Mike Reavey, the senior director of Microsoft's Security Response Center, explained that the BlueHat contest process was a big win for Microsoft. "In less than a year, we were able to solicit for ideas, receive them, implement them, and get them to customers," he said during a phone call with CNET last week.
The new version of EMET, as the tool is known, will soon ship with Return Oriented Programming (ROP) defenses "inspired" by the work of BlueHat finalist Ivan Fratric, Microsoft said in a press release announcing the tool upgrade. "ROP is an advanced technique that attackers use to combine short pieces of benign code, already present in a system, for a malicious purpose," Microsoft explained.
The EMET 3.5 Technology Preview is available for download now with Fratric's ROP defenses incorporated. His entry to the BlueHat contest was a tool called ROPGuard which makes a set of checks against ROP-style attacks, and then can help block those attacks.
A Croatian researcher at the University of Zagreb, with a PhD in computer science, the adoption of Fratric's results have not been named the winner of the BlueHat contest, which comes with a $200,000 first prize and a $50,000 second prize. "All (the contestants) went after ROP. All the major exploits in recent history are ROP-based," said Reavey, noting the Pwn2Own 2012 exploit as being based in ROP. "It's difficult to mitigate against [ROP] because it's repurposing code for bad things that normally can be used for good things."
The name "BlueHat" is a reference to the Black Hat conference and Microsoft's corporate color of choice. It was first coined in 2005, as a somewhat-secretive, Redmond-based, Microsoft-sponsored hackathon for independent security researchers.
by Seth Rosenblatt July 25, 2012 12:30 AM PDT
No comments:
Post a Comment