Announcing the Windows Bounty Program

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit...

What makes a good Microsoft Defense Bounty submission?

One of Microsoft’s longstanding strategies toward improving software security continues to involve investing in defensive technologies that make it difficult and costly for attackers to exploit vulnerabilities. These solutions generally have a broad and long lasting impact on software security...

CALL FOR PAPERS - The Hackers Conference 2013

The call for papers for The Hackers Conference 2013 is now open. THC2013 is a hacker conference taking place in New Delhi, India on August 25th, 2013. The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cybe...

CALL FOR PAPERS - The Hackers Conference 2013

The call for papers for The Hackers Conference 2013 is now open. THC2013 is a hacker conference taking place in New Delhi, India on August 25th, 2013. The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cybe...

Vasillis Pappas Wins $200,000 Microsoft Blue Hat Prize

LAS VEGAS–Microsoft on Thursday handed out three rather large checks to a trio of security researchers, the largest one–$200,000–going to Vasillis Pappas who won the company’s first Blue Hat Prize competition for defensive technologies. Pappas’s kBouncer ROP mitigation technology edged out...

Microsoft Reveals Blue Hat Prize Finalists

Microsoft has announced the three finalists for its $200,000 Blue Hat Prize contest and all three of the researchers in the running for the win submitted technologies designed to defeat ROP return-oriented programming exploits. Each of the entrants takes a different tack with his ROP defense and ...

How Offensive Research Drives Down the Cost of Attacks

CANCUN–The offensive security research community has evolved in the last decade or so from a relatively small and insular group inwardly focused, to a large and rather vocal group with a wide variety of motives, opinions and skill levels. But, to hear Brad Arkin of Adobe tell it, the huge amount ...

Rethinking Black Hat: Building, Rather Than Breaking, Security

No doubt breaking things is fun. I remember back when I was 10 years old when I took apart a squirrel cage fan, flipped some wires and so forth, and then attempted to plug it back in. Good thing my mom stopped me seconds before I was about to get a literal jolt of reality. These days, I still kee...

Incident Response and Recovery May Be the Best Defense

By B.K. DeLong The ever increasing list of breaches appearing on the Open Security Foundation’s DataLossDB Web site as well as companies being targeted by the AntiSec movement made up of groups including recently-raided Anonymous, AnonOps, TeaMp0isoN, and now-dormant LulzSec continues to show tha...

NSA Document Sheds Light on Honeynets

A 605-page NSA document from 2004 reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks. There is a key section on deception technologies that discusses the use of honeynet...