Architecture, Network security, Strategy, Vulnerability management

Always bet on blue

July 25, 2012
Vegas law prohibits sports books from offering odds onanything that can't be settled on a playing field. That's why you can walk up toa teller and bet $50 that the Dodgers will win tonight, but when it comes toObama versus Romney, your money is no good here.

As such, don't expect to find any betting parlors offeringaction on who will earn Microsoft's inaugural, but coveted, BlueHat Prize. Threefinalists remain, whittled down by judges from an original pool of 20. Thewinner pockets a cool $200,000. Second-place brings home $50,000, whilethird-place earns $10,000. The victor will be announced Thursday night atMicrosoft's annually hotly attended Researcher Appreciation Party.

But let's pretend we lived in a world where Vegas cared aboutthe outcome of the competition, and you were allowed to wager on it. Well, thenthe odds on researcher Ivan Fratric winning the competition would have increased significantly Wednesday upon news that Microsoft is working Fratric's findingsinto its Enhanced Mitigation Experience Toolkit (EMET) 3.5 Technology Preview.It's a free framework that helps to block memory-based exploits enabled by bothknown and unknown vulnerabilities.

From a press release:
Fratric, whoearned a Ph.D. in computer science and is a researcher at the University ofZagreb located in Zagreb, Croatia, submitted a unique solution called ROPGuard,which hinders attacks that leverage ROP. ROP is an advanced technique thatattackers use to combine short pieces of benign code, already present in asystem, for a malicious purpose. ROPGuard defines a set of checks that can beused to detect when certain functions are being called in the context ofmalicious ROP code and can help protect against attacks exploiting memorysafety vulnerabilities.

Based on thenews, it would seem like Fratric is a sure thing to be crowned BlueHat champ.But, not so fast. Mike Reavey, senior director of the Microsoft SecurityResponse Center, told SCMagazine.com on Monday that Fratric's research allowedfor relative quick integration with EMET. (Remember, the contest only closedfor entries on April 1).

But that doesn't mean the ideas of the two others in the running -- Jared DeMott,a principal security researcher at Harris Corp. and Vasilis Pappas, a Ph.D. student at Columbia University in New York -- won't beused in some other way, and perhaps prove more significant to Microsoft's goalof defending against memory corruption vulnerabilities, like buffer overflows.

So, who's your money on?

prestitial ad