A very good video from Sophos on DNSChanger:
Well, yes we need Cybersecurity Legislation without doubt but sometimes the legislator goes too far in my opinion. I read this article this morning: Use Google Street View Maps & Serve More Time. I quote: The state legislature in the U.S. state of Louisiana has passed a law adding extra time for committing a crime…Details
I was just reading an article called Does Facebook even need a CSO? – initially my reaction was (as most of yours I guess): “What a stupid question, for sure we need a CSO”. However, is this true? Do we really need a CSO? Are there other models which would work as well? What is…Details
As you might know, I am deeply convinced that better threat intelligence allows us to take better security decisions – and I am not the only one making this statement. I am trying to get my head around threat intelligence since a while now and realized that depending on with whom I talk, they have…Details
Well, the question is not too provocative. The longer I look into the risk, the more I am asking this question. Now, we have to separate the different company sizes. I guess for a small and medium business â€“ with the correct safety measures â€“ it makes a lot of sense and you could safe…Details
Trust in your cloud provider is key, when you move more data there than data classified as public. Then come all the solutions encrypting your data, which keeps it safe but at the end of the data loses search. A real problem I have not seen a solution. Additionally we run into the problem protecting…Details
Artificial Intelligence and Machine Learning hold a lot of promises in security. They will help us address the problems around false positives and detecting anomalies. There is a lot of hope and a lot of promises by the vendors in that space. Microsoft invests in this technology as well and I would say we are…Details
Back at the times of outsourcing, there was real tension between IT and the business. Internal IT had the â€œcomfortableâ€ position of having a monopoly: The business used the internal IT and basically just had to pay the bill. Then times came, where the business was not satisfied anymore. That basically started with the time…Details
Even though it might be obvious, compliance is not only about protecting data but identities as well â€“ and more. Jon Collins, Freeform Dynamics, whom I value high, wrote a good article: Doing the right thing on ID management isn’t enough… â€“ you should read it!
We started a program called â€œBrowser for the Betterâ€ where we donate 8 meals to Feeding America per download of Internet Explorer 8 (until August 8th).
So, go out and download Internet Explorer 8 from the site above
This is a very tough legislation: France just agreed on a new Internet Piracy Bill. If you violate piracy laws three times, you will be banned from the Internet up to an year:
Are networks air gapped, really? Do you build critical systems on commercial products? Often critical systems are built on commercial products and air gapped networks are almost air gapped – except for the few bridges that were built for convenience reasons… Look at recent news: These classified networks are definitely not connected to the Internet,…Details
It is obvious: Less admin privileges reduces the risk of successful attacks. This is not really news, isn’t it? That this reduces the attack surface dramatically, well, not new either: Time to drop unnecessary admin privileges What I am really wondering: We are all talking about Bring Your Own Device scenarios, where it is to…Details
I am convinced that there are workloads that can and should be moved to the Cloud: For security reasons as well as for economical reasons. E-Mail might well be the first one of them.
There is a good post on that: Editor’s Note: Email, the Lowest-Hanging Fruit of the Cloud
It seems that RSA got attacked and might have lost some information. They actually took a really courageous step and went public and the Executive Chairman wrote an open letter. To quote: While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA…Details
It is not new, that identity will become your new perimeter, your next control pane. Still I see a lot of companies struggle with the concept and with the feeling to have the identity in the Cloud. Often, I hear the statement that they “lose control” once the identity is (at least partly) managed in…Details
I am more than pleased to inform you that we announced today a partnership between EMC/RSA and us. This partnership involves the integration of EMC/RSA technology into our platform. I quote from our press release: Microsoft will build the RSAÂ® Data Loss Prevention (DLP) classification technology into the Microsoft platform and future information protection products.…Details
We are just kicking off the EMEA TwC Analyst Summit, which is running for the next two days. The first time we are using technologies like Twitter live from the event and we encourage the Analysts to do the same. Therefore, you might follow what is going on there on different channels but mainly: The…Details
If you have not seen it, you should probably have a brief look at it. We are seeing a new worm spreading on Exchange. This worm is not exploiting a vulnerability but uses social engineering to spread. Please read our MMPC blog at Emerging Malware Issue: Visal.B or look it up in our malware encyclopedia…Details