Topics: Security

Microsoft Snags Another Security Researcher

Posted by George Hulme, Aug 18, 2008 04:43 PM

There was a time when it seemed Microsoft viewed security researchers as the enemy, and a big public relations problem. They were the troublemakers who poked holes in Microsoft's operating systems, browser, and desktop software. And they published exploits that helped to automate attacks. Today, Microsoft announced that it hired one of them.

Security expert Matt Miller has probably sent the phone lines ablaze at Redmond a number of times in the past few years. He's also known in security circles as Skape, and has been one of the primary developers of the pentesting/attack tool Metasploit.

Today, Microsoft's Secure Development Lifecycle evangelist Michael Howard announced on his Microsoft blog that Miller would be joining the Security Science team:

Good news! Matt Miller, author of plenty of cutting-edge security research, including my fave "A Brief History of Exploitation Techniques and Mitigations on Windows" has joined the Security Science team to work on improved ways to find security vulnerabilities and better software defenses through mitigations. Most recently, Matt's been focused on design review for Windows 7.

A set of eyes like Miller's can only help reduce the number of attack vectors and vulnerabilities in Windows 7. Here's a rundown on some of his recent presentations:

WOOT: 2008: Modeling the trust boundaries created by securable objects
ToorCon: 2008: State of the Exploit

Breakpoint: A Brief History of Exploitation Techniques and Mitigations on Windows

ToorCon 2007: Cthulhu: A software analysis framework built on Phoenix

ToorCon 2005: Exploitation Chronomancy

BlackHat 2005: Beyond EIP

In addition to Metasploit, Miller's software work includes Address Space Layout Randomization tool wehntrust, x64 PE file analyzer x64auto, winstrace for tracking system calls, and memgreg -- a dynamic memory analysis tool for FreeBSD and Linux.

More information on Miller can be found here.

« Are White Spaces The Mobile Internet's White Knight? | Main | Kentico Offers Free Version Of Its ASP.NET-Powered CMS »

This is a public forum. United Business Media and its affiliates are not responsible for and do not control what is posted herein. United Business Media makes no warranties or guarantees concerning any advice dispensed by its staff members or readers.

Community standards in this comment area do not permit hate language, excessive profanity, or other patently offensive language. Please be aware that all information posted to this comment area becomes the property of United Business Media LLC and may be edited and republished in print or electronic format as outlined in United Business Media's Terms of Service.

Important Note: This comment area is NOT intended for commercial messages or solicitations of business.

Blog Categories
Healthcare Cloud Computing Enterprise 2.0 Digital Life Grok On Google Over The Air Outsourcing Global CIO Startup City Information Management Content Management Green Computing Full Nelson Unified Communications	Government IT Analytics Tech Stocks Interop Security Microsoft Apple Unvarnished Open Source Wolfe's Den David Berlind's Tech Radar Virtualization Storage Backup and Business Continuity Blog Homepage

Multicore Programming Blog

Join The InformationWeek Group On LinkedIn

InformationWeek

Business Innovation Powered By Technology

Microsoft Snags Another Security Researcher