Congratulations to Context’s James Forshaw forcoming up with a new exploitation technique to win Microsoft’s first ever$100,000 bounty! James already has hadsuccess with design level bugs he found during the IE11Preview Bug Bounty, and Microsoft are thrilled to announce that hecontinues to improve their platform-wide security by leaps and bounds.
Whilst Microsoft can’t go into the detailsof this new mitigation bypass technique until they address it, they are excitedthat they will be able to use these insights to better protect customers byproactively including defenses against these advanced techniques within futurereleases of their products. This knowledge helps Microsoft to make individualvulnerabilities less useful when attackers try to use them against customers.
Context invests heavily in cutting-edgeresearch within the technical security arena and we are delighted that our teamcontinues to lead the way in terms of developing new and innovative attacks andassessment techniques, thus helping our clients and vendors fix issues beforethey can be abused by attackers.
James will also be speaking at the HITBSecurity Conference in Malaysia on 17th October and at Breakpoint 2013in Australia on the 25th October. Both presentations will discuss indetail “The Forger's Art: Exploiting XML Digital Signature Implementations”.