One of the more interesting session I went to yesterday was a talk by Chris Hoff called " The Four Horsemen of the Virtualization Apocalypse ." (If you've never read Hoff's blog, you should check it out at http://rationalsecurity.typepad.com/ .) I thought I was keeping a close eye on security and virtualization issues, but this talk illustrated how wide and varied the topic really is. This was not about Blue Pill and it wasn't about having security monitors in the hypervisor - instead he focused...

So, this afternoon, I'm in the Microsoft booth at Black Hat when this guy comes up (badge hidden of course) and starts talking to some of my colleagues. Right away, it was pretty obvious that he was antagonistic. I will refer to him as "h8er" from here on out. Though I am paraphrasing a bit, this is based upon a true story. It gave me a chuckle, so I thought I'd share. h8er: So, how does it feel to work for a company that has made so many bad security decisions. MSFT guy: Well, I feel lucky to be...

I thought I'd share a quick story from Black Hat. So, I went Caesar's and headed back to the conference area to register and get my badge. As I neared the escalators, I started seeing a lot of folks with badges on that said "Configuresoft." I thought, hmm, there must be another conference going on here at the same time - which would be weird, since Black Hat filled the areas last year. Anyway, I trudged on, found registration and got my badge for Black Hat. Here is a picture: Duh. Look for more updates...

Yesterday at Black Hat 2008, along with some other stuff , we announced that we will be adding some new information to Security Bulletins - an "Exploitability Index" for each of the vulnerabilities addressed by the bulletin. Based upon talking with Microsoft customers over the past five years, they are always looking for that little bit of extra information to help make prioritization decisions. An obvious example of this is the severity attached to the vulns. However, as explained by Mike Reavey...

Tomorrow, I set off for Black Hat 2008 in Las Vegas to join colleagues that are already there (see Defend the Flag: Roguery Abounds! , over on the new MSRC Ecostrat blog .) As always, I am excited to head over to this conference to see if anything new and exciting will be presented and of course, to see and talk to folks that I haven't seen face to face in a while. In that vein, if you are going to be there and would like to grab a coffee and chat, send me a message - don't be shy. I'm not going...