During the Black Hat conference in Las Vegas this week, Microsoft plans to provide a progress report on the security initiatives that it launched last summer, as well as release new security tools to better equip IT professionals and security researchers.
"There's a race between attackers and defenders and if we want to win, we have to share information, said Mike Reavey, director of the Microsoft Security Response Center.
One way the software maker plans to do this is by releasing the Microsoft Office Visualization Tool, a utility which provides a graphical overview of the Office binary file format. According to Microsoft, the software will make it easier for programmers to understand how attacks target Office files, noting that most malware attacks application vulnerabilities and not the OS itself.
"In order to build protections, you have to understand how a specific file format is meant to be used, so then you can understand how it's being misused," Reavey added.
During the conference, Microsoft also plans to release Project Quant, an online information resource designed to provide organizations with a framework for evaluating the cost of patch management processes. In addition, the company also plans to release the Microsoft Security Update Guide, a publication that explains the entire Microsoft update process, and a publish a report titled, "Building a Safer, More Trusted Internet Through Information Sharing."
So you thought the facial recognition technology built into your laptop would keep your business and personal information safe? Bwa-ha-ha! Today, the Black Hat DC 2009 security conference found out that, as Vietnam-based security researcher Nguyen Minh Duc puts it, Your Face is NOT Your Password.
Nguyen's paper reveals (PDF link) that it's relatively simple to hack facial recognition systems included in webcam-equipped laptops from Lenovo (Veriface III), ASUS (SmartLogon v1.0.0.0005), and Toshiba (Face Recognition 126.96.36.199). Methods used included using photographs in place of live faces (Facebook, anyone?) and performing brute-force attacks by changing lighting and photo angles in a digitized face until the system permits access.
Are you counting on facial-recogntion technology to keep your stuff safe? Is your company? Join us after the jump for your chance to sound off on this latest "unbreakable," but now broken, access-control technology.