One Month Analysis: Exploitability Index

Handle:Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns Hey folks – We’ve just released the November Security Bulletins and that also marks the one-month point after the release of the initial… Read more

Observations from the EcoStrat-isphere

Handle:Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change – the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos As part of the quest to help “secure the planet”, our team travels over this planet a lot, and… Read more

MS08-067: Example of Need for Increased Collaboration

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run You’ve probably heard that we released an out-of-band Security Bulletin for a vulnerability in Windows (MS08-067).  By now you… Read more

Black Hat Follow Up: Answering the Hard Questions

Handle:Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns It’s October! And for those who remember Black Hat 2008 in Las Vegas, this means the programs we announced have launched. These programs… Read more

BlueHat Special, Aisle 8…

Handle:C-Lizzle IRL: Celene Temkin Rank: BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Hopefully by now you’ve seen the lead in to BlueHat v8 blog post, the official announcement post, and perused the spiffy, revamped BlueHat page. I’m truly amazed to see how the… Read more

What is SCPcert?

Handle:Zot IRL: Zot O’Connor Rank: Program Manager 2 Likes: Taking on the enemy with partners, Automating processes, good scotch and bourbon Dislikes: Poor reporting, FUD, miscreants, dangling participles Well it’s been a busy week at GOVCERT.NL Symposium 2008. I thank the wonderful people at GovCERT.nl for creating an amazing event. I ate many Dutch delicacies,… Read more

Why CERTs are Important to the MSRC

Handle:Zot IRL: Zot O’Connor Rank: Program Manager 2 Likes: Taking on the enemy with partners, Automating processes, good scotch and bourbon Dislikes: Poor reporting, FUD, miscreants, dangling participles As I am traveling in Europe, about to attend the GOVCERT.NL Symposium 2008, I wanted to explain how we work with Guidance Providers (CERTs and similar groups)… Read more

The Valley Between Black & Blue

Handle:C-Lizzle IRL: Celene Temkin Rank: BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! I affectionately call this time between summer conferences, the black and blue phase, where I wear security like a Hypercolor t-shirt, changing colors depending on where we are in our conference… Read more

Leaving Las Vegas: A Black Hat Salute

Handle:The Crushman IRL: Andrew Cushman Rank: Security Director Likes: Cranberry juice (thanks Jay!) Dislikes: Super helpful hotel desk clerks (thanks Raoul?) What can I say? Once again, Black Hat did not disappoint. And that’s not just post-party speak. The conversations were good, the input was invaluable, and the support for the new programs we launched—well,… Read more

Threats in a Blender, and Other Raisons d’être

Handle:k8e IRL: Katie Moussouris Rank: Senior Security Program Manager Likes: Cool vulns (responsibly disclosed of course), girls with soldering irons, Spanish tapas, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice There are times when one must look toward the best interests of the customers above any competitive strategies.  Security is one of those themes that has the… Read more