BlueHat v13 is Coming

This week, starting Thursday, we’ll be hosting our 13th edition of BlueHat. I’m always so impressed with the level of knowledge we attract to each BlueHat, and while the event is invite-only, we’ll be sharing glimpses into the event via this blog and the hashtag #BlueHat.

For each of the past six years I have had the honor to work among some of the most talented engineers I have ever met, here at Microsoft. I am inspired by the mission we embrace in securing our products, devices, and services. There are few other vantage points with as broad a footprint on the internet, since one of Microsoft’s early mottos helped put “a computer in every home.” Our job in the Microsoft Security Response Center (MSRC) is to help protect the customers who use the technology that the rest of the company works so hard to create. In everything we do in the MSRC, we strive to fulfill our mission to help insure the security and privacy of over a billion computer systems and our customers worldwide.

In 2005, we started the BlueHat conference to educate the developers and executives of Microsoft about current and emerging threats. The idea was to bring the hackers and security researchers to us, and in doing so foster an environment where the bidirectional exchange of ideas around the balance between security and functionality could meet fertile ground in the famed “hallway track.” We hand-pick just a small number of speakers and external attendees to concentrate on learning from them in most cases, and the chance to teach some of them from what we have learned, to help enhance the security and privacy of the Internet as a whole.

This year is no different in that we have invited speakers chosen to educate, amaze, and work with Microsoft to help us understand the emerging security threats to us and our customers. Together, we will rise to face the most important challenges in helping to secure the global Internet ecosystem.

Beginning on Dec 12, 2013, we’ll begin this year’s BlueHat by focusing on the threat landscape, learning about determined adversaries to help us defend our own network and assets, and tools to detect and mitigate attacks. Next we’ll welcome some of the world’s top experts to discuss devices and services, from low-level hardware to web services, to help us build products, devices, and services that are more secure from the ground up.

Finally, we’ll close out the conference with a thought-provoking track that I like to call the “Persistence of Trust,” where we will discuss the core elements that comprise the trust we rely on to support what the Internet has become – a global information sharing network that humanity uses to exchange goods, services, money, and most importantly, ideas. To support these functions, we must strengthen the technology that underlies and supports that trust, and we must design products, devices, and services that are resistant to security and privacy breaches. 

Here’s a quick overview of the planned speaker lineup for the two days of BlueHat v13.

Day 1: Thursday, December 12

Microsoft Technical Fellow, Anders Vinberg, will open BlueHat’s first track, Threat Landscape. Anders will talk about a broad assurance initiative for the next wave, covering Windows Server and System Center, in close alignment with the Core OS team, identity, Office and Azure. Next, we’ll set the stage with a talk from FireEye’s Zheng Bu and YiChong Lin designed to walk us through the techniques of the average and not so average targeted attacker, and show us ways to detect and combat the adversary. Microsoft Partner Development Manager, Mario Goertzel, will then speak to some of the hard problems that we face in antimalware – specifically, how we equip customers and partners with the right tools and analysis to help us all defend our networks and assets. Closing out the Threat Landscape track, Microsoft Principal Security Program Manager Lead, Graham Calladine, and Microsoft Senior Security Software Development Engineer, Thomas Garnier, will walk us through what attackers are doing now, how our current products and practices work against us, and how we can change this.

After lunch, the Devices & Services track kicks off with Josh Thomas, whose DARPA-funded research will reveal some hardware-level universal attacks that are possible on mobile devices. Next up we will have Microsoft’s first Mitigation Bypass Bounty recipient, James Forshaw talk about executing unsigned code on the Surface RT, without jailbreaking it. Next, Microsoft Principal Software Development Engineer, Lee Holmes, will talk with us about PowerShell. Chris Tarnovsky will then discuss Semiconductor devices and their backward steps in physical security through higher common criteria ratings. Next up, we’ll hear from Microsoft Partner Development Manager, Chris Kaler, and Microsoft Senior Program Manager, Serge Mera, about the latest in Message Analyzer. Mario Heiderich will then take us into the wilds of JavaScript MVC and templating frameworks. The afternoon will wrap up with a call to action from our own Russ McRee, followed by several lightning talks.

Day 2: Friday, December 13

Taking into consideration the inevitable socializing from the night before, we’re giving our attendees a slow morning. Between 9:00 AM and 12:00 noon we’ll have a recovery brunch with mimosas, lightning talks, and the famed hallway track. I’ll be the Day 2 keynote opening the track Persistence of Trust, at 12:30 noon. My talk will focus on security strategy at Microsoft, what we’re doing in terms of our defensive industry partner programs like MAPP, and of course, I’ll provide an update on our strategic Bounty programs. I’ll then handoff to Justin Troutman, who will talk about Mackerel, a cryptographic design and development framework based on the premise that real-world cryptography is not about cryptography at all; it’s about products. Peter Gutmann, famed researcher with the University of Auckland, New Zealand, will take the stage and illuminate the psychology of computer insecurity. After a short break, Alex Stamos, CTO of Artemis Internet, and Tom Ritter, Principal Security Engineer with iSEC Partners, will awaken us with tales life after elliptic curve crypto’s coming extinction. From Bromium Labs we’ll hear from Rahul Kashyap and Rafal Wojtczuk, who will discuss and demonstrate how to reliably break out of various popular sandboxes. Finally, closing BlueHat v13, renowned security and privacy expert and advocate of human rights, Morgan Marquis-Boire will explore what I call the elephant in the room, as he discusses the surveillance landscape and coercion resistant design.

As chair of the BlueHat content board, I would be remiss in my duty to the mission of BlueHat if I ignored the revelations of the summer of 2013, and the concerns about government surveillance of the internet. Hence, we will be continuing our internal dialog with a conversation with Morgan and others in attendance on how to design products, devices, and services that are more resistant to abuse and surveillance.  For us, and for over a billion of our customers worldwide, this issue transcends borders and politics. We are a global company and part of a global community, and as such we will continue to work with our customers, partners, and even our competitors to ensure a safer, more trustworthy Internet for all.

From the age of the great worms, to the evolution of more sophisticated and targeted attacks, to the era where modern warfare takes place on not only the information superhighway, but also on the civilian streets of the Internet, we will serve faithfully in our mission to help protect our customers from security and privacy breaches, no matter the adversary.


BlueHat is coming. Brace yourselves.


Katie Moussouris

Senior Security Strategist

Microsoft Security Response Center

(that’s a zero)