Last October I blogged about EMET–Protection Against Zero-Days – a really great tool to protect your environment.
We just released a new version, which can be downloaded here: Enhanced Mitigation Experience Toolkit v3.0.
Before you test it, make sure you have your Bitlocker recovery key ready (or – before the next reboot, suspend Bitlocker . . . → Read More: New EMET Version
I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To . . . → Read More: Keep all your software updated and current
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along . . . → Read More: 10 Years of Trustworthy Computing at Microsoft
Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only one side of the equation . . . → Read More: A Security Comparison: Microsoft Office vs. Oracle Openoffice
Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches:
Fake Phone Networks: I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too worried about it. But still, for . . . → Read More: Six “New” Attack Vectors
Usually I blog intensively on the release of the Security Intelligence Report. However, this time I am out of office and have just little time to give you insight. We spent a lot of work to make it more comprehensive and give you a more stable view over quite some time. So there is a . . . → Read More: Security Intelligence Report v9 is online
What is your view?: Stuxnet: Future of warfare? Or just lax security?
We are basically asking the industry to follow a Coordinated Vulnerability Disclosure and are therefore not in favor of public vulnerability disclosure as it puts the industry unnecessarily at risk.
Recently there was a vulnerability in ASP.NET publically disclosed. We released an advisory and you should look into implementing the suggested workaround: Vulnerability in ASP.NET . . . → Read More: Advisory for the ASP.NET Vulnerability
I think I told the story thousands of time and everybody knows it but I will do it the 1001st time now . When I joined Microsoft and became what is the Chief Security Advisor for Switzerland today, we had an airlift for Windows Server 2003. The Product Manager in Switzerland asked me to keynote . . . → Read More: The Importance of Application Security