Security Watch

Keeping Track of patches and hacks in the IT security world.

Microsoft Once More Invites Hackers to Tear It Apart

Microsoft once again invited hackers to its home and laid out its wares to be stomped on in its fifth Blue Hat security conference, which ran May 9-10.

The Blue Hat conferences are meant to get Microsoft executives and engineers from across the company to sit down with the members of the security research community who best know how to demolish their work.

This year, among other sessions, those staffers were treated to a lesson in how to break—and break into—their security tools, given by Errata Security's Dave Maynor and Robert Graham. The session, according to the conference agenda, covered the techniques coded into viruses to enable them to remove signatures designed to stop them dead in their tracks, among other things.

Andrew Cushman, the new director of the Microsoft Security Resource Center, wrote in the MSRC's blog that the purpose of the conference is twofold: one, to expose Microsoft to real-world threats, attack tools and attack methodologies.

"Take the security threat from the theoretical/intellectual level of, 'I understand what a buffer overflow is,' to 'OMG that's what it's like.' ... You can read about security issues and still be somewhat detached, but when someone breaks your product in front of a few hundred peers—that's a real catalyst for change," he wrote.

The other purpose is to expose the security community to Microsoft, he wrote.

"In the past there's been the perception that MS doesn't 'get' security and that we don't really care about security or customer protection. BlueHat gives us a chance to open up on our home turf and gives the researchers an opportunity to interact with all levels of the organization. They too get to experience first-hand that Microsoft does have smart, passionate engineers that do care about security."