Malware, botnets and cyber criminals often behave very differently in specific countries, and have different goals or intentions. In Asia, for instance, trojans often target passwords to online games or services, whereas in Brazil, banking trojans are a larger issue of concern. It’s helpful for us to learn about country-specific threats, so we can relay concerns back to our product teams that have the ability to battle them.
In center, Mr. Kwangjin Park, Executive Vice President, Korea Internet & Security Agency (KISA) From left to right: Maarten Van Horenbeeck, Senior Program Manager, MSRC Mark McIntyre, Director, Government Security
Earlier this month, our team was honored by a visit of a delegation of KISA, the Korea Internet & Security Agency. KISA is a government agency that concentrates its work in three areas: Internet Promotion, Internet Security and Promote International Cooperation in the area of ICT and broadcasting. Their overarching goal is to make the Internet accessible, secure and useful to the people of Korea as well as to promote broadcasting and communications technology and services.
Korea is a special country when it comes to Internet use. It has a highly sophisticated, Internet-aware population with very high usage rates. In addition, much of their Internet use is mobile, with smart phones offering access to a large set of the population.
During our discussions, Mr. Park and his team presented to us the specific issues they are concerned about, and introduced some of their techniques to protect Korean internet users. Given Korea’s widespread use of the Internet for both public and private services, they have a thorough understanding of the need for clean and safe access to the Internet.
In Korea, their team manages the e-call center 118. This service is a hotline that provides toll-free, 24-hour Internet-related response services. Essentially, their trained team helps any Korean with issues such as a compromised machine, computer viruses and malware, spam, infringement of a user’s privacy, or any questions related to the use of the Internet. Wherever and whenever in Korea, a user can simply press 118 on his phone, and will be connected to a specialist to discuss the security issues he or she is experiencing. In addition, KISA operates a service that allows users to automatically forward spam to their team, which then investigates. Some years ago, Korea implemented stringent laws against spam, which they have the ability to enforce.
Microsoft has long recognized a need for expert assistance with security issues. Many years ago, we made a decision as well to support our customers for free regarding any malware issues, or problems during the deployment of security updates. In the US and Canada, this service is available by phone at 1-866-PCSAFETY. It is great to see this need acknowledged and to see KISA do this for Koreans at a national level.
From our end, we were happy to be able to provide KISA’s delegation with a briefing on how we are seeing many security issues in Asia, and Korea in particular, evolve. In particular, a lot of time was spent discussing how to combat malicious code and Distributed Denial of Service (DDoS) attacks, which is a common concern to Korea. In addition, we discussed Microsoft’s ability to share guidance and technical information to work together with KISA to further promote safe and secure internet access to Koreans.
*Postings are provided "AS IS," with no warranties, and conferring no rights.*
BlueHat v10 is on the horizon and I’m happy to be able to announce the lineup. This year we’ll be hosting our annual conference on October 13-15 at the Microsoft campus here in Redmond and, with the success of last year’s con, we’re working overtime to make it the most robust, top-notch BlueHat yet. As always, we'll interlace talks from internal and external security subject matter experts. This year our themes include fuzzing, predators of the security ecosystem, next-generation infrastructure, risks associated with mobile technologies, and the web browser landscape.
We start this year with the BlueHat Executive Sessions on October 13, which offer condensed versions of select presentations delivered in a deeply technical style to Microsoft vice presidents, general managers, senior managers and chief security advisors. In conjunction with these Executive Sessions, this year we’re hosting the BlueHat Fuzzing Summit, a full day of content focusing on fuzzing tools and methods presented for and by our fuzzing SMEs. The following two days, October 14-15, feature the BlueHat General Sessions for our larger Microsoft IT pro and developer populations. As with each BlueHat in Redmond, our primary goal is to educate our own Microsoft residents to better understand how to build more secure products. The more we know about the realities of the security ecosystem, the better we can assess our own security realities.
As with past BlueHats, for which we’ve archived select content and provided access to the masses online, BlueHat v10 will keep this information sharing alive and well for those who cannot attend in person. We will also be providing the usual anecdotes and blog posts from current and past BlueHat speakers for your viewing pleasure, so keep an eye out on the BlueHat and EcoStrat Blogs for future updates!
Here’s a brief overview of the general sessions, which we’re calling BlueHat v10: A Security Odyssey. Full details will be available on the BlueHat TechNet site within the week.
October 14, 2010
Morning Block: Predators of the Security Ecosystem
Blasting us off on our security odyssey, Colonel Sebastian M. Convertino II will dive into the topic of computer and information security and discuss his role developing the full spectrum of the Air Force’s cyber warfare capabilities. BlueHat Alumni Ian Amit will then lead us on a cyberspace walk through CyberCrime and CyberWarfare and map out the key players amongst each in Cyber[Crime|War] - connecting the dots. The Cold War may be over, but Fyodor Yarochkin will show us how many secrets cyber-Sputnik sees in From Russia with…an insight on intelligence analysis of Eastern hacker culture. After we tune our mission control systems to listen across the many sub-cyberspace frequencies for threats, we'll shift gears and hear from our very own "Houston" who responds when "we have a problem." MSRC's Dustin Childs will do a deep-space dive into some actual MSRC case studies in Behind the Curtain of 2nd Tuesdays: Challenges in Software Security Response. In Nine Trends Affecting the Future of Exploitation, John Lambert will close out the track with the exploitation trends that will shape attacks, and therefore defense, over the next decade, showing us what we as a security species must do to evolve, survive, and thrive. We are only dipping our toes at the shore of a cosmic security ocean, and the water looks inviting…
Afternoon Block: Next Generation
Our Next Generation track kicks off with cyber-cosmonaut Dan Kaminsky, who will give us a peek into his Unified Theory of DNS Security. In another galaxy, not so far, far away, Matthieu Suiche will then introduce his MoonSols Windows Memory Toolkit in The Blue screen of death is dead. Matthieu will demonstrate how to get a crash dump of a running VM without causing a reboot or BSOD, a far cry from the blunt tools of security eons past. Vincenzo Iozzo, Tim Kornau, and Ralf-Philipp Weinmann will reprise their Black Hat USA talk, Everybody be cool this is a ROPpery, and show us how return-oriented programming, an advanced exploitation technique, is used to bypass most of our platform mitigations. That is, until Fermin J. Serna and Andrew Roths assure us that "our shields are indeed still up, Captain!" with the Enhanced Mitigation Experience Toolkit talk, showing how EMET's new features can actually defeat current attacks, such as ROP. Closing our Next Generation track, Grant Bugher will tour the upper stratosphere in Defensive Cloud Application Development, which will address the dual-sided coin of attacking cloud-based systems and security engineering for cloud application deployments. By the time this track wraps up, you will have mastered those anti-gravity boots required for high altitudes!
October 15, 2010
Morning Block: Risks Associated with Mobile Technologies
Having thoroughly recovered from your mind being blown by the incomprehensible vastness of space and "the cloud" from Day 1, we will then take you from the infinite to the infinitesimal in our last block covering mobile technologies. While technology hasn't quite gotten home computers down to atomic sizes, our current mobile technologies are putting more and more powerful machines into smaller and smaller packages. These micro machines puncture any semblance we ever had of a "perimeter," and they contain some of our most sensitive information. Mike Howard, first mate of the starship SDL, leads us through the perilous asteroid belt of mobile security in his keynote talk. Our own Geir Olsen will go deep on the key challenges that the mobile security model tackles and how its provisions work together in practice to enable trustworthy mobile computing in the Windows Phone 7 Security talk. Charlie Miller will be our mobile security Carl Sagan, guiding us deeper in our exploration of mobile security space by addressing what makes mobile exploit payloads unique in A Brief History of Attacks against iOS and Android. Next up, the out-of-this-orbit trio of Thomas "Halvar Flake" Dullien, Tim Kornau, and Ralf-Philipp Weinmann will converse with us in the language of the universe –mathematics – to demonstrate a framework of algorithms capable of locating a Turing-complete gadget set in A Framework for Automated Architecture-Independent Gadget Search.
Afternoon Block: The Web Browser Landscape
The browser is a lens through which we view the Web, and in many cases, the cloud. Pointing out where our lens is as warped as the first Hubble mirror, renowned Web security expert Jeremiah Grossman will demonstrate how browsers can be broken and used maliciously in Browser Hacks, Design Flaws, & Opt-In Security. Robert "RSnake" Hansen will remind us of our primitive human traits (of ingenuity and adaptability) by challenging us to design secure browsers for a hostile world (despite complex browser, OS, and network interoperability requirements) in The mixed blessing of browser security. Microsoft's own Mike Andrews and Brian Christian will then close out the block and give us an insiders' perspective on how we are evolving ever further to protect the search experience in Bing through malicious traffic detection in How Bing Protects Itself. What happens when Bing gets so intelligent it can tell the difference between a real user and an attack? You will have to see it to find out.
Looking forward to blast off as always,