Podcasts and Peppermints

BlueHat v6 has wrapped and all the researchers have gone home – or have they?    Around here, the buzz sparked by our guests and in-house BlueHat speakers is very much still humming.  The side-meetings between researchers and Microsoft teams that I first blogged about during my first month here are continuing to be a…

0

Vista and Vigilance

Halvar Flake, Sabre Security    I have been told that I can write a blog entry for the BlueHat blog, with little or no editing, and now I sit here and have to make up something interesting to write about. I have a bit of a writers block today, caused by being tired, jetlagged, and…

11

The new security disclosure landscape

Rain Forest Puppy (rfp@wiretrip.net)   Security disclosure has always been a contested topic, pitting “those that find the bugs” against “those that are responsible for the bugs.”  In the days before security disclosure became a formal topic, those people who gave credence to some sort of moral compass often sought to follow a “gentleman’s code”…

2

BlueHat, Day 2: Morning of Mobile, Afternoon of Cool Tools

Hello world!  Katie Moussouris here at BlueHat.  Yesterday’s talks certainly set the bar high.  We saw topics range from Mark Russinovich’s clarification of security boundaries to Halvar Flake’s automated malware classification to Roberto Preatoni’s discussion of his exploit marketplace project, better known as WabiSabiLabi.   I spent the day recording audio podcasts with each of…

1

Microsoft, Mobile, and Security

Ollie WhitehouseArchitect, Advanced Threat Research, Symantec  Corporation   So if you had told me that one day I would be invited to Microsoft to talk about a subject I’ve now been involved in researching on and off for over six years and something I must say that has burned in my belly with passion for…

2

BlueHat: Malware, Isolation and Security Boundaries: It’s Harder than it Looks

Mark Russinovich here from BlueHat. This is the first time that Microsoft has used internal speakers at its BlueHat security conference and I’m excited to be one of them. When I was approached with the invitation to present a session, I immediately thought of all the fun topics I’d like to talk about. For example,…

0

Pay no attention to that vuln behind the curtain

Adam Shostack here, guest blogging for the BlueHat blog. As you may have seen from Andrew Cushman’s post, the theme of this BlueHat is “The Vuln Behind the Curtain.”   I really like this theme, because it’s part of a maturing in the way we’re dealing with security issues.  I’m not going to claim Microsoft is perfect,…

0

Announcing: BlueHat v6!

Andrew Cushman here. BlueHat is back in Redmond, as BlueHat v6: The Vuln Behind The Curtain opens September 27th and 28th. Once again we have two days of great security content that covers the spectrum of issues in security. The BlueHat speakers, both leading external security researchers and internal Microsoft engineers, will pierce the security…

2

BlueHat: Community Outreach

Katie Moussouris here.  I’m the newest Security Strategist here at Microsoft.  I was brought in by Sarah Blankinship to contribute to the work of the MSRC Security Community Outreach Team.  I work in the group that is responsible for securing current and future Microsoft products.  My background is application security, having come from Symantec by…


BlueHat: An MSRC Perspective

Hello everyone, This is Christopher Budd. As Andrew noted in his posting yesterday, on Thursday we had our Spring 2007 BlueHat Security Briefings. I had a chance to attend, along with several of my colleagues from the MSRC and Sarah was kind enough to let me do a guest post to share some thoughts on…