Want CNET to notify you of price drops and the latest stories?

Microsoft Blue Hat starts on Thursday

Dan Kaminsky and others will make presentations to Microsoft employees at the company's eighth Blue Hat security conference.

Robert Vamosi Former Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
Robert Vamosi

Microsoft's eighth Blue Hat conference will take place on Thursday and Friday at the software giant's Redmond, Wash., campus. Entitled "C3P0wned," the invitation-only conference features two full days of sessions.

Day one features a select group of security researchers, with team members from Microsoft Security Development Lifecycle (SDL) presenting on the second day. It is an opportunity for Microsoft engineers to hear first hand from leading security researchers. The last Blue Hat conference was held in April.

Of interest on day one is a talk by Dan Kaminsky, director of penetration testing at IO Active, who will provide additional details on the DNS flaw he disclosed earlier this year. Other talks will touch on crimeware, profiling using the Internet, cascading style sheet (CSS) injections, visualizing software security, and how to use code characteristics to find security bugs.

Day two kicks off with a keynote from Scott Charney, corporate vice president of Trustworthy Computing. Other sessions that day include talks about threat modeling, "fuzzing," concurrency attacks on Web applications, analyzing threats before writing code, and how Microsoft mitigations currently work. Microsoft's Trustworthy Computing group will be heavily represented, with department members heading up several of those talks and panel discussions.

The complete Blue Hat schedule is posted here, and Microsoft has a related blog here.