Microsoft hacker summit tackles security veil of virtualization

Summary:The Fall edition of Microsoft's Blue Hat hacker summit will kick off next week with a heavy focus on piercing the security veil of virtualization and process isolation.

Microsoft hacker summit tackles security veil of virtualization
The Fall edition of Microsoft's Blue Hat hacker summit will kick off next week with a heavy focus on piercing the security veil of virtualization and process isolation.

At Blue Hat v6, scheduled for September 27-28 in Redmond, external security researchers and internal Microsoft software engineers are expected to extend the debate over the risks of virtualization.

Researchers are divided over whether hypervisor rootkits presents a realistic threat. Joanna Rutkowska, for example, claims that malware can be made "100% undetectable" but, at this year's Black Hat Briefings, a group of her peers openly challenged that assertion, insisting that virtual machine rootkits are rather easy to detect.

Microsoft has a vested stake in the virtualization/security debate. Earlier this year, the company canceled plans to tweak Windows Vista's licensing around virtualization, citing potential security risks. Redmond's explanation was that "security researchers have shown hardware virtualization technology to be exploitable by malware" and claimed Vista required an advanced level of know-how to thwart such virtualization exploits.

[ SEE: Let users virtualize Vista because hypervisor rootkits are no threat ]

According to Microsoft's Andrew Cushman, the sixth edition of Blue Hat will also include talks on Windows Mobile and automated exploit creation using HD Moore's Metasploit hacking tool.

There will also be a talk on a DNS pinning design issue that demonstrates how Internet Explorer can turn into a VPN concentrator and presentations on Microsoft Office, Binary Instrumentation, Visualization and the Economics of Security.

The full speaker and topic list is not yet available.  The agenda and speaker list has slipped out. It features several regulars on the infosec conference circuit, including IOActive's Dan Kaminsky, Roberto Preatoni from the WabiSabiLabi vulnerability auction siteMark Russinovich, Leviathan's Matt Miller, Sourcefire's Lurene 'Pusscat' Grenier and Jeff Forristal of SPI Dynamics.

* Image via Hugh McLeod's gapingvoid.com.

Topics: Storage, CXO, Hardware, Microsoft, Security, Virtualization

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.