This week I am staying on the Campus in Redmond for internal meetings. By accident it happened to me that our Bluehat briefings are taking place and I had a chance to attend the Executive Day this afternoon. If you want to know more about Bluehat, visit our public website at http://www.microsoft.com/technet/security/bluehat/default.mspx. The goal of these briefings is to bring our people together with white hat security people in the economy.
Today I got certain things explained and showed that opened up my eyes. I mean, I am looking into the security economy (above and below the radar) since a long time and most of the things I saw were not new to me but today I saw certain successful attacks, I just knew that they work but I never got them demoed. It is really impressive to see some of these things live and to see how fast they are.
A few of my conclusions:
- There is an excellent technical knowledge out there in the security economy. The people at the briefing are using their knowledge to protect our joint customers. But basically it is clear that the criminal economy has at least the same level of technical understanding as they have – and this is the really scaring part.
- The worst thing I think is a conclusion which is valid all over the place: Hacking gets much, much, much, much easier as the tools on the Internet get better and better. Additionally there are “security” companies that make these tools available for free as demos.
- Last but not least, I definitely think that this kind of dialog is extremely important: The meeting and knowledge sharing between the white hat hackers and the software vendors help to get an understanding how they look at things, how they try to understand our tools (and not only our tools) without having the source code and how they want to attack the environment.
So, I personally think that events like Bluehat are really excellent (and to stress it again, we do not work with black hats) for both sides. I simply fosters a common understanding.