Microsoft BlueHat Fall 2006

October 29, 2006 at 12:01 am | Posted in Microsoft, Software | 2 Comments

Last week I got to attend the Fall 2006 Microsoft BlueHat conference. For those that don’t know what this is, it is a conference that is similar to BlackHat. Basically hackers (in the true sense of the word) show up and discuss various security related things. It is a Microsoft-only employee conference (I guess another perk of working here :P).

One talk I attended was titled Skype High. This talk was given by two engineers and it was basically a discussion of the different protection mechanisms that Skype has. They use some pretty advanced tools and techniques, but these two engineers managed to reverse engineer most of them, and actually found some weaknesses (some of which they couldn’t even tell us about…which makes you wonder). It’s also very interesting to know the lengths that Skype has gone to, to obfuscate its code and network layer to prevent other people from interoperating and/or learning how everything works. I am amazed at these two engineers capabilities 🙂

Another talk I attended was Blue Mist which discussed wireless driver vulnerabilities and hardware virtualization root kits. Again, another eye opener at the way hackers operate and weaknesses that are inherent in various technologies. One lesson to learn regarding wireless drivers is that usually hardware vendors are not really interested in writing really secure drivers and are in fact quite sloppy at it. It is also interesting to know how dangerous hardware virtualization root kits are and also how difficult it is to actually defend against them.

Another thing which maybe a lot of people don’t see and which Microsoft has had a bad reputation for is Security. Some people think Microsoft just doesn’t care about security and is very weak when it comes to this regard. This is far from the truth. One of Microsoft’s top priorities (above almost everything else I believe) is security. I was strongly encouraged to attend this conference. I also have already had one Security talk as part of my initial training, given by Michael Howard (one of the authors of Writing Secure Code). I also have another one lined up soon. Upon entering my team as well, we got two books. One was Microsoft Windows Internals and the other one was Writing Secure Code. These were in a sense, our bibles. Also, I’ve gotten to hear of and see some of the security features and enhancements that are coming out in Windows Vista and they show a really strong commitment to providing customers with robust, secure operating system by default. Is it perfect? No. It isn’t. Nothing is perfect. After all, the developers are only human. Plus, if it was perfect, there would probably be no need for a Windows Serviceability team which would put me out of a job 🙂

Just thought I’d share some of what I’ve been up to during this past week.

Advertisements

2 Comments

  1. Hey Ali,
    Love your blog keep it up and try to post us some more!!!!

  2. I wish I knew who you were 🙂

    But anyway, I know I am quite slow with updating my blog sometimes, but when I get back from work I usually prefer to spend time with my wife. So there is little time to blog.

    Then the weekend comes and I have so many chores and I also wanna go out and have some fun 🙂

    But I will do my best though!

    Thanks for reading though and the kind comments.


Sorry, the comment form is closed at this time.

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: