Entries tagged with bluehat - Channel 9

BlueHat: Cesar Cerrudo on token kidnapping in Windows

Dan Fernandez — Tue, 17 Jun 2008 17:48:00 GMT

Katie Moussouris interviews Cesar Cerrudo on token kidnapping in Windows at BlueHat v7, Microsoft’s security conference. Cesar talks about design weaknesses that allow elevation of privilege in Windows. Even Cesar says we have a hard job in trying to protect users, while making sure we don’t break anything.

BlueHat: Manuel Caballero & Fukami on scripts, cross-domain attacks, and Flash/Silverlight security

Dan Fernandez — Mon, 16 Jun 2008 21:59:00 GMT

Katie Moussouris interviews Manuel Caballero & Fukami on resident scripts and global cross domain attacks, plus a comparison of Flash and Silverlight security at BlueHat v7, Microsoft’s security conference. Manuel takes us through the scary world of resident scripts that invisibly follow you while you surf. Fukami performs security analysis of similar browser plug-in technologies: Flash and Silverlight.

BlueHat: Dan Kaminsky on security threat research

Dan Fernandez — Mon, 16 Jun 2008 21:39:00 GMT

Katie Moussouris interviews interviews Dan Kaminsky on some interesting research he’s been doing lately at BlueHat v7, Microsoft’s security conference. Dan has a way of turning even the scariest of security threats into an opportunity to RickRoll. Count the number of times we say “RickRoll” during this enlightening interview.

BlueHat: Alex “kuza55” K. on client-side issues with browsers, plug-ins, and web applications

Dan Fernandez — Mon, 16 Jun 2008 21:39:00 GMT

Katie Moussouris interviews Alex “kuza55” K. on interesting client-side issues when you look at browsers, plug-ins, and web applications together at BlueHat v7, Microsoft’s security conference. Alex examines esoteric parts of browsers and plug-ins which lead to web applications being exploitable via client-side issues.

BlueHat: SoWhat from Nevis Labs on fuzzing anti-virus products

Dan Fernandez — Mon, 16 Jun 2008 21:38:00 GMT

Katie Moussouris interviews SoWhat from Nevis Labs based in Bejing on fuzzing anti-virus products at BlueHat v7, Microsoft’s security conference. SoWhat describes some of the common application security testing methodologies as they apply to security products. Who’s watching the watchers, and what can AV software vendors do to improve their products.

BlueHat: Billy Rios on what the phishers are up to

Dan Fernandez — Mon, 16 Jun 2008 21:37:00 GMT

Katie Moussouris interviews Billy Rios on what the phishers are up to at BlueHat v7, Microsoft’s security conference. Billy describes the interesting results of his research with fellow speaker Nitesh Dhanjani. Learn if these phishers are really the Einsteinian Ninja Hackers the media portrays them to be.

BlueHat: Bryan Sullivan on being a Microsoft Security Grunt

Dan Fernandez — Mon, 16 Jun 2008 21:35:00 GMT

Katie Moussouris interviews Bryan Sullivan on what it’s like to be a Microsoft Security Grunt at BlueHat v7, Microsoft’s security conference. Bryan counters the Popular Science Top Ten Worst Jobs in Science with his take on what it’s really like to work for the group that is responsible for securing Microsoft’s current and future products.

BlueHat - #3: Paid to Break Things

Rory — Thu, 07 Jun 2007 18:57:00 GMT

Robert Graham and David Maynor head up a company called Errata Security.

These are the people you hear about when you hear about people who get paid to break things. They look for vulnerabilities, pore over disassembled binaries, and generally have all kinds of fun while being rewarded.

We also talk a little about the security of OS X, and what their thoughts were on whether or not open source makes software more or less secure.

BlueHat - #2: Bluetooth Snipers

Rory — Wed, 30 May 2007 19:58:23 GMT

You may have seen these guys on slashdot a couple years ago. They set out to prove that Bluetooth, despite its relatively short range, is a security hazard.

Turns out it is.

Watch.

BlueHat - #1: Robert Hansen on Phishing, the Bad Guys, and the Online Mafia

Rory — Wed, 16 May 2007 20:13:28 GMT

The BlueHat conference is an internal MS conference that's all about security. We ship a bunch of security experts from around the world to Redmond and then learn whatever we can from them.

This is the first video in the series. It's with Robert Hansen - a very interesting human being I'd like to interview again.

Interviews like this are my favorite. I've always seen security as drudgery. It's necessary, but it's not at all fun. At least not the way I was doing it.

I didn't expect much, to be honest. I thought I'd get in, hear a few stories about SQL injection, and then be done with it. What I got was, on a scale of 1 to 10, a chat that was infinity + 1 awesome.

I had no idea how far security goes. I had read books about people like Kevin Mitnik, Pengo, and more, but this was the first time I'd ever met someone who really does this stuff (well, at least since my BBSing days - I knew a few people back then who knew a thing or two about security :) ).

Enjoy, people. I bloody well did. There's some background noise, and I apologize for that - in the process of getting a proper mic setup for these videos - but you can still hear him.

Robert has a blog here, and you can find information about his security consulting firm here.

BlueHat 2006 - Microsoft Security Conference

Charles — Thu, 18 May 2006 18:25:27 GMT

BlueHat 2006 was this year's second installment of what some consider to be Microsoft's version of BlackHat. Basically, a bunch of security researchers (they don't like to be called hackers, mind you) from around the world come to Redmond for a few days twice a year to share findings with Microsoft developers, architects, security professionals and even execs. It's a security information exchange party and Microsoft really benefits from learning about new vectors of attack and how to prevent them. We strolled around and met some of the folks who run BlueHat as well as some of the attendees who came to share and learn about some of the latest and greatest findings in the world of software security.