Berlin: Far more than stellar pizza


Celene Temkin

Program Manager 2 & BlueHat Project Manager

Culinary warfare, BlueHat hackers and responsible disclosure

Acts of hubris, MySpace, orange mocha Frappaccinos!

Goodbye 2008- Hello 2009! Over the past year we, the MSRC EcoStrat team and all-up TwC Security have been a lot of places, seen a lot of people, and picked up a lot of t-shirts J. On the road, we work hard to create more opportunities for technical information exchange in strategic ways. One way is by co-sponsoring security conferences in various geographic hotbeds to support the de-mystification of global threats and security threats through education. Another way is by presenting candid talks and having open conversations in order to create channels for productive information exchange on common threats between the security industry, governments and researchers.

Most recently, members of TwC Security were in Berlin at the 25th Chaos Communication Congress, CCC (25C3). CCC is not a purely security-oriented conference; it touches on topics that are relevant to society in general, i.e., voting, cryptography, ethics, privacy, et cetera, which makes its reach truly unique. Among others, Bruce Dang and Dave Tamasi were joined by Joe Hemmerlein (Netherlands) as Microsoft representatives. From our perspective, many of the attendees of this con seem to be huge fans of Linux/*BSD and open source software in general.

Bruce Dang had the opportunity to present his talk on “Methods for Understanding Targeted Attacks with Office Documents” which was well-received. To hear quotes like: “The crowd loved this guy” and “Bruce Dang’s talk and the conversation afterward was one of the highlights of the Congress for me,“ is exactly the kind of stuff we like to write home and tell Mom about. (Use your favorite search engine to query “Bruce Dang CCC talk” to read more great community feedback about Microsoft at CCC, or visit the MMPC blog for more stories about surprising EU community supporters.)

Several folks approached Bruce post-session and applauded Microsoft’s transparency levels, along with the technical level of his presentation . Sure, there were the standard “What’s it like to work at Microsoft?” inquiries, but most responses were how impressed people where that Microsoft hires people to do this kind of work. Apparently one guy even walked up to Bruce and Dave, completely unsolicited, to say, “you have shattered my perception of Microsoft.” Wow, you can’t buy publicity like that!

Along with the great comments, we also received some promising recommendations for where our attention and support could have even more impact -we’re all ears as we are always looking for ways to foster different communities.

Overall, the Microsoft experience at CCC was quite positive; attendees recommended a stronger Microsoft presence, continuing to speak about security research at a deep technical level. We’ve even been receiving e-mails saying that “we changed the audience’s perception of Microsoft.” Sweet, sweet music to our ears!

At the end of the day it sounds like the pizza in Berlin wasn’t half bad, especially when served with one of the best hacker conferences in the world. We also learned some interesting local facts, for example, about a German “ethics hotline.” Say, for example a researcher at CCC has a question about how ethical it is to hack a website, server, whatever. With the handy ethics hotline, simply dial up and ask! Ich bin ein ethical Berliner!



-Celene Temkin

*Postings are provided “AS IS” with no warranties, and confers no rights.*