Visualizing Software Security
Working to find bugs in the software security industry is much like prospecting for natural resources. An engineer takes a high level view of an unknown piece of territory to determine the lay of the...
View ArticleConcurrency Attacks in Web Applications
Hello, This is Scott Stender and Alex Vidergar from iSEC Partners, and our topic for BlueHat is Concurrency Attacks in Web Applications. Database administrators, computer architects, and operating...
View ArticleState of the Union
I spent a lot of time trying to think about what to write for a BlueHat pre-conference blog entry and had a pretty hard time focusing on one topic. To handle this, I decided to comment on the state of...
View ArticleGood Things Come in Blue Packages
Hello everyone, Celene Temkin here from the MSRC Ecosystem Strategy Team. BlueHat v8: C3P0wned ended a month ago and the success of the con lives on in the outstanding training and networking done...
View ArticleLearning by our mistakes
Mike Andrews here. With a very broad brush, the vulnerabilities we see can be split into two categories -- flaws and bugs. Flaws are inherent problems with the design of a system/application – Dan...
View ArticleGone is the era of yes/no questions
It used to be easy to be in the security industry. All you had to do is develop products that needed to say “nay” or “yay” on a given content and “bless” it to be secure or not. That is so 2007… As we...
View Article!exploitable Crash Analyzer Now Available
At BlueHat v8 in October 2008, Dave Weinstein, Jason Shirk and Lars Opstad presented the topic of when it’s okay to stop fuzzing (Fuzzed Enough? When It’s OK to Put the Shears Down). As part of that...
View ArticleToken Kidnapping finally patched!
Here I am again writing on MS BlueHat blog, this time about Token Kidnapping. The first time I talked about Token kidnapping was a long time ago and now after a year the issues detailed in the...
View ArticleDune Busting and Browser Fun at HITB – Dubai
Hi, Billy Rios here, I was recently invited to speak at Hack in the Box (HITB) in Dubai. While at HITB, I participated in two different talks, but I’m going to focus on the talk Chris Evans and I...
View ArticleGetting a business degree as part of Security Research?
What a great time to start thinking of travel – the weather is fairing up, June is here, and fortunately for me, I have a chance to take the driver seat again at another BlueHat conference! This time...
View ArticleStainless steel bridge
Hi! Manuel Caballero here. I had the pleasure of penetration testing (pen-testing) the previous versions of Microsoft Silverlight, and now, for the last three weeks, I’ve been playing around with the...
View ArticleSecuring our Legacy
Hi, this is Scott Stender from iSEC Partners. I recently had the privilege of speaking at Microsoft's BlueHat event in Brussels on the topic of securing legacy systems. With all of the recent coverage...
View ArticleBlack Hat USA Spotlight: ATL Killbit Bypass
There are only a few days left before Black Hat USA, and we, like most other speakers, are in the midst of the last-minute push to have all the materials finalized in time for our presentation. Our...
View ArticleCan we secure cloud computing? Can we afford not to?
There have been many disruptive innovations in the history of modern computing, each of them in some way impacting how we create, interact with, deliver, and consume information. The platforms and...
View ArticleCollaborating on RIA Security
Microsoft and Adobe frequently work together on security. At this year's BlueHat, we will come together to share our security research in the area of Rich Internet Applications (RIAs). While we...
View ArticleBabel Hacking
Hello world! Remember Mad Libs? How about Scrabble, when you'd try making up words that sound legit just to be de-bluffed by your friend. Playing these games provides endless hours of fun with words...
View ArticleAttacking SMS
This year at BlackHat USA in Las Vegas, we presented on the topic of attacking Short Message Service (SMS). Our presentation focused on the different ways in which SMS can be used to compromise mobile...
View ArticleThe lighter side of the cloud
Billy Rios here. I’m giving a talk this week along with Nate McFeters entitled, “Sharing the Cloud with Your Enemy.” It’s a fun, realistic talk on security in the cloud. Why cloud computing? Cloud...
View ArticleKnow thy Enemy
I recently attended BlueHat for the second time and spoke about the SMS vulnerabilities Collin Mulliner and I discovered and exploited this summer. BlueHat is an interesting speaking venue because the...
View ArticleBlueHat v9 brings the looking glass to you
Celene here from the MSRC Ecosystem Strategy Team. BlueHat v9: Through The Looking Glass ended just over a month ago and the success of the con lives on due to the outstanding training and networking...
View Article
More Pages to Explore .....