Microsoft hacker summit tackles security veil of virtualization
At Blue Hat v6, scheduled for September 27-28 in Redmond, external security researchers and internal Microsoft software engineers are expected to extend the debate over the risks of virtualization.
Researchers are divided over whether hypervisor rootkits presents a realistic threat. Joanna Rutkowska, for example, claims that malware can be made "100% undetectable" but, at this year's Black Hat Briefings, a group of her peers openly challenged that assertion, insisting that virtual machine rootkits are rather easy to detect.
Microsoft has a vested stake in the virtualization/security debate. Earlier this year, the company canceled plans to tweak Windows Vista's licensing around virtualization, citing potential security risks. Redmond's explanation was that "security researchers have shown hardware virtualization technology to be exploitable by malware" and claimed Vista required an advanced level of know-how to thwart such virtualization exploits.
[ SEE: Let users virtualize Vista because hypervisor rootkits are no threat ]
According to Microsoft's Andrew Cushman, the sixth edition of Blue Hat will also include talks on Windows Mobile and automated exploit creation using HD Moore's Metasploit hacking tool.
There will also be a talk on a DNS pinning design issue that demonstrates how Internet Explorer can turn into a VPN concentrator and presentations on Microsoft Office, Binary Instrumentation, Visualization and the Economics of Security.
The full speaker and topic list is not yet available. The agenda and speaker list has slipped out. It features several regulars on the infosec conference circuit, including IOActive's Dan Kaminsky, Roberto Preatoni from the WabiSabiLabi vulnerability auction site, Mark Russinovich, Leviathan's Matt Miller, Sourcefire's Lurene 'Pusscat' Grenier and Jeff Forristal of SPI Dynamics.
* Image via Hugh McLeod's gapingvoid.com.