1024 ビット未満の暗号キーをブロックする更新プログラム (KB2661254) を 8/14 に公開
Sunday, July 29, 2012
公開キーをベースに暗号化アルゴリズムの強度を考えた場合に、ブルート フォース攻撃によって公開キーが奪わ
Month Archives: July 2012
EMET v3.5 Tech Preview が公開されました
Friday, July 27, 2012
2012 年 7 月 25 日 (米国時間)、Enhanced Mitigation Experience Toolkit (EMET) v3.5 Tech Preview 版が利用可能となりました。この Tech Preview 版は名前の
Announcing the availability of ModSecurity extension for IIS
Thursday, July 26, 2012
Vulnerabilities in on-line services, like cross-site scripting, cross-site request forgery, or even information disclosure, are important areas of focus for the Microsoft Security Response Center (MSRC). Over the last few years Microsoft has developed a number of tools capable of mitigating selected web specific vulnerabilities (for example, UrlScan). To help on this front we have participated in a community effort to bring the popular open source module ModSecurity to the IIS platform.
Announcing the BlueHat Prize winners!
Thursday, July 26, 2012
Minutes ago in Las Vegas at the Microsoft Researcher Appreciation Party, we completed the journey we set out on together at the 2011 Black Hat briefings. There, we asked the security research community to focus its talent and expertise on defense, to design and prototype novel runtime mitigation technologies to prevent the successful exploitation of memory safety vulnerabilities.
Technical Analysis of the Top BlueHat Prize Submissions
Thursday, July 26, 2012
Now that we have announced the winners of the first BlueHat Prize competition, we wanted to provide some technical details on the top entries and explain how we evaluated their submissions. Speaking on behalf of the judges, it was great to see people thinking creatively about defensive solutions to important security problems!
The BlueHat Prize V1.0 – And the Winners Are…
Thursday, July 26, 2012
Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice As we wrap up the first BlueHat Prize contest, we wanted to share what we learned while running the first competition, from a major vendor, offering a large cash prize for defensive security research.
BlueHat Prize technology available in Tech Preview
Tuesday, July 24, 2012
One year ago this week we challenged the security community to take an unconventional focus on defensive innovation. We called that challenge the BlueHat Prize, and tomorrow night, we will award the grand prize of $200,000 to one of the finalists, either Jared DeMott, Ivan Fratric, or Vasilis Pappas. All three finalists submitted prototype mitigations that help prevent exploits that use Return Oriented Programming (ROP) techniques.
EMET 3.5 Tech Preview leverages security mitigations from the BlueHat Prize
Tuesday, July 24, 2012
Last year at Black Hat Las Vegas, we announced the BlueHat Prize contest – a large cash prize awarded for defensive security research. One month ago, we announced the names of three finalists. On Thursday night shortly after 10 PM, at the Microsoft Researcher Appreciation Party, we will unveil which finalist won which prize – the grand prize of $200,000 USD, the second prize of $50,000 USD, and the third prize of an MSDN subscription, valued at $10,000 USD.
Microsoft Exchange および FAST Search Server 2010 for SharePoint の脆弱性に関するセキュリティ アドバイザリ 2737111 を公開
Tuesday, July 24, 2012
本日マイクロソフトは、セキュリティ アドバイザリ 2737111 を公開しました。 このアドバイザリは、Oracle の Oracle
More information on Security Advisory 2737111
Tuesday, July 24, 2012
Today we released Security Advisory 2737111 to describe the way in which vulnerabilities in Oracle’s Outside In technology impact the document preview functionality of Microsoft Exchange Server 2007 and 2010 and FAST Search Server 2010 for SharePoint. In this blog, we would like to discuss the following: What is the Oracle Outside In technology?