Observations from the EcoStrat-isphere

Handle:Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change – the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos As part of the quest to help “secure the planet”, our team travels over this planet a lot, and…

0

MS08-067: Example of Need for Increased Collaboration

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run You’ve probably heard that we released an out-of-band Security Bulletin for a vulnerability in Windows (MS08-067).  By now you…

0

State of the Union

I spent a lot of time trying to think about what to write for a BlueHat pre-conference blog entry and had a pretty hard time focusing on one topic. To handle this, I decided to comment on the state of security. While I’ve found plenty of things to be excited about with security, including improved…

0

Black Hat Follow Up: Answering the Hard Questions

Handle:Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns It’s October! And for those who remember Black Hat 2008 in Las Vegas, this means the programs we announced have launched. These programs…

0

Concurrency Attacks in Web Applications

Hello, This is Scott Stender and Alex Vidergar from iSEC Partners, and our topic for BlueHat is Concurrency Attacks in Web Applications.  Database administrators, computer architects, and operating system designers have spent decades solving the problems that arise from concurrency as they apply to their respective technologies, so this should be old, boring stuff, right? …

0

BlueHat Special, Aisle 8…

Handle:C-Lizzle IRL: Celene Temkin Rank: BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Hopefully by now you’ve seen the lead in to BlueHat v8 blog post, the official announcement post, and perused the spiffy, revamped BlueHat page. I’m truly amazed to see how the…

0

Visualizing Software Security

Working to find bugs in the software security industry is much like prospecting for natural resources. An engineer takes a high level view of an unknown piece of territory to determine the lay of the land and narrow down the geography into a few key locations of interest using intuition, experience, and macro-scale information. Next,…

0