Roger Halbheer on Security
As you might know, solving CAPTHCAs is not really a difficult task for the underground economy. Initially, they wrote code to do it – but then learned that it is easier to outsource the puzzle solving to cheap labor. For a few dollars you can have a CAPTCHA farm solving 1000 CAPTCHAs for you. Fairly…
DetailsI came across this article this morning: 5 Ways Event Log Management Makes You More Secure. The claim there is, that adding 5 additional tasks will make you more secure: Centralized logging makes it possible to review all the logs SIEM is French for “locked down” Event correlation helps you find bad things Search and…
DetailsIn one of my latest blogs Security in 2013 – the way forward? I mentioned that I have two slides showing the evolution of Windows in the light of the evolving threat landscape and the evolution of the Internet. I got some requests for this deck. Therefore I posted it on my Downloads page. You…
DetailsThis morning I read an article on Infoworld: Why you should care about cyber espionage which – to me – is a strange question. First of all, most companies have to protect some sort of intellectual property. It is not new for the Internet, that state-driven espionage not only targets state’s secrets but industrial espionage…
DetailsI just needed to post this: There is a new blog on our Surface: I am really, really, really looking forward to getting the Surface Pro here in Switzerland J Related articles Surface Windows 8 Pro arrives 9 February Microsoft finally launches official Surface blog Embargoes lifted, reviews of the Surface Pro are in Microsoft…
DetailsMost companies have a lot of security policies to protect their assets and then there is the best of breed security technology added for each technical problem to solve. That way we can ensure that we did everything we could to protect the business – right? Well I do not completely think. I read this…
DetailsDepending on where I travel and with which customers I talk, patch management is still the number 1 issue coming up. Not only is the challenge to deploy the updates – much worse, there is still an awareness issue in a lot of markets. People know that they should patch but too often do not…
DetailsToday is the day we launched Office 365 officially to the broad market. This is a real cool step forward you should look at: Go to http://office.microsoft.com and give it a try. For only $8/year you get the ability to have it on up to 5 PCs or Macs (well, I guess you choose PCs…
DetailsTypically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune tellerJ. But there are things we know and things we definitely need to drive this year. I would actually put it into…
DetailsI was just made aware of a case study, which is a really interesting “attack” on a US company via VPN. It is sometimes not like it seems… You should read this: Case Study: Pro-active Log Review Might Be A Good Idea At least a way to get some air-cover if you look at the…
DetailsIt seems that it is an eternity ago – and it is. Pretty much three years ago, Doug Cavit and me published a paper called the Cloud Computing Security Considerations. Even though it is three years, the paper is still worth reading as the content still applies. What we basically said was, that if you…
DetailsA lot of customers are asking us about Direct Access and how you can implement it. Erez Ben Ari (a Senior Support Escalation Engineer at Microsoft) and Bala Natarajan (a Program Manager in our Windows division) wrote a book on that called Windows Server 2012 Unified Remote Access Planning and Deployment. This is the abstract:…
DetailsIn the recent months, we have seen more and more targeted attacks towards our customers. A lot of them use a technique called Pass the Hash. This made us publishing a paper, which explains Pass the Hash but much more important shows some fairly simple to implement mitigations against this type of attack. As they…
DetailsWhat a statement! The last time I was on a panel with Eugene Kaspersky, he told us that the world will end and the only way to prevent this from happening is a new really secure OS (and they have one…). And now, I read such statement: Microsoft products no longer feature among the Top…
DetailsThis is a very interesting experiment – and actually very, very frightening:
Roger
Trustworthy Computing just released two papers on current issues: Determined Adversaries and Targeted Attacks Whitepaper This paper shares Microsoft’s insights into the threat that Determined Adversaries and Targeted Attacks pose, identifies challenges for organizations seeking to combat this threat category and provides a context for other papers that will directly address each of those. http://www.microsoft.com/en-us/download/details.aspx?id=34793…
DetailsExactly the right article for a weekend: May the (En)Force(ment) Be With You – Security Lessons from Star Wars From applying security policies to DLP and effective user authentication, there are many infosecurity lessons to be learned from the classic space opera. Terry Greer-King of Check Point shows how companies can avoid the Empire’s mistakes…
DetailsOur friends in France are currently working intensively on Test Lab Guides for Consumerization of IT. The next one was just released: New Consumerization of IT Test Lab Guide: Hyper-V Windows 8 corporate virtual machine on personal computer” This is the overview: Thinking about Consumerization of IT (CoIT) necessarily leads to some security and management…
DetailsAs you know, protecting your information in the cloud is key. We just published a paper called Information Protection and Control (IPC) in Office 365 Preview with Windows Azure AD Rights Management. Here is the summary: Due to increased regulation, the Consumerization of IT (CoIT) and the “Bring Your Own Device” (BYOD), the explosion of…
Details
