Roger Halbheer on Security
This was an interesting article on cio.com: Apple, Oracle, Google Lead Major Vendors with Software Vulnerabilities in Q1, Security Report Says – by TrendMicro. Now, these stats are always a bit a challenge: They make a really good headline but if the statistics does not include the severity of the vulnerabilities, it is hard to…
DetailsThis has nothing to do with security nor with technology – but it is worth (in my opinion) 20 minutes of your time! Recently a friend of mine told me to read Good to Great: Why Some Companies Make the Leap…And Others Don’t by Jim Collins. Well, I said kind of “yeah, yeah†but downloaded…
DetailsI know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To…
DetailsOne of the challenges customers always have is, how to select the right cloud partner and fairly often security drives this selection. The Cloud Security Alliance published the Cloud Controls Matrix quite a while ago and in addition a Consensus Assessments Initiative Questionnaire and a lot of request for information/proposal are based on this material.…
DetailsYears ago information security or cybersecurity was in the hands of specialists, which set the rules and the users had to follow – in theory. Whether the users really followed the rules, policies and recommendations is a different story but it worked that way. I rarely remember a CIO/CFO or CEO really being interested in…
DetailsCORRECTION:So far there is “only” Proof of Concept code in the wild, no real exploit. In our last update cycle we published the security bulletin MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution. Relatively soon after the release, there was a public exploit code available – we informed here: Proof-of-Concept Code available for…
DetailsSorry, I did not blog for quite a while. When looking at the Cloud, one of the key challenges to address – in my opinion – is how to manage the identity of the different users. If you have to add an additional identity to all the logons you already have, the Cloud will just…
DetailsI mean, I obviously like this article: Internet Explorer aces security test as Google faces accusations as it has a nice quote to start with: Internet Explorer 9 should be the go-to browser for organizations concerned about protecting machines from malicious downloads, according to a new study from NSS Labs: Microsoft’s browser trounced rivals Chrome,…
DetailsJust got the date confirmed: The Windows 8 Consumer Preview will be available on February 29th. I am looking forward to this next exciting step toward the final version!! Stay tuned!
Did I already tell you that you shall move off Windows XP to Windows 7 for security reasons?
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two…
DetailsI would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled…
DetailsA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards.…
DetailsThe Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies, the DSD claims that While no single strategy can…
Detailsl am still sitting in the parliament room of the Council of Europe at the celebration event for the Budapest Convention. It was another very good event advancing the challenges fighting Cybercrime. Let me try to summarize a few thoughts: The Budapest Convention is probably the best convention out there allowing a wide adoption of…
Detailslt is time again! The Council of Europe Octopus Conference on Cooperation against Cybercrime is taking place this week. This year it is even the 10th anniversary of the Budapest Convention. Therefore a broad country of legal, law enforcement and private sector organizations are discussing the current state and the future of the collaboration to…
DetailsI have to admit – it is not my title but it caught my attention. Over the course of the last few years, the term “Cyberwar†came up all over the place. I was recently reading a book on it, where there was a chapter called “Definition of Cyberwar†and I thought that finally somebody…
DetailsA few years back a customer’s CSO left the room when I said that this customer should start thinking about a scenario, where selected users bring their own devices – he called me “nutsâ€. Well, I think the smartphone area proofed me right. Basically the smartphones were the first Bring Your Own Device (BYOD) as…
DetailsAs I said in one of my recent posts Comparing Windows Phone 7 and iPhone, there are very few apps I am (and now was) missing on my Windows Phone 7 compared to what I know of the iPhone Apps. Actually the one which I was really missing was something like Peaks on the iPhone…
DetailsI tried to convince my wife that using the Windows Phone 7 to keep track of the shopping to do is a cool idea. Well, she is not there (yet). And now I saw the latest commercial…
Probably I should convince my kids, not my wife 
Roger
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking about what…
Details