Dan Kaminsky and others will make presentations to Microsoft employees at the company's eighth Blue Hat security conference.
Microsoft's eighth Blue Hat conference will take place on Thursday and Friday at the software giant's Redmond, Wash., campus. Entitled "C3P0wned," the invitation-only conference features two full days of sessions.
Day one features a select group of security researchers, with team members from Microsoft Security Development Lifecycle (SDL) presenting on the second day. It is an opportunity for Microsoft engineers to hear first hand from leading security researchers. The last Blue Hat conference was held in April.
Of interest on day one is a talk by Dan Kaminsky, director of penetration testing at IO Active, who will provide additional details on the DNS flaw he disclosed earlier this year. Other talks will touch on crimeware, profiling using the Internet, cascading style sheet (CSS) injections, visualizing software security, and how to use code characteristics to find security bugs.
Day two kicks off with a keynote from Scott Charney, corporate vice president of Trustworthy Computing. Other sessions that day include talks about threat modeling, "fuzzing," concurrency attacks on Web applications, analyzing threats before writing code, and how Microsoft mitigations currently work. Microsoft's Trustworthy Computing group will be heavily represented, with department members heading up several of those talks and panel discussions.
The complete Blue Hat schedule is posted here, and Microsoft has a related blog here.