Monday, September 29, 2008
Another six months has passed – must be time for BlueHat, Microsoft’s internal security conference. This one is shaping up to be an interesting one. The early BlueHats were all about the raw technology – Shok blowing out the memory manager, Brett Moore facepalming over yet another file format vulnerability. But determining vulnerability requires more than just understanding technology.
Monday, September 22, 2008
The Wikipedia page for Natural Language Processing (not the Darren Brown stuff) describes it as “a subfield of artificial intelligence and computational linguistics.” So why am I discussing this on the BlueHat blog? If, like me, you sucked at linguistics in school, you might think that it has no place in IT security.
Friday, September 19, 2008
Handle: Zot IRL: Zot O’Connor Rank: Program Manager 2 Likes: Taking on the enemy with partners, Automating processes, good scotch and bourbon Dislikes: Poor reporting, FUD, miscreants, dangling participles Well it’s been a busy week at GOVCERT.NL Symposium 2008. I thank the wonderful people at GovCERT.nl for creating an amazing event.
Tuesday, September 16, 2008
Handle: Zot IRL: Zot O’Connor Rank: Program Manager 2 Likes: Taking on the enemy with partners, Automating processes, good scotch and bourbon Dislikes: Poor reporting, FUD, miscreants, dangling participles As I am traveling in Europe, about to attend the GOVCERT.NL Symposium 2008, I wanted to explain how we work with Guidance Providers (CERTs and similar groups) and why we consider them one of the most important segments in the ecosystem.
Monday, September 15, 2008
Andrew Cushman back again. BlueHat v8 is October 15th, 16th and 17th on the Microsoft campus in Redmond. The BlueHat team selected content that’s especially interesting and topical for Microsoft engineers and execs. We start it off with an Exec Day on the 15th – condensed versions of the presentations – still deeply technical – just delivered faster and with fewer graphics and demos.
Friday, September 12, 2008
Register now for the September 2008 Security Bulletin Webcast Security Bulletin Webcast Q&A Index Hosts: Christopher Budd, Security Response Communications Lead Adrian Stone, Lead Security Program Manager (MSRC) Website: TechNet/security Chat Topic: September 2008 Security Bulletin Date: Wednesday, September 9, 2008 Q: Are there any issues between Microsoft and Altiris that is delaying the availability of this month’s bulletins?
Friday, September 12, 2008
Hi, During this month’s webcast we were able to address 22 questions in the time allotted. The majority of the questions were regarding the GDI+ update (bulletin number MS08-052). We strongly recommend that you review the bulletin in detail for specific information regarding bulletins superseded by MS08-052, and affected products. Additionally, you will want to review the detection and deployment section to further understand how this update impacts your environment.
Tuesday, September 09, 2008
小野寺です 今月は、事前通知からの変更はなく、予定通り、計 4 件 (緊急 4 件)を公開しました。 セキュリティ
Tuesday, September 09, 2008
You may have noticed that the MS08-052 bulletin has a workaround that’s a little different than you’re probably used to seeing in our bulletins. That’s because gdiplus.dll, on all OSes after Windows 2000, is stored in something called the Windows Side By Side Cache (WinSxS). The purpose of the WinSxS cache is to keep old versions of assemblies around in case an application requires a specific version, and doesn’t want newer versions.
Tuesday, September 09, 2008
One of our blogging goals is to give you a peek “behind the scenes” into our security response process. We thought you might be interested in the story behind MS08-055, this month’s OneNote bulletin. In March, a security researcher sent in a report of an information disclosure vulnerability that affected OneNote 2007, a part of Office 2007.
