Silver Bullet 49: Ivan Arce + informIT on Virtual PC vulnerability

[gem at cigital.com (Gary McGraw)]

hi sc-l,

Ivan Arce is the CTO and co-founder of Core.  He's a very knowledgeable guy and well-respected among the breakers of 
stuff, especially when it comes to low-level attacks against BIOS, kernels, and VMs.  Ivan is Silver Bullet podcast 
victim 49:

http://www.cigital.com/silverbullet/show-049/

We discuss the attacker's perspective, geek life in Argentina, embedded systems attacks, and an important vulnerability 
in Virtual PC that Core is having a very hard time convincing Microsoft to fix. On that last point, Ivan and I wrote 
this month's informIT column about the as yet unfixed the Virtual PC problem:

Assume Nothing: Is Microsoft Forgetting a Crucial Security Message?
http://www.informit.com/articles/article.aspx?p=1588145

It seems Microsoft is overlooking one of the most important lessons from Exploiting Software...assume nothing.

As always, your feedback on Silver Bullet and the informIT series is welcome.

gem

company www.cigital.com
blog www.cigital.com/justiceleague
book www.swsec.com