Browse by Tags

Related Posts
  • Blog Post: BlueHat v14 is almost here

    It’s that time of year and BlueHat v14 is almost upon us. As always, BlueHat is an opportunity for us to bring the brightest minds in security together, both internal and external, to discuss and tackle some of the hardest problems facing the industry today. Through this conference, our engineering...
  • Blog Post: Bug Bounty Evolution: Online Services

    Today marks the next evolution in bounty programs at Microsoft as we launch the Microsoft Online Services Bug Bounty program starting with Office 365. In our mobile first, cloud first world, this is an exciting and logical evolution to our existing bug bounty programs . Office 365 is the first of...
  • Blog Post: The lighter side of the cloud

    Billy Rios here. I’m giving a talk this week along with Nate McFeters entitled, “ Sharing the Cloud with Your Enemy .” It’s a fun, realistic talk on security in the cloud. Why cloud computing? Cloud computing, software as a service, infrastructure as a service, platform as a service… with so many...
  • Blog Post: Hack.lu: Why it’s all about building bridges

    Handle: Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni “We want to remain what we are” (“Mir...
  • Blog Post: !exploitable Crash Analyzer Now Available

    At BlueHat v8 in October 2008, Dave Weinstein, Jason Shirk and Lars Opstad presented the topic of when it’s okay to stop fuzzing ( Fuzzed Enough? When It’s OK to Put the Shears Down ). As part of that presentation, Dave talked about a technique used within Microsoft for triaging and categorizing crashes...
  • Blog Post: Something Old, Something New, True Blue

    This year marks the tenth BlueHat at Microsoft, and my sixth round in participating in the event that has been so instrumental in keeping Microsoft developers and executives in touch with the pulse of security research outside Microsoft, and serves as one of the key crossroads for the exchange of ideas...
  • Blog Post: The EMET 2.0 Training Video has arrived!

    Hey there, I'm pleased to announce that the BlueHat team has partnered with the dynamic Microsoft Security Response Center (MSRC) Engineering duo of Andrew Roths and Fermin J. Serna on a training video previewing the new release, version 2.0, of the Enhanced Mitigation Experience Toolkit (EMET). This...
  • Blog Post: Getting Into Information Security Intelligence Gathering: A BlueHat v10 Retrospective from Speakers Ian Iftach Amit and Fyodor Yarochkin

    Ian: Having a mild case of "professional ADHD" is probably what got me started on this whole "cyber" thing. Having done research, development, integration and consulting in the past, I was starting to get too many unanswered questions in my mind when dealing with customers and individuals who were being...
  • Blog Post: BlueHat Prize entries: The final tally is…

    Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice The entries are in! After a last-minute wave of fresh...
  • Blog Post: Do you believe in ghosts?

    When I was a kid, I had nightmares every week. I still remember some of them vividly, particularly the ones where ghosts were involved. Not the typical ghosts from the movies , but ones that could not be seen, only heard and felt. Why would I be so frightened and still remember them “vividly” today?...
  • Blog Post: BlueHat v10 Shipping!

    Handle: Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns I’m here playing MC at the tenth edition...
  • Blog Post: Announcing BlueHat v10: A Security Odyssey

    BlueHat v10 is on the horizon and I’m happy to be able to announce the lineup. This year we’ll be hosting our annual conference on October 13-15 at the Microsoft campus here in Redmond and, with the success of last year’s con, we’re working overtime to make it the most robust...
  • Blog Post: BlueHat Security Forum: Buenos Aires Edition--Shipping!

    Handle: Silver Surfer IRL: Mike Reavey Rank: Director, MSRC Likes: Warm weather, Battlestar Galactica, and responsibly reported vulnerabilities Dislikes: Rain, Rain without end, Clouds with potential for rain, reality TV, and unpatched vulns I’m here at the second edition of the...
  • Blog Post: Heya! Hola and Olá!

    It was pretty fun sitting in the panel that kicked-off the first BlueHat Security Forum in Latin America and we are almost half-way through our day here in Buenos Aires. (Check out Mike Reavey’s EcoStrat Blog post for details about the panel.) It is always great to see old friends from the ecosystem...
  • Blog Post: Collaborating on RIA Security

    Microsoft and Adobe frequently work together on security. At this year's BlueHat , we will come together to share our security research in the area of Rich Internet Applications (RIAs). While we independently place considerable thought and effort into our respective security models, attackers often look...
  • Blog Post: BlueHat v9 brings the looking glass to you

    Celene here from the MSRC Ecosystem Strategy Team. BlueHat v9: Through The Looking Glass ended just over a month ago and the success of the con lives on due to the outstanding training and networking between Microsoft employees, external speakers, and guests. I'm happy to say that the speaker video interviews...
  • Blog Post: Good Things Come in Blue Packages

    Hello everyone, Celene Temkin here from the MSRC Ecosystem Strategy Team . BlueHat v8: C3P0wned ended a month ago and the success of the con lives on in the outstanding training and networking done between Microsoft employees and external speakers and guests. I'm happy to say the speaker video interviews...
  • Blog Post: Thank you Buenos Aires!

    Handle: C-Lizzle IRL: Celene Temkin Rank: Program Manager 2 & BlueHat Project Manager Likes: Culinary warfare, BlueHat hackers and responsible disclosure Dislikes: Acts of hubris, MySpace, orange mocha Frappaccinos! Hey Everyone, As I’m sure you are all well aware by now, the...
  • Blog Post: State of the Union

    I spent a lot of time trying to think about what to write for a BlueHat pre-conference blog entry and had a pretty hard time focusing on one topic. To handle this, I decided to comment on the state of security. While I've found plenty of things to be excited about with security, including improved...
  • Blog Post: Snowpacalypse Now (I love the smell of briefings in the morning)

    Handle: Avatar IRL: Karl Hanmore Rank: Senior Security Strategist (aka Sergeant Grunt) Likes: Getting the job done, bringing the fight to the bad guys, good single malt whiskey Dislikes: Cowards, talkers not doers, red tape, humidity Handle: Mando Picker IRL: Dustin Childs ...
  • Blog Post: G’day mate, howsitgoing?

    Handle: Avatar IRL: Karl Hanmore Rank: Senior Security Strategist (aka Sergeant Grunt) Likes: Getting the job done, bringing the fight to the bad guys, good single malt whiskey Dislikes: Cowards, talkers not doers, red tape, humidity G’day, or should I say howdy, y’all. As...
  • Blog Post: Hacker Olympics: a shout-out from Vancouver, BC!

    Handle: Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni Handle: Mando Picker IRL: Dustin Childs ...
  • Blog Post: Strengthening the Security Cooperation Program

    Handle: Cap'n Steve IRL: Steve Adegbite Rank: Senior Security Program Manager Lead Likes: Reverse Engineering an obscene amount of code and ripping it up on a snowboard Dislikes: Not much but if you hear me growl…run G'day Mate! I have always wanted to say that. I am here at the...
  • Blog Post: Attacking SMS

    This year at BlackHat USA in Las Vegas , we presented on the topic of attacking Short Message Service (SMS). Our presentation focused on the different ways in which SMS can be used to compromise mobile security. We’re excited to give an updated version of our talk at the upcoming BlueHat v9 conference...
  • Blog Post: Learning by our mistakes

    Mike Andrews here. With a very broad brush, the vulnerabilities we see can be split into two categories -- flaws and bugs. Flaws are inherent problems with the design of a system/application – Dan Kaminskys’ DNS vulnerability would be a good example. Bugs, on the other hand, are issues with the implementation...