2 months ago
Announcing BlueHat 2024: Call for Papers now open
The 23rd edition of Microsofts BlueHat security conference will be hosted by the Microsoft Security Response Center MSRC at the Redmond, WA corporate campus, October 29 and 30, 2024.BlueHat brings together security researchers and responders from both inside and outside of Microsoft, who come together as peers to exchange ideas, experiences, and best practices, all in the interest of creating a safer and more secure world for everyone.. https://msrc.microsoft.com...#microsoft
2 months ago
Congratulations to the MSRC 2024 Most Valuable Security Researchers!
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers through discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.Today, we are excited to recognize this years 100 Most Valuable Researchers MVRs, based on the total number of points earned for each valid report.. https://msrc.microsoft.com...
#microsoft
2 months ago
Microsoft Bounty Program Year in Review: $16.6M in Rewards
We are excited to announce that this year the Microsoft Bounty Program has awarded 16.6M in bounty awards to 343 security researchers from 55 countries, securing Microsoft customers in partnership with the Microsoft Security Response Center MSRC. Each year we identify over a thousand potential security issues together, safeguarding our customers from possible threats through the Microsoft Bounty Program.. https://msrc.microsoft.com...#microsoft
2 months ago
Introducing the MSRC Researcher Resource Center
Microsoft partners with the global security researcher community to surface and report security vulnerabilities to protect all users of Microsoft products and services. Researcher submissions help us address immediate threats while also identifying trends and insights to holistically improve the security of our products and services. Were always looking for ways to build upon this partnership, and with that goal in mind, we are excited to announce the creation of the MSRC Researcher Resource Center.. https://msrc.microsoft.com...#microsoft
2 months ago
Congratulations to the Top MSRC 2024 Q2 Security Researchers!
Congratulations to all the researchers recognized in this quarters Microsoft Researcher Recognition Program leaderboard Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen, Lewis Lee amp; Ver amp; Zhiniang Peng, and Wei. https://msrc.microsoft.com...#microsoft
3 months ago
Announcing the CVRF API 3.0 upgrade
At the Microsoft Security Response Center, we are committed to continuously improving the security and performance of our services to meet the evolving needs of our customers. We are excited to announce the rollout of the latest version of our Common Vulnerability Reporting CVRF API. This update brings improvements in both security and performance, without requiring any changes to your existing invocation methods.. https://msrc.microsoft.com...#microsoft
3 months ago
What’s new in the MSRC Report Abuse Portal and API
The Microsoft Security Response Center MSRC has always been at the forefront of addressing cyber threats, privacy issues, and abuse arising from Microsoft Online Services. Building on our commitment, we have introduced several key updates to the Report Abuse Portal and API, which will significantly improve the way we handle and respond to abuse reports.. https://msrc.microsoft.com...#microsoft
3 months ago
Toward greater transparency: Unveiling Cloud Service CVEs
Welcome to the second installment in our series on transparency at the Microsoft Security Response Center MSRC. In this ongoing discussion, we discuss our commitment to provide comprehensive vulnerability information to our customers.At MSRC, our mission is to protect our customers, communities, and Microsoft, from current and emerging threats to security and privacy.. https://msrc.microsoft.com...#microsoft
4 months ago
Mitigating SSRF Vulnerabilities Impacting Azure Machine Learning
Summary On May 9, 2024, Microsoft successfully addressed multiple vulnerabilities within the Azure Machine Learning AML service, which were initially discovered by security research firms Wiz and Tenable. These vulnerabilities, which included Server-Side Request Forgeries SSRF and a path traversal vulnerability, posed potential risks for information exposure and service disruption via Denial-of-Service DOS.. https://msrc.microsoft.com...#microsoft
4 months ago
Improved Guidance for Azure Network Service Tags
Summary Microsoft Security Response Center MSRC was notified in January 2024 by our industry partner, Tenable Inc., about the potential for cross-tenant access to web resources using the service tags feature. Microsoft acknowledged that Tenable provided a valuable contribution to the Azure community by highlighting that it can be easily misunderstood how to use service tags and their intended purpose.. https://msrc.microsoft.com...#microsoft
19 yr. ago
Welcome to the BlueHat blog site!
BlueHat 3 just completed last week, and all I can say is WOW. Great speakers. Great presentations. Packed audience. You can read the session abstracts and speaker bios here to see what Irsquo;m talking about.OH I should introduce myself. Where are my manners Irsquo;m Kymberlee Price, a Security Program Manager at Microsoft.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
19 yr. ago
Bluehat v3 first thoughts
Hi, Irsquo;m Brad Sarsfield bradsa; Im the SQL guy here. One of the interesting things about me and my team is that I own the slammer component in SQL Server, so by that very nature quite a large part of my job description is to ensure and I quote that never ever happens again.. https://msrc.microsoft.com...#microsoft #microsoft_bluehat
19 yr. ago
BlueHat Blog quoted in press
The BlueHat blog has been up less than 24 hours, and it was quoted this morning in an article by Robert McMillan on InfoWorld. That article has already hit . Some of the comments are pretty funnyhellip;I canrsquo;t wait for the speaker podcasts and channel9 video to go live so people can hear directly from the BlueHat speakers. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
19 yr. ago
19 yr. ago
Exploiting Web Applications
Over the next few days well all be writing about the BlueHat sessions Today Im excited to have a chance to tell you more about the Exploiting Web Applications presentation made by Caleb Sima, CTO and co-founder of SPI Dynamics at BlueHat 3 on March 9th. Listen to a podcast interview with Caleb here.. https://msrc.microsoft.com...#microsoft #microsoft_bluehat
19 yr. ago
David Litchfield’s BlueHat talk
Brad Sarsfield here again. Id like to share with you my thoughts on David Litchfields BlueHatv3 talk. David Litchfield is the Chief Research Scientist at Next Generation Security Software NGS and spoke to a 600 standing room only crowd at Bluehat 3 on March 9th. David took us through his thoughts on the current state of the database security world and talked about his current areas and focus of his research.. https://msrc.microsoft.com...#microsoft #microsoft_bluehat
19 yr. ago
Where can you learn more?
The BlueHat team has been getting a lot of questions from both inside and outside of Microsoft asking if we are going to publicly post video or audio recordings of the BlueHat presentations, or if we are going to hoard the BlueHatty goodness and keep the presentation details all to ourselveshellip; A totally valid question since all of our BlueHat presentations from 2005 and 2006 are fantastic and things any developer or IT Pro could benefit from seeing.. https://msrc.microsoft.com...#microsoft #microsoft_bluehat
19 yr. ago
BlueHat Hackers?
BlueHat HackersThere have been some misconceptions recently around both security researchers we bring in for Blue Hat, and security consulting companies that also help us make our products. Ive even seen the phrase Blue hat hackers thrown around.
While it was terribly flattering and somewhat amusing to the BlueHat team to see the incredible talented consultants working with us to secure our products referred to as BlueHat Hackers, there really is no such thing.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
18 yr. ago
Channel 9 Bluehat video
You asked for it. You got it. In addition to inviting a number of community members this year we also had channel 9 come to BlueHat and they created a video for your viewing pleasure.The 39 minute video contains interviews with the presenters talking about their presentations, background and research.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
18 yr. ago
BlueHat v.4 -- shipped!
Sarah Blankinship here. Irsquo;m in the Security Technology Unit STU, a group responsible for product security at Microsoft. One of the STUs charters is securing products we have and have not shipped yet.So what is BlueHat A hacker conference A way to lure unsuspecting researchers to Microsoft
The . comments and speculation about our real motivation for hosting hackers at Microsoft are ever entertaining, however BlueHat is about providing a consistent forum for presenting cutting-edge research, for understanding issues that affect both Microsoft and the entire industry, and great way to inform and educate our developer population.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
BlueHat v5: The Paradox of Innovation
BlueHat is Microsoftrsquo;s own little hacker con. We host it twice a year ndash; the sessions today were all about innovation in security research.What did we learn That Microsoft cannot solve the security problem, but we can raise the bar substantially to the point where finding bugs in Microsoft products is hard, and building reliable exploits even harder.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
BlueHat: An MSRC Perspective
Hello everyone,This is Christopher Budd. As Andrew noted in his posting yesterday, on Thursday we had our Spring 2007 BlueHat Security Briefings. I had a chance to attend, along with several of my colleagues from the MSRC and Sarah was kind enough to let me do a guest post to share some thoughts on BlueHat from the standpoint of someone involved in security response.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
BlueHat: Community Outreach
Katie Moussouris here. Im the newest Security Strategist here at Microsoft. I was brought in by Sarah Blankinship to contribute to the work of the MSRC Security Community Outreach Team. I work in the group that is responsible for securing current and future Microsoft products.My background is application security, having come from Symantec by way of the stake acquisition.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
Announcing: BlueHat v6!
Andrew Cushman here.BlueHat is back in Redmond, as BlueHat v6: The Vuln Behind The Curtain opens September 27th and 28th. Once again we have two days of great security content that covers the spectrum of issues in security. The BlueHat speakers, both leading external security researchers and internal Microsoft engineers, will pierce the security veil of virtualization and process isolation.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
Pay no attention to that vuln behind the curtain
Adam Shostack here, guest blogging for the BlueHat blog.As you may have seen from Andrew Cushmanrsquo;s post, the theme of this BlueHat is ldquo;The Vuln Behind the Curtain.rdquo; I really like this theme, because itrsquo;s part of a maturing in the way wersquo;re dealing with security issues. Irsquo;m not going to claim Microsoft is perfect, but wersquo;re doing a pretty good job at pushing downwards the number of vulnerabilities and updates our customers need to deal with.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
Microsoft, Mobile, and Security
Ollie WhitehouseArchitect, Advanced Threat Research, Symantec Corporation
So if you had told me that one day I would be invited to Microsoft to talk about a subject Ive now been involved in researching on and off for over six years and something I must say that has burned in my belly with passion for most for most of it, I would have said unlikely.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
BlueHat: Malware, Isolation and Security Boundaries: It’s Harder than it Looks
Mark Russinovich here from BlueHat.This is the first time that Microsoft has used internal speakers at its BlueHat security conference and Im excited to be one of them. When I was approached with the invitation to present a session, I immediately thought of all the fun topics Id like to talk about.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
Vista and Vigilance
Halvar Flake, Sabre SecurityI have been told that I can write a blog entry for the BlueHat blog, with little or no editing, and now I sit here and have to make up something interesting to write about. I have a bit of a writers block today, caused by being tired, jetlagged, and already halfways on my way to the airport for my flight back.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
The new security disclosure landscape
Rain Forest Puppy rfpwiretrip.netSecurity disclosure has always been a contested topic, pitting those that find the bugs against those that are responsible for the bugs. In the days before security disclosure became a formal topic, those people who gave credence to some sort of moral compass often sought to follow a gentlemans code that typically involved an earnest attempt to disclose the problem to the vendor and give the vendor a chance to fix it.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
17 yr. ago
BlueHat, Day 2: Morning of Mobile, Afternoon of Cool Tools
Hello world Katie Moussouris here at BlueHat. Yesterdays talks certainly set the bar high. We saw topics range from Mark Russinovichs clarification of security boundaries to Halvar Flakes automated malware classification to Roberto Preatonis discussion of his exploit marketplace project, better known as WabiSabiLabi.I spent the day recording audio podcasts with each of our BlueHat speakers, getting a brief inside look at each fascinating topic look for these in the near future on the technet website.. https://msrc.microsoft.com...
#microsoft #microsoft_bluehat
