On mySimon: The North Face Mountain Sneakers for Men
BNET Business Network:
BNET
TechRepublic
ZDNet

March 25th, 2009

Microsoft adds 'Skywing' to Windows defense team

Posted by Ryan Naraine @ 11:57 am

Categories: Arbitrary Code Execution, Complex Attacks, Data theft, Exploit code, Hackers, Hirings and firings, Kernel-level Exploits, Metasploit, Microsoft, Patch Watch, Pen testing, Punditocracy, Research, Responsible disclosure, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Team, Microsoft Corp., Defense, Shostack, Microsoft Windows, Operating Systems, Security, Software, Ryan Naraine

Ken ‘Skywing’ Johnson, a well-known hacker famous for his work on bypassing several Windows anti-exploitation mechanisms, has joined the software maker to help make it harder to compromise the operating system.

Johnson, who teamed up with another recent Microsoft hire — Matt ‘Skape’ Miller — on several Uninformed Journal articles on breaking into the Windows OS, will be working on “everything related to vulnerabilities, exploits, defenses [and] bypassing defenses,” according to Microsoft’s Michael Howard.

[ SEE: From Metasploit to Microsoft: Skape goes to Redmond ]

This isn’t Redmond’s first dip into the attack-focused hacker pool for talent.  As Dennis Fisher points out, the recruiting essentially began about three years ago when Adam Shostack joined Microsoft. Shostack is a well-known security and privacy expert and had spent years in start-ups and smaller organizations and was not afraid to be critical of Microsoft’s policies.

Last year, the company also hired Linux security guru Crispin Cowan to fix the UAC mess and snapped up Metasploit developer Matt Miller to work on improved ways to find security vulnerabilities and better software defenses through mitigations.

  • Given the emphasis that Microsoft has placed on anti-exploitation and memory protection in its most recent releases, including Vista and Internet Explorer 8, it stands to reason that the company will continue to bring in more of the people who have done work on the other side of that fence. There’s no defense like a good offense.

Here’s a sample of Skywing’s research:

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 5 Talkback(s)
so M$ steals Linux code to fix their UAC by hiring Linux programmers. ok.
smooth move.
but still theft.

happy

.

... (Read the rest)
Posted by: wessonjoe Posted on: 03/27/09 You are currently: a Guest | | Terms of Use
Maybe Apple will actually hire the person  GuidingLight | 03/25/09
Maybe Apple will actually hire the person  SamYeager | 03/25/09
They are ending support for XP  chrome_slinky@... | 03/25/09
Right... I for one like Macs & Linux instead  LBiege | 03/26/09
so M$ steals Linux code to fix their UAC by hiring Linux programmers. ok.  wessonjoe | 03/27/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Enterprise Applications

  • Check out some of the easiest and most powerful ways to boost productivity while saving money on your application infrastructure. See ZDNet's comprehensive Enterprise Application resource center, now!
  • New Online Dashboard
  • Read about top issues IT decision-makers face every day, plus get cost effective solutions to real life IT problems. Oracle Topline