Roger Halbheer on Security
On Friday arstechnica published a longer story on Meet “badBIOS,” the mysterious Mac and PC malware that jumps airgaps. The author talks about a virus/rootkit discovered by Dragos Ruiu, (organizer of CanSecWest and PacSec). The plot looks like a bad Hollywood movie. He describes strange behavior of machines that are completely new, setup from scratch,…
DetailsThis morning I started to read the classical security sources again and found this article: LinkedIn ‘Intro’duces Insecurity. I started to read without too much interest until I reached this point: Intro reconfigures your iOS device (e.g. iPhone, iPad) so that all of your emails go through LinkedIn’s servers. You read that right. Once you…
DetailsIt is not that there were no themes to blog about. It was much more that I had the great opportunity to take a few weeks off between my work at Microsoft and the start at Swisscom – and there was not too much room for work during that time. I really had time off…
DetailsI guess you have seen this in the meantime: Chaos Computer Club claims to have “cracked” the iPhone 5s fingerprint sensor. It has been all over the press especially because it happened within a 48 hours window of the launch. I think that there are two things to consider, when you look at all the…
DetailsThe ones who regularly read my blog know, that I am absolutely convinced that we need to change in the security industry in certain ways: We need not only to position security as a business enabler but we need to live this. The point I made numerous times was that IT is here to help…
DetailsI often get asked by customers how I see the cloud in today’s environment. Honestly, I do not see it differently than I did an year ago. If I look at security in general, I see three challenges, which shape my mind: Most investments go towards protecting the infrastructure, whereas most attacks are successful on…
DetailsYes, you are still on the right blog. Things change and one of these is my blog design (the rest I will communicate in due time).
Roger
I do not want to comment this but it is a fairly interesting article on Snowden’s Revelations, the consequences and the legal frameworks. Definitely worth spending the time: Making Sense from Snowden: What’s Significant in the NSA Surveillance Revelations Roger Related articles FAQ: 5 Things Known and Alleged About NSA surveillance (sallyannfredericktudor.wordpress.com) Snowden: UK Government…
DetailsI guess you are aware of the phone scams, when Microsoft support is calling you to tell you that you have an issue on your computer, which needs to be fixed. A Norwegian team was actually able to film that. The whole conversation with the “supporter” is in English (the rest in Norwegian) and is…
DetailsTo be clear upfront: After support for Windows XP will end, the world will still exist – at least I hope. However, over the course of the last few months I read numerous articles with speculations, what is going to happen, once we stop support of Windows XP. The key problem is, that we do…
DetailsThis morning, I was reading a very interesting article called Unique in the Crowd: The privacy bounds of human mobility. This is the abstract: We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the…
DetailsTrustworthy Computing in partnership with Microsoft IT, Microsoft Consulting and the product groups just released a series of videos on targeted attacked and how to defend.
I would definitely urge you to listen to them and make sure you implement the countermeasures: Targeted Attacks Video Series
Roger
I just read another of these studies: Enterprises sitting on security time bomb as office workers compromise company data. Let’s briefly look at the findings first: 38% of U.S. office workers admit to storing work documents on personal cloud tools and services […] almost a fifth (16 percent) of people use Dropbox to store work…
DetailsDoing your basics is a natural given, when you defend your assets. Basics like updating your computers, staying on latest versions, dynamic network zones, incident response, identity management, monitoring etc. etc. – last but not least (or probably first J) is to know your assets and have your data classified so that you understand, which…
DetailsWhen I talk with customers about the Cloud, we always talk about a few key themes: Identity: I am convinced that you need to be able to federate your identity from your on premise solutions to the cloud. You will want to control the process of decommissioning an identity and want to make sure that…
DetailsOften, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system on Common Criteria EAL 4+ – the highest level, which seems achievable for multi-purpose…
DetailsI think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define a set of hardware anymore but that the…
DetailsWell, some tablets could be but what about the productivity apps?
Roger
I just read a post on slashdot: During a recent trip to an eye doctor, I noticed that she was still using Windows XP. After I suggested that she might need to upgrade soon, she said she couldn’t because she couldn’t afford the $10,000 fee involved with the specialty medical software that has been upgraded…
DetailsWe could even talk about two-factor authentication in my opinion. The idea is, that whenever you logon from an untrusted PC, you will be asked to use a second factor (or step). In my case, which I show below, I use the Authenticator app on my phone, which is similar to an RSA SecureID. How…
Details