Mitigating Pass the Hash Attacks

In the recent months, we have seen more and more targeted attacks towards our customers. A lot of them use a technique called Pass the Hash. This made us publishing a paper, which explains Pass the Hash but much more important shows some fairly simple to implement mitigations against this type of attack. As they…

Details

Two Papers on Current Issues

Trustworthy Computing just released two papers on current issues: Determined Adversaries and Targeted Attacks Whitepaper This paper shares Microsoft’s insights into the threat that Determined Adversaries and Targeted Attacks pose, identifies challenges for organizations seeking to combat this threat category and provides a context for other papers that will directly address each of those. http://www.microsoft.com/en-us/download/details.aspx?id=34793…

Details

Security Lessons from Star Wars

Exactly the right article for a weekend: May the (En)Force(ment) Be With You – Security Lessons from Star Wars From applying security policies to DLP and effective user authentication, there are many infosecurity lessons to be learned from the classic space opera. Terry Greer-King of Check Point shows how companies can avoid the Empire’s mistakes…

Details

New Consumerization of IT Test Lab Guide: Hyper-V Windows 8 corporate virtual machine on personal computer”

Our friends in France are currently working intensively on Test Lab Guides for Consumerization of IT. The next one was just released: New Consumerization of IT Test Lab Guide: Hyper-V Windows 8 corporate virtual machine on personal computer” This is the overview: Thinking about Consumerization of IT (CoIT) necessarily leads to some security and management…

Details

Paper: Information Protection and Control (IPC) in Office 365 Preview with Windows Azure AD Rights Management

As you know, protecting your information in the cloud is key. We just published a paper called Information Protection and Control (IPC) in Office 365 Preview with Windows Azure AD Rights Management. Here is the summary: Due to increased regulation, the Consumerization of IT (CoIT) and the “Bring Your Own Device” (BYOD), the explosion of…

Details

UPDATE: Security Advisory – Update For Minimum Certificate Key Length

Yesterday I blogged about the Security Advisory – Update For Minimum Certificate Key Length. I would like to take the opportunity to give some more information on it. The reaction on the advisory is interesting so far. Some customers expect mainly older applications to run into a problem. Others tell us that they mandated 2k…

Details

Security Advisory – Update For Minimum Certificate Key Length

As you know, I rarely blog about Security Advisories or updates but this time, I want to make sure that you saw that: We released the Microsoft Security Advisory (2661254) – Update For Minimum Certificate Key Length to make you aware of the fact that we will restrict usage of all certificates with RSA keys…

Details