I’m here at the second edition of the BlueHat Security Forum, this time in Buenos Aires. So far it is shaping up to be an immensely successful event. We started the day off with a welcome announcement from Hernán Rincón, president of Microsoft Latin America, and have more technical insights to come, some scary and some more reassuring, in the typical BlueHat fashion.
As a follow on to the WGA and Security Updates post by Dustin Childs, I wanted to address another common question we get regarding both security and non-security updates that customers receive from Microsoft through Windows Update or Microsoft Update. Customers sometimes feel that somehow the settings they chose in the update console have been changed. Most commonly, customers who have set the client to notify them before installing updates are now getting updates automatically without prompting.
CanSecWest, in beautiful Vancouver BC, is one of my favorite conferences each year. It’s a cozy little security con that brings together security researchers from all parts of the security ecosystem. Like a PhNeutral or a BlueHat, one never quite knows what to expect out of a CanSecWest, but we do know that Microsoft products and engineers will play a prominent role. We’ll be presenting new security innovations and new tools, we’ll be watching Pwn2Own closely for possible hacks, and we’ll be happy to discuss our industry best practices in the hallway track.
What speaks English, Portuguese and Spanish, has a hundred set of eyes, and battles in the defense of good against evil on a daily basis? No, it’s not the mythological Chupacabra ;-)—it’s the BlueHat Security Forum: Buenos Aires Edition. With the Forum ~5 weeks away I’m pleased to share the speaker line up and content details for what is sure to be a an eventful security briefing.
As mentioned in Sarah’s Black Hat post, we’re profiling some of our own internal security members and sharing their perspectives around Microsoft’s engagement in the security community. Maarten Van Horenbeeck, Security Program Manager, Microsoft Security Response Center (MSRC) and Katie Moussouris, Senior Security Strategist, Secure Development Lifecycle (SDL), answer the following two questions:
How did we become involved in security at Microsoft?
What changes have we seen at Microsoft security over the years?
Hey folks! I know this is typically the time of year when birds are chirping, the rain is supposed to be letting up, and those of you in the BlueHat network who are normally invited to attend the Spring BlueHat conference are asking yourselves, "Why did MSRC start doing the con only once a year?" The answer, of course, is pretty simple and complicated at the same time. Today marks the beginning of the next evolution of the BlueHat Security Briefings, with the launch of the BlueHat Security Forum taking place at the Microsoft Executive Briefing Center in Brussels, Belgium.
Hi! It's been a while since I've had a chance to blog about all the things we have been doing here. As travelling around to various security events is a big part of our mantra, I’ve been to Tokyo Japan for PacSec and Seoul, South Korea for POC 2009. Both were great conferences and had great security talks.
PacSec had a lot of the Japanese security scene in attendance (the local powerhouses are pretty sharp and savvy) along with international researchers and past BlueHat speakers, Charlie Miller and Alex Stamos. Take a minute to check out archived presentations from our own Tony Lee introducing the SIRv7 and Jason Shirk discussing fuzzing strategies. But the biggest interest concerned mobile code threats such as malware and how the perimeter defenses are fading away as a viable protection. This seems to be a hot topic everywhere, so hot that the just wrapped-up BlueHat v9 con had an entire track dedicated to mobile security, and in June 2010, at the annual FIRST Conference, how the perimeter defenses are fading away will be the theme for the whole conference.
As I’m sure you are all well aware by now, the second installment of the BlueHat Security Forum: Buenos Argentina Edition shipped on March 18, 2010, and was a resounding success. For those of you first hearing about this BlueHat Forum, the event itself was an exclusive, invitation-only gathering of 100 select business decision-makers and security researchers from across Latin America.
Guten Morgen! Joe Hemmerlein hier vom Microsoft Security Response Center (MSRC). I just returned from Germany earlier this month, where I spent some time mingling with security researchers. It's customary that we share a bit of our experience at security conferences right here, on the EcoStrat blog - and this is my first posting.
One of the things I get to do in the Microsoft Security Response Center (MSRC) is talk to our customers and tell them about the process by which Microsoft identifies potential security vulnerabilities in its products, eliminates those vulnerabilities, and provides remediation and information to customers. In other words, I get to explain what I do for a living to anyone who will listen. I really enjoy doing this, because I find out first-hand what is most important to our customers as well as what questions they have about the Microsoft response process.
CanSecWest is probably one of the most interesting conferences for the Microsoft Security Response Center (MSRC) team to attend. A leisurely two-and-a-half hour drive from our corporate headquarters it’s organized in the multi-cultural Canadian hub of Vancouver. Easy air connections to Europe, Asia, and anywhere in North America make it a yearly melting pot for capable security researchers from all over the world.
Marhaban! Maarten Van Horenbeeck here from the Microsoft Security Response Center (MSRC). This is the first time I have blogged here on EcoStrat. As a Security Program Manager with MSRC, one of the roles I have is to work with security researchers, and this often involves attending security conferences to meet with you. Two weeks ago, a couple of us in Trustworthy Computing (TwC) attended the Hack in the Box (HITB) security conference in hot and sizzling Dubai, United Arab Emirates.
You are probably wondering what an EcoStrat guy has to do with security updates and other technical deliverables. Well, I want to take a moment to explain why this makes sense. Before taking on the role of working with the monthly security release team and the MAPP program team, I primarily worked with the partner outreach team, managing ecosystem changes through industry partnerships. The partner outreach team’s goals/focus, within the scope of the EcoStrat team, is to work with industry to establish partnerships and initiatives to protect consumers. One of the most visible results is the MAPP initiative. This is a program that works with the security industry ecosystem to create an effective conduit for inbound and outbound information flow.
Hi All, This is Dustin and Karl from the Microsoft Security Response Center (MSRC). Recently, we were fortunate enough to attend the Black Hat DC 2010 conference held in Washington, D.C. We wanted to share our personal highlights from this great conference and provide a bit of a weather report too.