Roger Halbheer on Security
The Dutch TV broadcaster VPRO made a great video (about 50 minutes) about zero-days and security leaks for sales.
It raises really good social questions about the role of governments and citizens. Really worth looking at.
Roger
Yes, it is true: There is somebody who publically put known PINs on the Internet. I bet yours is there too: http://www.positiveatheism.org/crt/pin.htm
Roger
In certain areas, getting security right can seem to be very easy. But, hmm, let’s look at this: Poorly anonymized logs reveal NYC cab drivers’ detailed whereabouts. They used MD5 to anonymize the license plate numbers of the taxi drivers – and they did not use any salt. So, it is fairly easy to run…
DetailsWell, I know DOS, I know DDOS, but I never knew PDOS until today: there seems to be a new way to attack systems using the firmware update mechanism and generating a Permanent Denial of Service (actually damaging the hardware)…. I was involved in a Ciritical Infrastrucutre Protection workshop about 2 years ago and one…
DetailsYou might have seen several reports that MS09-008 does not protect you from the vulnerabilities. We reviewed these claims and customers who have deployed MS09-008 are protected from the four vulnerabilities. If you want to have the details, you should consult our Security Research & Defense Blog, where we posted MS09-008: DNS and WINS Server…
DetailsYes, you are still on the right blog. Things change and one of these is my blog design (the rest I will communicate in due time).
Roger
I got some questions on my blog post that you should not by a Wii at the moment. The key question was about whether this is just a teaser. Well, look at the demos they did at E3. You find them here:
Roger
I am a fan of simple and easy to read policies. I do not think that policies consisting of several thousand documents to any good nor will they be followed.
In this context I found a noteworthy blog post: 5 Tips on Writing Security Policies
Roger
Before I start here: Let’s be clear that I will not say (and will never say) that if a customer was infected with Conficker he had a poorly managed network! I had a lot of discussions over the course of time about the reasons for customers being infected. We all know the attack vectors of…
DetailsI know I have been very, very quiet over the last two weeks. The reason was, that the worldwide Chief Security Advisor met at our HQ in Redmond for four days to discuss community related questions as well as the future of certain products.
DetailsUnfortunately, we do not see too many women in security – even though there are huge opportunities irrespective of the gender. Over the years, I had the pleasure to work with great women in this business. We will run an event on Thursday, April 28, 2016 at 6.30pm at the Accenture Office in Zurich with…
DetailsTo be clear upfront: After support for Windows XP will end, the world will still exist – at least I hope. However, over the course of the last few months I read numerous articles with speculations, what is going to happen, once we stop support of Windows XP. The key problem is, that we do…
DetailsFresh out of press (ok, it is out since beginning of April but I just saw it now): Brian Komar, the well-known author of several PKI books on Windows Server just released a new book called Windows Server 2008 PKI and Certificate Security. If you are planning a Windows Server 2008 PKI, this is a…
DetailsThat’s new: We have Windows Server 2008 Hyper-V Common Criteria EAL 4+ certified. The new thing is that we certified it in Germany by the BSI (Bundesamt für Sicherheit in der Informationstechnik). You can find the report here: https://www.bsi.bund.de/cae/servlet/contentblob/612768/publicationFile/35487/0570a_pdf.pdf
Roger
A result of a study by Kasperski lab is fairly promising – even though it shows the problem being raising up the stack: For the very first time in its history, the top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found…
DetailsIn one of my latest blogs Security in 2013 – the way forward? I mentioned that I have two slides showing the evolution of Windows in the light of the evolving threat landscape and the evolution of the Internet. I got some requests for this deck. Therefore I posted it on my Downloads page. You…
DetailsYou might have heard that we will ship an update for Windows Phone 7 soon. Yes, with some new functionality, I am waiting for as well. In the next few days we update the update mechanism to make the delivery for the next version smoother. The interesting piece is, however, the update history we publish.…
DetailsI just got a mail that my Windows Phone 7 is ready for pick-up. Unfortunately I am in Redmond at the moment and my Windows Phone 7 is in Switzerland. The poor device will have to wait for me for another week (or is it the other way around – poor Roger has to wait…
DetailsI am using it since the Beta and it is really cool. I am using Messenger (with the integration to Facebook etc.) as well as the Windows Live Writer to blog.
It rocks: Windows Live Essentials 2011 available for download now
Download and install!
Roger
One of the things which surprises me often, when talking to customers is, that they do not know, when certain (key) products run out of support – and therefore no security updates will be shipped. You should include the following dates in your plans: Windows XP Home: Mainstream support ended 4/14/2009 Windows XP Professional: Extended…
Details
