I guess, I do not have to comment this – right?
What Microsoft can teach Apple about security response
To quote the summary:
Microsoft just released seven security updates to fix 23 vulnerabilities in Windows and other products. In February, Apple released a massive update that covered 51 vulnerabilities and also introduced an embarrassing . . . → Read More: What Microsoft can teach Apple about security response
I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To . . . → Read More: Keep all your software updated and current
The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies:
Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting …
Looking at these 35 strategies, the DSD claims that
While no single strategy can . . . → Read More: Implementing the Top 4 Defense Strategies
A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset. It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response.
. . . → Read More: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response
A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes:
Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand how quickly you need to apply . . . → Read More: Microsoft Security Update Guide, Second Edition
As attacks are moving up the stack, PDF becomes the number 1 exploited file type. Make sure you patch all your applications . . . → Read More: Attacks on Application Level
You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of Second Tuesdays: Challenges in Software . . . → Read More: Behind the Curtain of Second Tuesdays: Challenges in Software Security Response
We all know that Windows XP is rock-solid but not capable anymore to defend against today’s attacks and the same is true for IE6. Having been great products, when they were launched, the threat landscape changed significantly since then.
Windows 7 has a great potential to help customers now move away from Windows XP and . . . → Read More: Move to latest versions – for security reasons
What is your view?: Stuxnet: Future of warfare? Or just lax security?
As soon as zero-days appear on the Internet, two things happen: Somebody publishes an exploit and somebody else an unoffical patch. How trustworthy are such updates? How should you handle them? It is all about risk management! . . . → Read More: The Risks of Unofficial Patches