BlueHat | Microsoft Security Response Center

BlueHat, Day 2: Morning of Mobile, Afternoon of Cool Tools

Friday, September 28, 2007

Hello world! Katie Moussouris here at BlueHat. Yesterday’s talks certainly set the bar high. We saw topics range from Mark Russinovich’s clarification of security boundaries to Halvar Flake’s automated malware classification to Roberto Preatoni’s discussion of his exploit marketplace project, better known as WabiSabiLabi. I spent the day recording audio podcasts with each of our BlueHat speakers, getting a brief inside look at each fascinating topic – look for these in the near future on the technet website.

The new security disclosure landscape

Friday, September 28, 2007

Rain Forest Puppy ( rfp@wiretrip.net) Security disclosure has always been a contested topic, pitting “those that find the bugs” against “those that are responsible for the bugs.” In the days before security disclosure became a formal topic, those people who gave credence to some sort of moral compass often sought to follow a “gentleman’s code” that typically involved an earnest attempt to disclose the problem to the vendor and give the vendor a chance to fix it.

Vista and Vigilance

Friday, September 28, 2007

Halvar Flake, Sabre Security I have been told that I can write a blog entry for the BlueHat blog, with little or no editing, and now I sit here and have to make up something interesting to write about. I have a bit of a writers block today, caused by being tired, jetlagged, and already halfways on my way to the airport for my flight back.

BlueHat: Malware, Isolation and Security Boundaries: It’s Harder than it Looks

Thursday, September 27, 2007

Mark Russinovich here from BlueHat. This is the first time that Microsoft has used internal speakers at its BlueHat security conference and I’m excited to be one of them. When I was approached with the invitation to present a session, I immediately thought of all the fun topics I’d like to talk about.

Microsoft, Mobile, and Security

Thursday, September 27, 2007

Ollie Whitehouse Architect, Advanced Threat Research, Symantec Corporation So if you had told me that one day I would be invited to Microsoft to talk about a subject I’ve now been involved in researching on and off for over six years and something I must say that has burned in my belly with passion for most for most of it, I would have said ‘unlikely’.

Pay no attention to that vuln behind the curtain

Tuesday, September 25, 2007

Adam Shostack here, guest blogging for the BlueHat blog. As you may have seen from Andrew Cushman’s post, the theme of this BlueHat is “The Vuln Behind the Curtain.” I really like this theme, because it’s part of a maturing in the way we’re dealing with security issues. I’m not going to claim Microsoft is perfect, but we’re doing a pretty good job at pushing downwards the number of vulnerabilities (and updates) our customers need to deal with.

Announcing: BlueHat v6!

Thursday, September 20, 2007

Andrew Cushman here. BlueHat is back in Redmond, as BlueHat v6: The Vuln Behind The Curtain opens September 27th and 28th. Once again we have two days of great security content that covers the spectrum of issues in security. The BlueHat speakers, both leading external security researchers and internal Microsoft engineers, will pierce the security veil of virtualization and process isolation.

BlueHat: Community Outreach

Monday, May 14, 2007

Katie Moussouris here. I’m the newest Security Strategist here at Microsoft. I was brought in by Sarah Blankinship to contribute to the work of the MSRC Security Community Outreach Team. I work in the group that is responsible for securing current and future Microsoft products. My background is application security, having come from Symantec by way of the @stake acquisition.

BlueHat: An MSRC Perspective

Friday, May 11, 2007

Hello everyone, This is Christopher Budd. As Andrew noted in his posting yesterday, on Thursday we had our Spring 2007 BlueHat Security Briefings. I had a chance to attend, along with several of my colleagues from the MSRC and Sarah was kind enough to let me do a guest post to share some thoughts on BlueHat from the standpoint of someone involved in security response.

BlueHat v5: The Paradox of Innovation

Thursday, May 10, 2007

BlueHat is Microsoft’s own little hacker con. We host it twice a year – the sessions today were all about innovation in security research. What did we learn? That Microsoft cannot solve the security problem, but we can raise the bar substantially to the point where finding bugs in Microsoft products is hard, and building reliable exploits even harder.