Software Security == People && Process && Technology

Mark Curphey here. I run the Subscriptions Engineering Team in Server & Tools Online, where we build complex customer facing web sites like MSDN and TechNet, supporting millions of users. For the last 15 years, I have always held security roles, most recently heading up the Information Security Tools team here at Microsoft, where we…

1

Heya! Hola and Olá!

It was pretty fun sitting in the panel that kicked-off the first BlueHat Security Forum in Latin America and we are almost half-way through our day here in Buenos Aires.  (Check out Mike Reavey’s EcoStrat Blog post for details about the panel.) It is always great to see old friends from the ecosystem and meet…

0

Parser Central: Microsoft .NET as a Security Component

During the past decade or so, a significant portion of the computer industry has set out in a quest for secure software. That this sizable force of smart people with all their resources and market power has not yet brought us a secure and safe computing experience, should be an indication that this task is…

0

Do you believe in ghosts?

When I was a kid, I had nightmares every week. I still remember some of them vividly, particularly the ones where ghosts were involved. Not the typical ghosts from the movies, but ones that could not be seen, only heard and felt. Why would I be so frightened and still remember them “vividly” today? Because…

0

The lighter side of the cloud

Billy Rios here. I’m giving a talk this week along with Nate McFeters entitled, “Sharing the Cloud with Your Enemy.” It’s a fun, realistic talk on security in the cloud. Why cloud computing? Cloud computing, software as a service, infrastructure as a service, platform as a service… with so many different terms and so much…

0

Babel Hacking

Hello world!  Remember Mad Libs?  How about Scrabble, when you’d try making up words that sound legit just to be de-bluffed by your friend.  Playing these games provides endless hours of fun with words and letters.  In software and the Internet, words, letters, and text are everything.  Whether you’re up in the cloud, down in…

0

Collaborating on RIA Security

Microsoft and Adobe frequently work together on security. At this year’s BlueHat, we will come together to share our security research in the area of Rich Internet Applications (RIAs). While we independently place considerable thought and effort into our respective security models, attackers often look for methods in which to combine technologies for an attack….

0

Can we secure cloud computing? Can we afford not to?

There have been many disruptive innovations in the history of modern computing, each of them in some way impacting how we create, interact with, deliver, and consume information. The platforms and mechanisms used to process, transport, and store our information likewise endure change, some in subtle ways and others profoundly. Cloud computing is one such…

0

Black Hat USA Spotlight: ATL Killbit Bypass

There are only a few days left before Black Hat USA, and we, like most other speakers, are in the midst of the last-minute push to have all the materials finalized in time for our presentation. Our presentation this year, “The Language of Trust,” features a lot of material related to attacking software interoperability layers,…

0

Dune Busting and Browser Fun at HITB – Dubai

Hi, Billy Rios here, I was recently invited to speak at Hack in the Box (HITB) in Dubai. While at HITB, I participated in two different talks, but I’m going to focus on the talk Chris Evans and I co-presented: “Cross Domain Leakiness.” Chris Evans is a security lead for Google’s Core Security team. Some…