Yes, it is still me
Yes, you are still on the right blog. Things change and one of these is my blog design (the rest I will communicate in due time).
Roger
Making Sense from Snowden: What’s Significant in the NSA Surveillance Revelations
I do not want to comment this but it is a fairly interesting article on Snowden’s Revelations, the consequences and the legal frameworks. Definitely worth spending the time: Making Sense from Snowden: What’s Significant in the NSA Surveillance Revelations Roger Related articles FAQ: 5 Things Known and Alleged About NSA surveillance (sallyannfredericktudor.wordpress.com) Snowden: UK Government…
DetailsCareful, when Microsoft Support is calling
I guess you are aware of the phone scams, when Microsoft support is calling you to tell you that you have an issue on your computer, which needs to be fixed. A Norwegian team was actually able to film that. The whole conversation with the “supporter” is in English (the rest in Norwegian) and is…
DetailsWindows XP: The world after April 8, 2014
To be clear upfront: After support for Windows XP will end, the world will still exist – at least I hope. However, over the course of the last few months I read numerous articles with speculations, what is going to happen, once we stop support of Windows XP. The key problem is, that we do…
DetailsUnique in the Crowd – False sense of Privacy
This morning, I was reading a very interesting article called Unique in the Crowd: The privacy bounds of human mobility. This is the abstract: We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the…
DetailsTargeted Attacks – a Video Series
Trustworthy Computing in partnership with Microsoft IT, Microsoft Consulting and the product groups just released a series of videos on targeted attacked and how to defend.
I would definitely urge you to listen to them and make sure you implement the countermeasures: Targeted Attacks Video Series
Roger
Are we sitting on a time bomb?
I just read another of these studies: Enterprises sitting on security time bomb as office workers compromise company data. Let’s briefly look at the findings first: 38% of U.S. office workers admit to storing work documents on personal cloud tools and services […] almost a fifth (16 percent) of people use Dropbox to store work…
DetailsThe Moscow Rules in the Cyberspace
Doing your basics is a natural given, when you defend your assets. Basics like updating your computers, staying on latest versions, dynamic network zones, incident response, identity management, monitoring etc. etc. – last but not least (or probably first J) is to know your assets and have your data classified so that you understand, which…
DetailsEnabling the Hybrid Cloud with Microsoft Technology
When I talk with customers about the Cloud, we always talk about a few key themes: Identity: I am convinced that you need to be able to federate your identity from your on premise solutions to the cloud. You will want to control the process of decommissioning an identity and want to make sure that…
DetailsIs there a future for Product Certifications?
Often, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system on Common Criteria EAL 4+ – the highest level, which seems achievable for multi-purpose…
DetailsWill the user define security policies in the future?
I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define a set of hardware anymore but that the…
DetailsIf you think tablets are the silver bullet – watch out…
Well, some tablets could be but what about the productivity apps?
Roger
Some Windows XP Users Can’t Afford To Upgrade
I just read a post on slashdot: During a recent trip to an eye doctor, I noticed that she was still using Windows XP. After I suggested that she might need to upgrade soon, she said she couldn’t because she couldn’t afford the $10,000 fee involved with the specialty medical software that has been upgraded…
DetailsMicrosoft Account: Enable Two-Step Verification
We could even talk about two-factor authentication in my opinion. The idea is, that whenever you logon from an untrusted PC, you will be asked to use a second factor (or step). In my case, which I show below, I use the Authenticator app on my phone, which is similar to an RSA SecureID. How…
DetailsThe Countdown Begins: Support for Windows XP Ends on April 8, 2014
Over the course of the next 12 months, you will definitely hear us turning up the volume on Windows XP end of life. However, I really hope that you started your migration – if you have not already migration until today. Trustworthy Computing just looked at the end of support through the lens of the…
DetailsGet off XP or Risk your Business?
One of the highest hit rates I ever had on my blog was one I wrote right before Conficker broke out. I called it Playing Russian Roulette with your Network. The background was, that we released an out of band security update and our customers came back and asked us, whether they really shall deploy…
DetailsInternet Accessible SCADA Systems
This is a fairly scary view of the world…. Freie Universität Freiburg mapped the Internet accessible SCADA systems. Have a look on your own:
Roger
Related articles
- Worldwide Map of Internet Connected SCADA Systems (cyberarms.wordpress.com)
- The SCADA security challenge (net-security.org)
- SCADA’s frighteningly exposed underbelly (blogs.techworld.com)
- Thousands of Finnish SCADA systems vulnerable to attack (asherwolf.net)
The Future of CAPTCHAs?
As you might know, solving CAPTHCAs is not really a difficult task for the underground economy. Initially, they wrote code to do it – but then learned that it is easier to outsource the puzzle solving to cheap labor. For a few dollars you can have a CAPTCHA farm solving 1000 CAPTCHAs for you. Fairly…
DetailsIs Monitoring the Silver Bullet?
I came across this article this morning: 5 Ways Event Log Management Makes You More Secure. The claim there is, that adding 5 additional tasks will make you more secure: Centralized logging makes it possible to review all the logs SIEM is French for “locked down” Event correlation helps you find bad things Search and…
DetailsWindows Security Evolution
In one of my latest blogs Security in 2013 – the way forward? I mentioned that I have two slides showing the evolution of Windows in the light of the evolving threat landscape and the evolution of the Internet. I got some requests for this deck. Therefore I posted it on my Downloads page. You…
Details