Roger Halbheer on Security
Back at the times of outsourcing, there was real tension between IT and the business. Internal IT had the “comfortable†position of having a monopoly: The business used the internal IT and basically just had to pay the bill. Then times came, where the business was not satisfied anymore. That basically started with the time…
DetailsOne of the things which surprises me often, when talking to customers is, that they do not know, when certain (key) products run out of support – and therefore no security updates will be shipped. You should include the following dates in your plans: Windows XP Home: Mainstream support ended 4/14/2009 Windows XP Professional: Extended…
DetailsYou might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom†of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important as version…
DetailsThis is actually a great speech but very, very, very scary:
and the scariest part is that I never looked at it that way but he is right
Roger
Wow, I guess the reason for you clicking on the link is this statement – right? Well, “unfortunately†I cannot claim ownership of it. It was made by a Google representative during an interview in Australia: Google: Who cares where your data is? To me, the whole Cloud discussion sometimes drives into interesting directions. I…
DetailsQuite a while ago, I blogged about the File Classification Infrastructure in Windows Server 2008 R2: File Classification Infrastructure in Windows Server 2008 R2 File Classification Infrastructure:More content In my opinion, this is an interesting tool, built in to your server platform. Now, we just published a paper about how we use this File Classification…
DetailsWe often talk about consumerization of IT. The advantages are huge – and so are the risks. The key challenge is, that we increasingly started to rely on devices built for consumers to safeguard our company’s – or even worse our country’s – secrets. Consumerization is huge and makes a lot of sense from a…
DetailsThis is not surprising as I guess they are not alone: China’s Blue Army of 30 computer experts could deploy cyber warfare on foreign powers However, what really scares me is, that I expect governments to train more people than they really need – or some of them might be laid off during priority shifts…
DetailsThis is actually a great development to fight Child Porn:
Facebook adopts PhotoDNA and joins Microsoft and The National Center for Missing & Exploited Children to disrupt the proliferation of online child exploitation.
You find the information here.
Roger
Yesterday we released our Security Intelligence Report v10. A few highlights/lowlights from the Key Findings section: Industry vulnerability disclosure trends continue an overall trend of moderate declines since 2006. This trend is likely because of better development practices and quality control throughout the industry, which result in more secure software and fewer vulnerabilities. Vulnerability disclosures…
DetailsInternet Explorer was certified early May with a seal of “trusted softwareâ€, which is great news in my opinion. Here is the English translation of the official press bulletin: Internet Explorer 9 passed the review of TÃœV Trust IT GmbH and carries the official TÃœV seal approval from today on. Within the framework of the…
DetailsA good paper: NSA – Best Practices for Keeping Your Home Network Secure
Roger
To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being significantly compromised. This is definitely not to blame them but I was heavily…
DetailsFairly often I am asked whether the Security Guides for our products still exist. The good news is: They do. The bad news is: They are called differently The previously stand-alone Microsoft product-specific security guides are now included within the Microsoft Security Compliance Manager (SCM) tool, which I blogged about several times already (e.g. New…
DetailsGreat progress on our Cloud: Our BPOF-Federal solution has received FISMA certification and accreditation: BPOS-Federal & FISMA
Yes, we really have it for BPOS-F 
Roger
You might know the problem if you are working in consulting: You have to fill out the report, form whom you spent your time. And then you forgot to fill in the tool and all of a sudden you have a hard time figuring out where you have been. There is a revolution: iPhone solves…
DetailsActually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only one side of the equation…
DetailsThis paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed Forces Law Enforcement Judges…
DetailsAn interesting article by ISACA: Six predictions for CIOs. Here they are: Prediction 1: Cloud computing is here to stay and will become business as usual. Prediction 2: Virtualization will be a catalyst that drives IT modernization. Prediction 3: IT operations become service-centric and business value-focused, rather than process-driven and reactive. Prediction 4: Risk management…
Details