Microsoft Dons New Hat
Microsofts windows Vista has a date with some of the worlds smartest hackers. The software maker will use the spotlight of the Black Hat security conference Aug. 2-3 in Las Vegas to show off some of the key security features and functionality being fitted into Vista.Microsoft Program Manager Stephen Toulouse said the idea is to provide "deeply technical presentations" on Vista security to the hacking community. "We submitted several presentations to the Black Hat event organizers, and, based on the technical merit and interest to the audience, they were accepted," said Toulouse in Redmond, Wash. The daylong track will include five presentations from Microsoft security engineers, and Toulouse said researchers and architects from Redmond will also be actively participating in the event. "We want to make sure were gathering as much feedback as we can so that Windows Vista succeeds as the most secure version of Windows ever released," he said. The presentations will include a talk by John Lambert, group manager in Microsofts Security Engineering and Communications group, on the security engineering process behind Vista. Lambert is expected to hold up Vista as the first end-to-end major operating system release in Microsofts Trustworthy Computing era. His talk will cover how the Vista engineering process differs from Windows XPs and details from what has been described as the "largest commercial pen test in the world." Lambert plans to give Black Hat researchers a sneak peek at some of the new mitigations in Vista that combat memory overwrite vulnerabilities. Wi-Fi in Vista will also come under the microscope when Noel Anderson, group manager in Microsofts Wireless Networking group, talks about the way the operating system will handle support for 802.11 wireless technologies. Anderson is expected to outline the new UI (user interface) experience and updated Wi-Fi default behaviors in Vista as well as information on a new software stack that is designed to be more secure, more open and more extensible. He is expected to describe the various components of the stack and show developers how to create code to modify and extend the client. Also on the agenda is a talk by Abolade Gbadegesin, an architect in Microsofts Windows Networking and Device Technologies division, on the way Microsoft redesigned and rewrote the TCP/IP stack in Vista. Adrian Marinescu, a lead developer in the Windows Kernel group, will outline the enhancements made in Vistas heap manager to show how the operating system has been hardened to thwart certain types of heap usage attacks. Microsoft previously fitted technology into Windows Server 2003 and Windows XP Service Pack 2 to reduce the reliability of heap usage attacks, but Marinescu plans to talk about how the heap manager in Vista pushes the innovation much further in that area. His talk will describe the challenges the company faced and the technical details of the changes coming in Vista. Microsofts often-criticized Internet Explorer browser will also get Black Hat billing this year when Microsoft IE Program Manager Tony Chor discusses the security engineering methodology that is being applied to the new IE 7. Also slated to speak is Andrew Cushman, director of Microsofts Security Response, Engineering and Outreach team, about the way the company has changed its internal processes to deal with the changing security landscape. Microsoft wont be alone shining the spotlight on Vistas security. Joanna Rutkowska, a renowned researcher specializing in rootkits, plans to talk about the stealthy malware threats that still can be inserted into the latest Vista Beta 2 kernel (x64 Edition).
Microsofts appearance on the Black Hat stage is a first on many fronts. Microsoft will be the first software vendor to present an entire Black Hat Briefing track on a prerelease product. It is also the first time a Microsoft representative will make an official presentation at the controversial hacker conference.