New story
Riku Tanaka
in
Developer
January 31 19:16

Microsoft offering as much US$20,000 for Xbox Live security flaws

The software giant Microsoft has reported the launch of another whitehack prize program today, centered exclusively on its Xbox Live platform. The company has announced a reward of up to twenty thousand dollars, a prize that will vary based on the seriousness of the security flaw and the detail of the claimant’s report. 
165
0
The software giant Microsoft has reported the launch of another whitehack prize program today, centered exclusively on its Xbox Live platform. The company has announced a reward of up to twenty thousand dollars, a prize that will vary based on the seriousness of the security flaw and the detail of the claimant’s report.

Just like any other whitehack prize event, Microsoft is seeking very detailed and dangerous (to the system) vulnerabilities. If you’ve found a way to inject code into Microsoft's servers, the company will pay you. But if you keep getting booted from a game of Fortnite, just as you’re about to win – that’s not really the kind of “bug” that they’re talking about.
There are also several types of attack types that the company considers categorically unacceptable, such as DDoS   
Microsoft likewise explicitly precludes a couple of sorts of vulnerabilities as out-of-scope, including denial-of-service attacks, or any exploits that involve phishing information from Microsoft workers or Xbox users. Likewise, getting a server to “reveal” rudimentary information like the server name or IP will not get you paid.
Microsoft provides all of the exceptions here
This whitehat hacking event is far from the first of many that Microsoft has held over the years. Some notable events include hacking Microsoft’s Edge program, Office 365 among others. The largest payout that the tech behemoth has offered was the (up to) US$300,000 bounty that was offered to anyone who could find an incredible specific and detailed exploit to the cloud service Azure. An example of such an exploit would be to describe in incredible detail how one could gain administrative access to an Azure Security Lab account. This would be considerable challenging, considering that such accounts are very tightly controlled and monitored.