Browse by Tags

Related Posts
  • Blog Post: New Bounty Programs – One Week In

    Two weeks ago, Microsoft made an important evolutionary step in our work with the security community when we announced our first-ever bounty programs for security issues. One week ago, the Windows 8.1 Preview and Internet Explorer 11 Preview became available for download , and the doors officially opened...
  • Blog Post: Announcing BlueHat v9: Through the Looking Glass

    Handle: C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! BlueHat v9 will take place from October 21 to 23 at the Microsoft campus...
  • Blog Post: Does Microsoft Change My Automatic Updates Settings?

    Handle: Jman IRL: Jerry Bryant Rank: Group Manager, Response Communications Likes: Quad lattes, geek toys, responsible disclosure Dislikes: Tomatoes, slow drivers (frontgaters) As a follow on to the WGA and Security Updates post by Dustin Childs , I wanted to address another common...
  • Blog Post: Doors Open for New Bounty Programs

    As we announced last week , Microsoft is now offering $100,000 bounties for new exploitation techniques that can bypass our latest platform-wide defenses and up to $50,000 bonus bounties for defense ideas. We’re also offering (from now until July 26) bounties of up to $11,000 for critical security...
  • Blog Post: Snowpacalypse Now (I love the smell of briefings in the morning)

    Handle: Avatar IRL: Karl Hanmore Rank: Senior Security Strategist (aka Sergeant Grunt) Likes: Getting the job done, bringing the fight to the bad guys, good single malt whiskey Dislikes: Cowards, talkers not doers, red tape, humidity Handle: Mando Picker IRL: Dustin Childs ...
  • Blog Post: Office Security Engineering: BlueHat v9 Presentation Revisited

    Hi, this is Tom Gallagher from the Office Trustworthy Computing team. At Blue Hat v9 , David Conger and I presented some of the security engineering work that we were doing to help ensure the security of Office 2010. We don’t want a single bug in our parsing code to allow arbitrary code to harm...
  • Blog Post: Filling A Gap In the Vulnerability Market – First Bounty Notification

    When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of programs designed to create a win-win between the security...
  • Blog Post: Token Kidnapping finally patched!

    Here I am again writing on MS BlueHat blog, this time about Token Kidnapping. The first time I talked about Token kidnapping was a long time ago and now after a year the issues detailed in the presentation are finally fixed. Let's see what happened. Before the first public Token Kidnapping presentation...