Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Publish Blue Hat Findings

Posted by ryuzaki0 on from the stylish-chapeau dept.

An anonymous reader wrote to mention an InfoWorld article about Microsoft's plan to publish some of the findings from last week's Blue Hat conference. From the article: "'Everything was fair game,' wrote SQL Server engineer Brad Sarsfield in a blog posting. 'Hearing senior executives say things like: 'I want the people responsible for those features in my office early next week; I want to get to the bottom of this' was at least one measure of success from my point of view for the event.' The Blue Hat name is a play on the Black Hat conferences, which have occasionally been criticized by IT vendors. The 'Blue' part comes from the color of badges that Microsoft staffers wear on campus." They have descriptions of some of the sessions up on the site for your perusal.

6 of 154 comments (clear)

  1. Microsoft SSL already does do 3DES. by xxxJonBoyxxx · · Score: 5, Informative

    I believe Microsoft DOES support 3DES on SSL. My "FIPS 140-1" configurations require it. Look for this key in your windows registry - if you have this key, your SSL does 3DES:

    HHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr ol\SecurityProviders\SCHANNEL\ciphers\Triple DES 168/168

  2. Re:The People Responsible by Drizzt+Do'Urden · · Score: 4, Informative

    They bought it from Xerox, but they were unhappy with the terms of the contract seeing what Apple did with it.

    This is why Apple won in court against Xerox. It is a urban legend that Apple stole it from Xerox.

    --
    Menzoberranzan Networks
  3. Re:The People Responsible by kpat154 · · Score: 4, Informative

    Well, not really. Apple gave Xerox stock in exchange for allowing the devs to see what was going on at Parc with the express understanding that Apple was attempting to create a UI. Xerox didn't expect Apple to completely rip off their work (which was stupid) and they later sued Apple for that fact. This is almost exactly what MS did to Apple.

    Also, Apple didn't win in court. When Apple sued MS for theft Xerox sued Apple for the same thing. Once Apple lost the suit against MS they simply settled out of court w/ Xerox.

  4. Re:Anyone ask why SSL still doesn't do AES? by way0utwest · · Score: 2, Informative

    Can't speak for SSL, but SQL Server 2005 has AES, RC4 (128 bit) RSA, and Triple DES built in for it's internal encryption possibilities.

  5. Yeah, AES went into core crypto, but not SSL. by xxxJonBoyxxx · · Score: 2, Informative

    Yeah, Microsoft finally added AES to its core crypto stuff back in 2003 (I think), but for some odd reason they didn't extend support into the areas that would have used it most: SSL for IIS and SSL for IE. (Dunno if Outlook Express would have used it...probably.)

  6. Re:Blame to Go Around by JaredOfEuropa · · Score: 3, Informative
    "Hearing senior executives say things like: 'I want the people responsible for those features in my office early next week; I want to get to the bottom of this' was at least one measure of success from my point of view"
    "I want the people responsible for those features in my office early next week; I want to get to the bottom of this" is management-speak for "not it!".
    --
    If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...