Friday, March 24, 2006
Hi everyone, Stepto here. Today the MSRC became aware of public reports of attacks on some PC users utilizing the vulnerability that Lennart posted about in Internet Explorer. Here’s what we know. The attacks are limited in scope for now and are being carried out by malicious Web sites exploiting a vulnerability in the method by which Internet Explorer handles HTML rendering.
Wednesday, March 22, 2006
Hi, It’s Lennart again. Wanted to let you know that today we saw another public posting around a vulnerability in Internet Explorer. This one is different than the crash bug I wrote about earlier. The public posting speaks about createTextRange() and a way that this could be utilized to get code to run when visiting a specially crafted Web page.
Tuesday, March 21, 2006
The BlueHat team has been getting a lot of questions from both inside and outside of Microsoft asking if we are going to publicly post video or audio recordings of the BlueHat presentations, or if we are going to hoard the BlueHatty goodness and keep the presentation details all to ourselves… A totally valid question since all of our BlueHat presentations from 2005 and 2006 are fantastic and things any developer or IT Pro could benefit from seeing.
Monday, March 20, 2006
Hi everyone, Lennart Wistrand here. You may have heard about an IE crashing vulnerability that was unfortunately publicly posted before the weekend. We just wanted to make a quick note here that, as always, we’re investigating it. So far we’ve determined that visiting a page that exploits it could cause IE to fail.
Friday, March 17, 2006
Brad Sarsfield here again. I’d like to share with you my thoughts on David Litchfield’s BlueHatv3 talk. David Litchfield is the Chief Research Scientist at Next Generation Security Software (NGS) and spoke to a 600+ standing room only crowd at Bluehat 3 on March 9th. David took us through his thoughts on the current state of the database security world and talked about his current areas and focus of his research.
Friday, March 17, 2006
Over the next few days we’ll all be writing about the BlueHat sessions… Today I’m excited to have a chance to tell you more about the Exploiting Web Applications presentation made by Caleb Sima, CTO and co-founder of SPI Dynamics at BlueHat 3 on March 9th. (Listen to a podcast interview with Caleb here.
Friday, March 17, 2006
Caleb Sima: Exploiting Web Applications Halvar Flake: BinDiff Analysis HD Moore: How not to deploy ASP.Net applications & Metasploit Alexander Kornbrust: Database Viruses & Rootkits Enjoy, Brad Sarsfield
Thursday, March 16, 2006
The BlueHat blog has been up less than 24 hours, and it was quoted this morning in an article by Robert McMillan on InfoWorld. That article has already hit /. Some of the comments are pretty funny… I can’t wait for the speaker podcasts and channel9 video to go live so people can hear directly from the BlueHat speakers!
Thursday, March 16, 2006
Hi, I’m Brad Sarsfield (bradsa!); I’m the SQL guy here. One of the interesting things about me and my team is that I own the ‘slammer’ component in SQL Server, so by that very nature quite a large part of my job description is to ensure (and I quote) “that never … ever … happens again”.
Wednesday, March 15, 2006
BlueHat 3 just completed last week, and all I can say is WOW. Great speakers. Great presentations. Packed audience. You can read the session abstracts and speaker bios here to see what I’m talking about. OH! I should introduce myself. Where are my manners? I’m Kymberlee Price, a Security Program Manager at Microsoft.
