It has been nearly four months since we gathered in Redmond for BlueHat v12, and we’ve almost caught up on our sleep. As we prepare for what promises to be a momentous year for the BlueHat program – culminating in December with BlueHat v13 – we’ve selected nine of the most compelling, talked-about, or just plain chewy talks from last year’s festivities to share with you.

  • Fraud and Abuse: A Survey of Life on the Internet Today --> WATCH IT ON DEMAND
    Ellen Cram Kowalczyk, Principal Security Program Manager Lead, Microsoft

    Kowalczyk kicked off BlueHat v12 in the morning with a look at two of the most difficult security issues facing our customers today. When you’re in the process of becoming the leading devices and services company, this is the sort of thing that’s on your mind every morning.

  • Social Authentication --> WATCH IT ON DEMAND
    Alex Rice, Product Security, Facebook

    Over the past year, Facebook engineers have been working on various attempts to expand authentication from “something you know” to “someone you know.” Rice’s talk demonstrates some of the results and details the lessons his company has learned along the way.

  • Scriptless Attacks: Stealing the Pie Without Touching the Sill --> WATCH IT ON DEMAND
    Mario Heiderich, Dr.-Ing, Ruhr-University in Bochum, Germany

    Removing JavaScript from the cross-site scripting equation doesn’t necessarily take away the XSS pain, as Dr. Heiderich demonstrates. Learn how attackers can use seemingly benign features to build side-channel attacks that can measure and exfiltrate data from even well-protected sites – and find out what can be done to stop it.

  • Sh*t My Cloud Evangelist Says… Just Not My CSO --> WATCH IT ON DEMAND
    Chris Hoff, Senior Director and Security Architect, Juniper Networks

    In front of an audience evenly divided between developers and security folk, Chris Hoff laid out the differences in worldview between the two – yes, there are a few – and how those translate into the world of cloud computing. More secure? Less secure? Let the debate begin…

  • Don't Stand So Close to Me: An Analysis of the NFC Attack Surface --> WATCH IT ON DEMAND
    Charlie Miller, Systems Software Engineer, Twitter

    Near-field communication (NFC) technology is growing in popularity, with mobile devices leading the communications charge. But when you tap your phone to an NFC-enabled terminal to make a credit-card payment, how do you know you haven’t been owned – or worse? Miller looks at how NFC technology expands the potential attack surface for mobile devices.

  • Building Trustworthy Windows Store Apps --> WATCH IT ON DEMAND
    David Ross, Principal Software Security Engineer, Microsoft and Crispin Cowan, Senior Program Manager, Windows Security, Microsoft

    The Windows Store environment is designed to protect consumers’ machines and data from individual apps, but that puts serious responsibility on developers to use secure coding practices. Ross and Cowan look at what that means and how developers can approach the challenge without tears.

  • Why UEFI? --> WATCH IT ON DEMAND
    Matthew Garrett, Senior Software Engineer, Nebula

    The Unified Extensible Firmware Interface (UEFI) brings far greater security to the firmware environment, letting developers build security policies that extend all the way into the most basic layers of shipped code. But do we lose platform differentiation in the process? Garrett details why that’s not necessarily the case.

  • Pass the Hash and Other Credential Theft and Reuse: Preventing Lateral Movement and Privilege Escalation --> WATCH IT ON DEMAND
    Patrick Jungles, Security Program Manager, Microsoft

    Credential theft and re-use attacks have gained in popularity in recent years, and there’s nothing tastier for some attackers than your delicious, delicious hashes. Jungles, the Microsoft PM who led the company-wide workgroup that researched and released our recent pass-the-hash whitepaper, presents an overview of the group’s findings.

  • Why Johnny Can't Patch: And What We Can Do About It --> WATCH IT ON DEMAND
    David Seidman, Senior Security Program Manager, Microsoft

    Microsoft works hard to develop and release security bulletins as soon as we’re aware of a vulnerability that needs addressing. So how is it some users remain vulnerable to issues for which the cure has existed for months, if not years? Seidman dives deep into who doesn’t patch, why, and what might change their ways.

Enjoy! We’re looking forward to BlueHat v13 – Return to your “C:\>”(s). We suspect there will be a lot to talk about.

Emily Anderson
Security Program Manager, MSRC, Microsoft