Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

August, 2008

  • Black Hat : Got2 Luv the H8ers

    So, this afternoon, I'm in the Microsoft booth at Black Hat when this guy comes up (badge hidden of course) and starts talking to some of my colleagues. Right away, it was pretty obvious that he was antagonistic. I will refer to him as "h8er" from here on out. Though I am paraphrasing a bit, this is based upon a true story. It gave me a chuckle, so I thought I'd share. h8er: So, how does it feel to work for a company that has made so many bad security decisions. MSFT guy: Well, I feel lucky to be...
  • Black Hat 2008, Here I Come...

    Tomorrow, I set off for Black Hat 2008 in Las Vegas to join colleagues that are already there (see Defend the Flag: Roguery Abounds! , over on the new MSRC Ecostrat blog .) As always, I am excited to head over to this conference to see if anything new and exciting will be presented and of course, to see and talk to folks that I haven't seen face to face in a while. In that vein, if you are going to be there and would like to grab a coffee and chat, send me a message - don't be shy. I'm not going...
  • The Four Horsemen of CLeopatra's Barge

    One of the more interesting session I went to yesterday was a talk by Chris Hoff called " The Four Horsemen of the Virtualization Apocalypse ." (If you've never read Hoff's blog, you should check it out at http://rationalsecurity.typepad.com/ .) I thought I was keeping a close eye on security and virtualization issues, but this talk illustrated how wide and varied the topic really is. This was not about Blue Pill and it wasn't about having security monitors in the hypervisor - instead he focused...
  • Exploitability Index - More Information for Customers

    Yesterday at Black Hat 2008, along with some other stuff , we announced that we will be adding some new information to Security Bulletins - an "Exploitability Index" for each of the vulnerabilities addressed by the bulletin. Based upon talking with Microsoft customers over the past five years, they are always looking for that little bit of extra information to help make prioritization decisions. An obvious example of this is the severity attached to the vulns. However, as explained by Mike Reavey...
  • Live from the ?Configuresoft? Conference

    I thought I'd share a quick story from Black Hat. So, I went Caesar's and headed back to the conference area to register and get my badge. As I neared the escalators, I started seeing a lot of folks with badges on that said "Configuresoft." I thought, hmm, there must be another conference going on here at the same time - which would be weird, since Black Hat filled the areas last year. Anyway, I trudged on, found registration and got my badge for Black Hat. Here is a picture: Duh. Look for more updates...