Skip to main content
MSRC

Month Archives: September 2007

BlueHat, Day 2: Morning of Mobile, Afternoon of Cool Tools

Friday, September 28, 2007

Hello world! Katie Moussouris here at BlueHat. Yesterday’s talks certainly set the bar high. We saw topics range from Mark Russinovich’s clarification of security boundaries to Halvar Flake’s automated malware classification to Roberto Preatoni’s discussion of his exploit marketplace project, better known as WabiSabiLabi. I spent the day recording audio podcasts with each of our BlueHat speakers, getting a brief inside look at each fascinating topic – look for these in the near future on the technet website.

The new security disclosure landscape

Friday, September 28, 2007

Rain Forest Puppy ( rfp@wiretrip.net) Security disclosure has always been a contested topic, pitting “those that find the bugs” against “those that are responsible for the bugs.” In the days before security disclosure became a formal topic, those people who gave credence to some sort of moral compass often sought to follow a “gentleman’s code” that typically involved an earnest attempt to disclose the problem to the vendor and give the vendor a chance to fix it.

Vista and Vigilance

Friday, September 28, 2007

Halvar Flake, Sabre Security I have been told that I can write a blog entry for the BlueHat blog, with little or no editing, and now I sit here and have to make up something interesting to write about. I have a bit of a writers block today, caused by being tired, jetlagged, and already halfways on my way to the airport for my flight back.

Microsoft, Mobile, and Security

Thursday, September 27, 2007

Ollie Whitehouse Architect, Advanced Threat Research, Symantec Corporation So if you had told me that one day I would be invited to Microsoft to talk about a subject I’ve now been involved in researching on and off for over six years and something I must say that has burned in my belly with passion for most for most of it, I would have said ‘unlikely’.

Pay no attention to that vuln behind the curtain

Tuesday, September 25, 2007

Adam Shostack here, guest blogging for the BlueHat blog. As you may have seen from Andrew Cushman’s post, the theme of this BlueHat is “The Vuln Behind the Curtain.” I really like this theme, because it’s part of a maturing in the way we’re dealing with security issues. I’m not going to claim Microsoft is perfect, but we’re doing a pretty good job at pushing downwards the number of vulnerabilities (and updates) our customers need to deal with.

Announcing BlueHat v6

Thursday, September 20, 2007

Hi, Andrew Cushman here. I wanted to let you know that BlueHat is back in Redmond, as BlueHat v6: The Vuln Behind The Curtain opens September 27th and 28th. Once again we have two days of great security content that covers the spectrum of issues in security. For more information please see the BlueHat Blog at http://blogs.

Announcing: BlueHat v6!

Thursday, September 20, 2007

Andrew Cushman here. BlueHat is back in Redmond, as BlueHat v6: The Vuln Behind The Curtain opens September 27th and 28th. Once again we have two days of great security content that covers the spectrum of issues in security. The BlueHat speakers, both leading external security researchers and internal Microsoft engineers, will pierce the security veil of virtualization and process isolation.

Detection and Deployment Logic Update for MS07-052

Thursday, September 13, 2007

Hi everyone. Ben from the MSRC here. I am the case manager that handled the Crystal Reports for Visual Studio Bulletin, MS07-052, and I wanted to let you know that today we updated our detection and deployment logic for that bulletin. First, I want to note that we’re not making any changes to the update itself given it protects against the vulnerability discussed in the bulletin.