SOFTWARE HOUSE Microsoft has released a security toolkit that implements some of the code written by the winner of its Bluehat security competition.
Out now and free from Trustworthy Computing is the new version of Microsoft's Enhanced Mitigation Experience Toolkit, or EMET 3.5. EMET now includes defences agains Return Oriented Programming (ROP) attacks that Microsoft says are "inspired by" contest finalist Ivan Fratric.
The competition was launched at the Black Hat security conference in Las Vegas last year and closed in April. So far Microsoft has been coy about announcing who won it. It promises to reveal that on Thursday 26 July, and for now limits the possibilities to Fratric and any other finalist.
A grand prize of $200,000 is reserved for the winner, and $50,000 in a mix of cash and prizes will be split between the other finalists.
In the meantime Microsoft is pretty pleased with itself and its ability to get new and interesting code into EMET in a relatively short time.
"In less than three months, we successfully integrated one of the Bluehat Prize finalists' technologies with EMET 3.5 Technology Preview to help make software significantly more resistant to exploitation," said Mike Reavey, senior director of the Microsoft Security Response Center.
"As the risk of criminal attacks on private and government computer systems continues to increase, we've been able to accomplish our goal with the Bluehat Prize contest, incentivising researchers to invest in defensive research and develop technologies that could be put into play to help make the computing ecosystem safer."
Fratric meanwhile must be on the edge of his seat as the day of the announcement comes closer. Whether he will win $200,000 all to himself or not, he was pressed to say something.
"Developing a prototype is one thing, but having it integrated with an actual product such as EMET 3.5 Tech Preview is something else entirely," he said.
"I'm really excited about my technology finding its way to users and hope that it will help make them more secure against current threats." µ
Apple means business
Attack saw 866 million credentials exposed
'Hundreds' of handsets at risk of SMS theft
Privacy 1 - Facebook 0