Microsoft's Blue Hat talks start Thursday

On Thursday and Friday, Microsoft will once again gather select security researchers in Redmond, Wash., for its seventh annual Blue Hat talks.

The conference, by invitation only, has gained a reputation for providing Microsoft engineers with a first-hand opportunity to hear from and question leading security researchers. There will be an executive event on Thursday, with general sessions on Friday. Microsoft has more on the Blue Hat schedule here, and a blog here.

Among those invited to present is Cesar Cerrudo, of Argeniss, who will update his Hack the Box talk on Token Kidnapping. Cerrudo defines an access token as "an object that describes the security context of a process of thread," which includes the identity and privileges of the user account. He will show, according to Microsoft, "how it's possible in Windows XP and Windows Server 2003 to elevate privileges to Local System from any process that has impersonation rights."

What's interesting is that Microsoft issued a pre-patch advisory shortly after Cerrudo's April 17 Hack the Box talk. CVE-2008-1436 states that "Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the NetworkService and LocalService accounts, which might allow context-dependent attackers to gain privileges...related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services. " Look for a Microsoft patch announcement regarding this in May.

Other presentations at Blue Hat worth noting are Alex "Kuza55" K. of Sift on "Web Browsers and Other Mistakes"; Manuel Caballero and Fukami on "A Resident in My Domain, plus, Unweaving Silverlight from Flash"; SoWhat of Nevis Labs on "Attacking Antivirus"; and Billy Rios and Nitesh Dhanjani will reprise their Black Hat D.C. talk, "Bad Sushi: Beating Phishers at Their Own Game."

[Vegaman_Dan]

Executive Event?

I certainly hope this was a mistake in the article. An executive event where the execs of companies get together is typically more of a junket / vacation than a productive workshop.

I'd much rather see researchers and developers get together and hash out some ideas than a Q&A session with execs who really don't know much about the nuts and bolts issues.

Unfortunately, developers and such don't get invited to such things and kept in the prison cells hammering out code with little air or light (but free soda).

[mini2mac]

RE: Executive Event?

Just goes to show how little you know about Microsoft's work environment. Blue Hat talks are open to developers. The talks are held in some of the largest conference rooms on the Redmond campus, holding more than 1000 people. Most of the attendees are indeed developers.
All developers at Microsoft have to take security training every year. Attending Blue Hat counts towards that. So yes, Microsoft encourages developers to attend.