Sandboxing is now available for Windows Defender (opt-in for now)! Tons of credit to the Microsoft Security Intelligence team for their work on this (it wasn't easy), and thanks to Tavis Ormandy, Natalie Silvanovich, and other researchers who have helped make Defender even more secure cloudblogs.microsoft.com/microsoftsecur…

This is great work, but I have to point out that this is not the “first complete AV solution” to have this capability. @crowdstrike does all of its AV capabilities inside of a heavily sandboxed app container with numerous OS mitigations, PPL, Chrome-style token, and more.

Real World Crypto 2019 program is now available... rwc.iacr.org/2019/program.h…

Ian Levy of GCHQ has released an essay on how law enforcement should get access to end-to-end encrypted communications. Here is the critical bit to pay attention to. They're proposing to exploit the fact that users don't verify each other's public keys, and inject bad keys.

Posted without comment ( eprint.iacr.org/2018/1209.pdf ).

Ever wanted to take a look at the crypto code that ships in Windows? SymCrypt is now open source: github.com/Microsoft/SymC…

Congratulations to Microsoft Research's Josh Benaloh on today's announcement of #ElectionGuard at #MSBuild. Josh pioneered the use of homomorphic encryption to enable end-to-end verifiable election technologies. Learn more about ElectionGuard here: blogs.microsoft.com/on-the-issues/…

Wow! What a great speaker lineup for the Connect 2019 NowSecure DevSecOps event. Authors of and contributors to OSS security including Frida radare Capstone Engine mrmacete _leon_jacobs(💥) Giovanni Rocca Eduardo Novella Nikias Bassen Ryan Speers and more! info.nowsecure.com/Connect-19.html

Less than 3 weeks to #suri2019. Besides awesome talks on security, privacy, and crypto, there will be also a BBQ for everyone on Thursday, June 13 (nice view on Lake Geneva and the French Alps included). Attendance is free, don't miss out!

Get ready for iOS 13 support, iOS GPU support, Multi GPU support and Containers!! Just some of the features in the next release.

Statement from Bombardier: While Bombardier doesn't generally comment publicly on rumors, "in light of recent media reports, Bombardier believes it is prudent to advise stakeholders that it is in discussions with Mitsubishi Heavy Industries, Ltd. with respect to its CRJ Program"

The biggest winner in the announcement is clearly Microsoft's Microsoft Azure. Oracle has struggled to keep up with its cloud offerings and is hoping that by partnering with Azure it will reduce a segment of customers from fleeing its database and applications.

If 1024 fair coins are each tossed 10 times, chances are good (> 63%) that at least one will come up heads 10 times in a row; and that coin will be proud to explain how its skill, faith, guts & determination made its achievement possible, and how that combo can work for you too.

Do you enjoy AppSec? Want to help keep communication tool used by millions secure? We are hiring a security engineer in Prague to work on Microsoft Teams, so get in touch! careers.microsoft.com/us/en/job/8781…

Don't tell anyone I told you, but anyone can now download the WARP client for #MacOS and #Windows for free: https://1.1.1.1/beta/ (or one.one.one.one/beta/ since @Twitter discriminates against IP-root URLs). PS - in exchange for this secret info, please send bug reports!

Come work with a great team and on an amazing product!

We’re introducing bug bounty program for Microsoft Teams: send us your bugs, get paid up to $30K. Wouldn’t be possible without great folks at MSRC, so thank you for making this happen.

This is very cool research: extracting UID keys from (old) iPhones via side-channel (EM) analysis: eprint.iacr.org/2021/460.pdf

Absolutely thrilled to have our mobile clients in scope. Looking forward to seeing great submissions!

We're looking for an application security person to join Microsoft Teams. Want to work on a product used by millions? Well versed in application security for both web and native code? Can make sense of large, unfamiliar codebases? Apply here: careers.microsoft.com/us/en/job/1239…