|
||||||
Will the user define security policies in the future?I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define a set of hardware anymore but that the user will buy their own and use it for business. Additionally, different people have different ... 
Get off XP or Risk your Business?One of the highest hit rates I ever had on my blog was one I wrote right before Conficker broke out. I called it Playing Russian Roulette with your Network. The background was, that we released an out of band security update and our customers came back and asked us, whether they really shall deploy it – this situation then led to Conficker. About 12 months from today, Windows XP will ... 
Security in 2013 – the way forward?Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into the context of typical hygiene of any IT environment. Let's try to understand, where we stand ... 
The Directory in the Cloud?It seems that it is an eternity ago – and it is. Pretty much three years ago, Doug Cavit and me published a paper called the Cloud Computing Security Considerations. Even though it is three years, the paper is still worth reading as the content still applies. What we basically said was, that if you look at the Cloud, there are five areas of Considerations: Compliance and Risk Management: Organizations shifting ... 
What a statement! The last time I was on a panel with Eugene Kaspersky, he told us that the world will end and the only way to prevent this from happening is a new really secure OS (and they have one…). And now, I read such statement: Microsoft products no longer feature among the Top . . . → Read More: Kaspersky Lab: Microsoft software products pretty darn secure End of July we issued the fourth MSRC progress report showing not only the work we did on the Security Updates but with all the different programs with run out of MSRC as well. I guess this could be interesting for you as well: Microsoft Security Response Center (MSRC) Progress Report Roger Yesterday I blogged about the Security Advisory – Update For Minimum Certificate Key Length. I would like to take the opportunity to give some more information on it. The reaction on the advisory is interesting so far. Some customers expect mainly older applications to run into a problem. Others tell us that they mandated . . . → Read More: UPDATE: Security Advisory – Update For Minimum Certificate Key Length As you know, I rarely blog about Security Advisories or updates but this time, I want to make sure that you saw that: We released the Microsoft Security Advisory (2661254) – Update For Minimum Certificate Key Length to make you aware of the fact that we will restrict usage of all certificates with RSA keys . . . → Read More: Security Advisory – Update For Minimum Certificate Key Length One of the most prevalent threats we are currently seeing in a lot of countries is SypEye. The Microsoft Malware Protection Center just published a report providing an overview of the malware: This Microsoft Malware Protection Center (MMPC) Threat Report provides an overview of the Win32/EyeStye (a.k.a. SpyEye) family of malware. The report examines . . . → Read More: Background Information on SpyEye I guess, I do not have to comment this – right? What Microsoft can teach Apple about security response To quote the summary: Microsoft just released seven security updates to fix 23 vulnerabilities in Windows and other products. In February, Apple released a massive update that covered 51 vulnerabilities and also introduced an embarrassing . . . → Read More: What Microsoft can teach Apple about security response I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To . . . → Read More: Keep all your software updated and current CORRECTION:So far there is “only” Proof of Concept code in the wild, no real exploit. In our last update cycle we published the security bulletin MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution. Relatively soon after the release, there was a public exploit code available – we informed here: Proof-of-Concept Code available for . . . → Read More: Security Updates and Exploit Code The Enhanced Mitigation Experience Toolkit is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going . . . → Read More: EMET–Protection Against Zero-Days I know, I have been fairly slow in blogging currently but I was fairly busy with a few cool projects (which I will disclose later) and – time flies if you are having fun Just a quick one: The MMPC on Facebook and Twitter The Microsoft Malware Protection Center (MMPC) officially launched its Facebook page . . . → Read More: Microsoft Malware Protection Center on Facebook and Twitter |
|
|||||
|
Copyright © 2013 Roger Halbheer on Security - All Rights Reserved Powered by WordPress & Atahualpa |
||||||
