Microsoft in March held a two-day summit called “Blue Hat”, where it invited hackers to meet with the security researchers who work to protect Windows, according to C|Net. While the article does not mention any specific criminal hackers, it does say that Jim Allchin, the guy in charge of the Windows product group was there, as well as Stephen Toulouse, a program manager in Microsoft’s security unit, Matt Thomlinson, Microsoft’s director of security engineering, Dan Kaminsky, who does research for limitations in hashing algorithms and file transfers, and HD Moore, creator of the intrusion program Metasploit. These events can go a long way towards making Windows and the internet through it safe again, so hopefully Microsoft will hold more of these.
Within minutes after their meeting was convened, however, the hall became hushed. Hackers had successfully lured a Windows laptop onto a malicious wireless network.
The event, which Microsoft has not publicized, was dubbed “Blue Hat”–a reference to the widely known “Black Hat” security conference, tweaked to reflect Microsoft’s corporate color.
… “It is rare that I can present to the people who are both responsible for and capable of fixing the issues that I cover,” security researcher HD Moore said,
… As a result, Anderson and his team walked away with some concrete ideas on how to make sure future versions of Windows are more resilient to wireless attacks. He also left the room with a new respect for the hackers behind the demonstration.
“It’s not just a bunch of disaffected teenagers sitting in their mom’s basement,” he said. “These are professionals that are thinking about these issues.”
… At one point, researcher Matt Conover was talking about a fairly obscure type of problem called a “heap overflow.” When he asked the crowd, made up mostly of vice presidents, whether they knew about this type of issue, 18 of 20 hands went up.
“I doubt that there is another large company on this planet that has that level of technical competency in management roles,” Moore said.