base which is business and governments.

Re: Security issue 2

[Hognoxious]

If you go back to white it never feels tight.

Umm, so I heard.

Re:firs tpost

[eric_harris_76]

Or you could learn how to say "No". Your call.