Legal Risks of the Cloud
I just stumbled across an interesting blog post named Legal Implications of Cloud Computing. I am not a lawyer and therefore unable to judge the details but overall it gives a good view of the risks and challenges.
Roger
Why Windows 7 XP Mode makes sense from a security perspective
I have to admit: When I first learned about Windows 7 XP Mode I was quite surprised. How can we actually ship an XP Virtual Machine with Windows 7? Well, then I started to think (no, it did not hurt too much )… But before I share my findings with you, let me tell you…
Windows Server 2008 Hyper-V Role EAL 4+ certified by BSI
That’s new: We have Windows Server 2008 Hyper-V Common Criteria EAL 4+ certified. The new thing is that we certified it in Germany by the BSI (Bundesamt für Sicherheit in der Informationstechnik). You can find the report here: https://www.bsi.bund.de/cae/servlet/contentblob/612768/publicationFile/35487/0570a_pdf.pdf
Roger
Onion News: The Future of Privacy – the Google Opt-Out Village
Not really serious – just fun (or isn’t it??):
Roger
The Microsoft Security Update Guide
I know that these news are not new but I was away when we announced it and to me it is important enough to take it up afterwards. Over the last few months we worked on a document explaining everything which is going on around an Update Tuesday. So, what is an Advanced Notification, what…
Blaster's Birthday
I guess you remember the day back in 2003: I was actually on vacation when I was called in back to the Microsoft offices as we had some strange things going on… It was the day of the Blaster breakout. The first time I personally had to deal with a very severe incident here at…
Monitoring – a Key Activity to a Trustworthy Infrastructure?
As you might have read, I recently blogged about my infrastructure and the future of a platform towards a better management of compliance. I wrote about Deploying PKI Time Sync on Virtual DCs Patch Management, a key step towards compliance! Especially the Time Sync post was more about a technical challenge rather than a high-level…
Vacation differently: Find new interesting places using Geocaching
This has absolutely nothing to do with security but is a lot of fun: A few years ago, I read an article about Geocaching. Basically, this is a treasure hunt using GPS. Wikipedia describes it like that: Geocaching is similar to the 150-year-old game letterboxing, which uses clues and references to landmarks embedded in stories.…
Windows 7 E – the new Microsoft Proposal to European Commission
I saw a lot of chatter on blogs and Twitter about Windows 7 E (the European edition without Internet Explorer). On July 24th, we published a new proposal on that. Read our statement yourself: Microsoft Proposal to European Commission
Roger
A few comments to yesterday's Out of Band
It is pretty typical – these things often happen, when I have a really bad Internet connection ;-). However, I am back home and the connection is kind of better now… I guess you have seen and heard about the two out of band updates we shipped yesterday. They are kind of special and I…
Kaspersky's View of a Secure Internet – Does this make sense? I think not
A few months ago, I already had some discussions with Eugene Kaspersky during an event of the Council of Europe on Cybercrime, how to address cybercrime on the Internet. At the moment, I am at a very, very slot connection and just got, what I saw on my RSS feed enclosure and could not verify…
SANS: Recent attacks and a false sense of security
Well, as I am not really working, just a quick one: http://isc.sans.org/diary.html?storyid=6787&rss
Roger
Join the Windows 7 and Internet Explorer 8 Security Baselines Beta
The day before yesterday we opened the Windows 7 and Internet Explorer 8 Security Baselines Beta and would look forward to getting your feedback and comment. So, sign up for it if you are interested: Sign-Up Now for the New Windows 7 and Internet Explorer 8 Security Baselines Beta Opening July 13th!
Roger
Manage Network Access Protection at Microsoft
As you know, I am a big fan of the concepts behind Network Access Protection as it allows to dynamically define zones on you network. We just published a whitepaper called Manage Network Access Protection at Microsoft: Network Access Protection (NAP) is a powerful new Windows Server 2008 feature that can help protect networks from…
Office 2010: The Movie
Just some fun before I leave for vacation: http://www.youtube.com/watch?v=VUawhjxLS2I
BTW: Office 2010 really rocks – I am running the Technical Preview since quite a while now…
Have a good summer
Roger
Physical Security: ATMs equipped with Pepper Spray
This is “real†hard-core security. If the ATM feels that it is tempered with, it releases pepper spray. It is kind of a “self-defense†mechanism. I just hope it never thinks that I am tempering with the machine when I just want to get money…
Roger
Paper on Information Warfare
I often see a lot of discussions on Information Warfare. Today I just stumbled across a paper published by RAND called Strategic Information Warfare – A New Face of War – from my first impression definitely worth reading
Roger
Distributed Denial of Service – and how it works
I often get asked about Distributed Denial of Service (DDoS) attacks, how it works and what role we can play to prevent them. So, let me start with the first part of it: Our Security Intelligence Report version 5 talked about the underground economy and actually explained what is happening before a DDoS takes place.…
Bitlocker To Go – Cool Stuff
I guess you know my view to protection of USB-ports. I get often asked how you can protect your user’s from using USB-sticks. There are ways – especially in Vista – but don’t do it. Your users most probably have a good business reason, why they would want to use USB-sticks and by not letting…
File Classification Infrastructure: More content
At the Analyst Event last week I was asked more than once about the File Classification Infrastructure. As it was something I never looked into the details, I started from the blog post I wrote mid May File Classification Infrastructure in Windows Server 2008 R2 and just wanted to collect some information about it. If…