As such, don't expect to find any betting parlors offering action on who will earn Microsoft's inaugural, but coveted, BlueHat Prize. Three finalists remain, whittled down by judges from an original pool of 20. The winner pockets a cool $200,000. Second-place brings home $50,000, while third-place earns $10,000. The victor will be announced Thursday night at Microsoft's annually hotly attended Researcher Appreciation Party.
But let's pretend we lived in a world where Vegas cared about the outcome of the competition, and you were allowed to wager on it. Well, then the odds on researcher Ivan Fratric winning the competition would have increased significantly Wednesday upon news that Microsoft is working Fratric's findings into its Enhanced Mitigation Experience Toolkit (EMET) 3.5 Technology Preview. It's a free framework that helps to block memory-based exploits enabled by both known and unknown vulnerabilities.From a press release:
Fratric, who earned a Ph.D. in computer science and is a researcher at the University of Zagreb located in Zagreb, Croatia, submitted a unique solution called ROPGuard, which hinders attacks that leverage ROP. ROP is an advanced technique that attackers use to combine short pieces of benign code, already present in a system, for a malicious purpose. ROPGuard defines a set of checks that can be used to detect when certain functions are being called in the context of malicious ROP code and can help protect against attacks exploiting memory safety vulnerabilities.
Based on the news, it would seem like Fratric is a sure thing to be crowned BlueHat champ. But, not so fast. Mike Reavey, senior director of the Microsoft Security Response Center, told SCMagazine.com on Monday that Fratric's research allowed for relative quick integration with EMET. (Remember, the contest only closed for entries on April 1).
But that doesn't mean the ideas of the two others in the running -- Jared DeMott,a principal security researcher at Harris Corp. and Vasilis Pappas, a Ph.D. student at Columbia University in New York -- won't be
used in some other way, and perhaps prove more significant to Microsoft's goal
of defending against memory corruption vulnerabilities, like buffer overflows.
So, who's your money on?