Skip to main content

Community-based Defense

A Brussels retrospective from Oahu

Thursday, June 11, 2009

** Handle:** Security Blanki IRL: Sarah Blankinship Rank: Senior Security Strategist Lead Likes: Vuln wrangling, teams of rivals, global climate change - the hotter the better Dislikes: Slack jawed gawkers (girls are geeks too!), customers @ risk, egos Aloha from the Shakacon III, a security conference held each year in lovely Honolulu, Hawaii!

Announcing the BlueHat Security Forum: EU Edition

Tuesday, June 02, 2009

Handle: C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Hey folks! I know this is typically the time of year when birds are chirping, the rain is _supposed _to be letting up, and those of you in the BlueHat network who are normally invited to attend the Spring BlueHat conference are asking yourselves, “Why did MSRC start doing the con only once a year?

Chills and Thrills at FIRST

Tuesday, February 10, 2009

Sveika! Hey Steve here, been a while since I posted on the EcoStrat blog. With all the security events that happened during the latter half of 2008, I have been very focused on working with the security update releases and Microsoft Active Protections Program (MAPP). Handle: Cap’n Steve IRL: Steve Adegbite

Gone is the era of yes/no questions

Wednesday, February 04, 2009

It used to be easy to be in the security industry. All you had to do is develop products that needed to say “nay” or “yay” on a given content and “bless” it to be secure or not. That is so 2007… As we have been witnessing during a turbulent 2008 (and yes – it actually started in 2007…) nowadays the ability to decide whether a given content (note the distinction between content and file…) is malicious or not is much more complicated.

Constants and Change

Monday, February 02, 2009

Microsoft has been talking about community-based defense for some time now. This week, I want to provide a personal dimension to the campaign, and give an update on recent activities. Curiously, as I started to write this post, a couple of phrases popped up, which despite being somewhat trite, seemed appropriate – “change is constant” and “the more things change the more they stay the same.

MS08-067: Example of Need for Increased Collaboration

Thursday, October 23, 2008

Handle: Cap’n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run You’ve probably heard that we released an out-of-band Security Bulletin for a vulnerability in Windows (MS08-067).

State of the Union

Thursday, October 16, 2008

I spent a lot of time trying to think about what to write for a BlueHat pre-conference blog entry and had a pretty hard time focusing on one topic. To handle this, I decided to comment on the state of security. While I’ve found plenty of things to be excited about with security, including improved awareness, ~~~~enhanced vendor responsiveness to issues (although some still lag behind), increasing global awareness of security concerns, etc.

The Valley Between Black & Blue

Thursday, August 21, 2008

Handle: C-Lizzle IRL: Celene Temkin Rank: BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! I affectionately call this time between summer conferences, the black and blue phase, where I wear security like a Hypercolor t-shirt, changing colors depending on where we are in our conference shipping and planning cycles.

DNS: An Example of Ecosystem Partnerships

Wednesday, August 06, 2008

Handle: Zot IRL: Zot O’Connor Rank: Program Manager 2 Likes: Taking on the enemy with partners, Automating processes, good scotch and bourbon Dislikes: Poor reporting, FUD, miscreants, dangling participles My name is Zot O’Connor and I am a computer genius. Really, the Seattle Post-Intelligencer says so . Okay, not directly, but I was one of the group of “computer geniuses” converging on our campus back in March because of this DNS issue.

Black Hat 2008: What it Means, What to Expect

Monday, August 04, 2008

Handle: The Crushman IRL: Andrew Cushman Rank: Security Director Likes: Cranberry juice (thanks Jay!) Dislikes: Super helpful hotel desk clerks (thanks Raoul?) Hey Andrew Cushman here… It’s that time of year, August in Vegas, time for the big show, it’s Black Hat time… Along with the vivid memories of crowded briefing rooms, the critical mass of security talent, great side conversations, and the ever present “ching-ching” of slot machines - this year, it brings up thoughts of where Microsoft, the Microsoft Security Response Center (MSRC) and our commitment to Trustworthy Computing (TwC) have been and keen anticipation of where we’re going.