Security Watch | Matt Hines » Microsoft preps for hacker confab

September 24, 2007 | Comments: (0)

Microsoft preps for hacker confab

TAGS: Security

Microsoft is getting ready to hold the sixth in its series of invite-only meetings for security researchers and white hat hackers -- dubbed BlueHat -- on Thursday and Friday of this week.

Held on Microsoft's Redmond, Wash. Home campus, the twice-per-year event is officially slated as BlueHat v6: The Vuln Behind The Curtain and will feature discussions on topics including "the security veil of virtualization and process isolation."

Microsoft organizers said that the event will also offer talks on Windows Mobile and automated exploit creation using researcher HD Moore's Metasploit tools.

There will also be a meeting to discuss a specific domain name system (DNS) pinning design issue that ca be used to demonstrate how the software giant's Internet Explorer browser can be turned into a virtual private network (VPN) concentrator. Other discussions will debate the security issues of Microsoft Office, binary instrumentation, visualization and the economics of security.

The software maker officially describes BlueHat as "an internal event at Microsoft where outside security researchers are brought in to share their knowledge and expertise of the security threat environment with Microsoft senior executives and software engineers." Members of the press are not invited, however.

Andrew Cushman, director of the Microsoft Security Response Center (MSRC), the company's vulnerability and attack response group, has already posted a blog about the upcoming meeting on the company's Web site.

"As we reflect back on the 10 years of evolution in security at Microsoft, it’s fascinating to watch the deepening of relationships between Microsoft and the security ecosystem, and consider how these relationships tie into larger, longer term initiatives," Cushman writes. "Hearing from the people doing cutting edge research helps Microsofties understand the external research community’s focus and motivations, and helps us build better products and offerings."

Among the goals for the event that Cushman cites are:

-To expose senior product leaders and front line engineers to the threats and attack tools and methodologies used in the real world

-To increase people/s real-world understanding of attacks

-To connect executives and engineers at a "visceral" level

-To expose security researchers (and the security community) to Microsoft engineers and business leaders

"BlueHat gives us a chance to open up on our home turf and gives the researchers an opportunity to interact with all levels of the organization," said Cushman. "They too get to experience first-hand that Microsoft does have smart, passionate engineers that do care about security."

While BlueHat remains a "closed-door" affair, Microsoft is promising to share details of the conference as it moves along. Stay tuned.

And, hey, who knows, maybe next year we'll even get an invite… after all, Cushman's list of goals pretty much describes the job of anyone whose responsibility is trying to explain IT security trends to business leaders.

You know, sort of like the job of us tech reporters.

Posted by Matt Hines on September 24, 2007 07:56 AM

RATE THIS ARTICLE: