Roger Halbheer on Security
When I was talking to governments about Flame a few weeks ago, they typically told me that they do not see a lot but that they are heavily concerned about SpyEye and other banking trojans. It is now reflected in this article:
New bank theft software hits three continents
Roger
In the meantime I guess that most of us agreed that Consumerization of IT or Bring Your Own Device or how ever you want to call this will become a reality – probably rather sooner than later. In the meantime our team in France published a few papers/guides, which are definitely worth looking at: I…
DetailsYesterday we all had a very long day: We hosted the EU Cybersecurity and Digital Crimes Forum in Brussels. At lot of government elites from all across Europe attended and were part of very intense discussions. It was obvious that people really are serious about cyber-whatever and that actions are being taken. I think that…
DetailsWhat about using Bitlocker???? Laptop lost with data for more than 2,000 patients, Boston Children’s reports
One such incident probably pays your Windows 7 migration project – no?
Roger
Last October I blogged about EMET–Protection Against Zero-Days – a really great tool to protect your environment. We just released a new version, which can be downloaded here: Enhanced Mitigation Experience Toolkit v3.0. Before you test it, make sure you have your Bitlocker recovery key ready (or – before the next reboot, suspend Bitlocker and…
DetailsI guess, I do not have to comment this – right? What Microsoft can teach Apple about security response To quote the summary: Microsoft just released seven security updates to fix 23 vulnerabilities in Windows and other products. In February, Apple released a massive update that covered 51 vulnerabilities and also introduced an embarrassing security…
DetailsA few days ago, Windows Defender Offline was released. This is basically the tool to use, if you are unable to remove malware from a running PC. To quote the website: Sometimes, malicious and other potentially unwanted software, including rootkits, try to install themselves on your PC. This can happen when you connect to the…
DetailsBring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that…
DetailsWhen people look at attackers, they always think that they are extremely smart people. There are really smart people building the kits but the ones applying it? Well, you just need the right guidance:
Hacker’s Tiny Spy Computer Cracks Corporate Networks, Fits In An Altoid Tin
Fairly easy, isn’t it?
Roger
I am following Shoaib’s blog since quite a while – actually due to the beauty of the Internet, we only met virtually so far . He just posted on his blog: 5 Common Types of Security Professionals I really like this post. The way he categorizes them is: The NO-MASTER The By-The-Book Preacher The Dinosaur…
DetailsThis was an interesting article on cio.com: Apple, Oracle, Google Lead Major Vendors with Software Vulnerabilities in Q1, Security Report Says – by TrendMicro. Now, these stats are always a bit a challenge: They make a really good headline but if the statistics does not include the severity of the vulnerabilities, it is hard to…
DetailsThis has nothing to do with security nor with technology – but it is worth (in my opinion) 20 minutes of your time! Recently a friend of mine told me to read Good to Great: Why Some Companies Make the Leap…And Others Don’t by Jim Collins. Well, I said kind of “yeah, yeah†but downloaded…
DetailsI know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To…
DetailsOne of the challenges customers always have is, how to select the right cloud partner and fairly often security drives this selection. The Cloud Security Alliance published the Cloud Controls Matrix quite a while ago and in addition a Consensus Assessments Initiative Questionnaire and a lot of request for information/proposal are based on this material.…
DetailsYears ago information security or cybersecurity was in the hands of specialists, which set the rules and the users had to follow – in theory. Whether the users really followed the rules, policies and recommendations is a different story but it worked that way. I rarely remember a CIO/CFO or CEO really being interested in…
DetailsCORRECTION:So far there is “only” Proof of Concept code in the wild, no real exploit. In our last update cycle we published the security bulletin MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution. Relatively soon after the release, there was a public exploit code available – we informed here: Proof-of-Concept Code available for…
DetailsSorry, I did not blog for quite a while. When looking at the Cloud, one of the key challenges to address – in my opinion – is how to manage the identity of the different users. If you have to add an additional identity to all the logons you already have, the Cloud will just…
DetailsI mean, I obviously like this article: Internet Explorer aces security test as Google faces accusations as it has a nice quote to start with: Internet Explorer 9 should be the go-to browser for organizations concerned about protecting machines from malicious downloads, according to a new study from NSS Labs: Microsoft’s browser trounced rivals Chrome,…
DetailsJust got the date confirmed: The Windows 8 Consumer Preview will be available on February 29th. I am looking forward to this next exciting step toward the final version!! Stay tuned!
Did I already tell you that you shall move off Windows XP to Windows 7 for security reasons?
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two…
Details