BPOS-Federal got FISMA Certification
Great progress on our Cloud: Our BPOF-Federal solution has received FISMA certification and accreditation: BPOS-Federal & FISMA
Yes, we really have it for BPOS-F 
Roger
iPhone saves you the trouble of reporting your working time
You might know the problem if you are working in consulting: You have to fill out the report, form whom you spent your time. And then you forgot to fill in the tool and all of a sudden you have a hard time figuring out where you have been. There is a revolution: iPhone solves…
DetailsA Security Comparison: Microsoft Office vs. Oracle Openoffice
Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only one side of the equation…
DetailsCyber Security: The Road Ahead
This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed Forces Law Enforcement Judges…
DetailsSix predictions for CIOs
An interesting article by ISACA: Six predictions for CIOs. Here they are: Prediction 1: Cloud computing is here to stay and will become business as usual. Prediction 2: Virtualization will be a catalyst that drives IT modernization. Prediction 3: IT operations become service-centric and business value-focused, rather than process-driven and reactive. Prediction 4: Risk management…
DetailsChris de Burgh: People of the World Stand Up for Freedom
This is one of the rare more private posts on this blog and this time has nothing to do with security at all. Since ages one singer was always part of my wife’s and my live: Chris de Burgh. And even if it is uncool in our kid’s world, they love him and his songs…
DetailsWindows 7 and Windows Server 2008 R2 CC EAL4+ Certified
On March 24th, we got the certificate for the Common Criteria certification for Windows 7 and Windows Server 2008 on EAL 4+.
Here are the certified products: http://www.commoncriteriaportal.org/products/ and here you find the certificate.
A great job by the team – congratulations!
Roger
Mutual Authentication in Real Life–Launching a Nuclear Missile…
A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether we…
DetailsMicrosoft Security Update Guide, Second Edition
A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand how quickly you need to apply…
DetailsShould you Accept Your Parent’s Facebook Friend Request?
It is kind of strange: I worked with some kids on Tuesday on online safety challenges and mainly we talked about Facebook, Netlog, Twitter etc. We had a lot of very good discussions with them about how to protect your privacy Tonight we will talk to the parent’s of these kids and do our best…
DetailsEthisphere Institute: Microsoft amongst the world’s most ethical companies
Forbes posted: The World’s Most Ethical Companies. I quote: The Ethisphere Institute, a New York City think tank, has just announced its fifth annual list of the World’s Most Ethical Companies. The selection, open to every company in every industry around the globe, gives its winners an opportunity to trumpet their do-gooding ways. It is…
DetailsSecurity in IE9
You know that we are trying to get rid of outdated versions of IE like IE6: IE6 Countdown–Migrate to IE8 (or IE9) – as we released IE9 to the web, it is not about moving to IE8 or IE9 but moving to Internet Explorer 9. If you want to know more about IE9 security, here…
DetailsEffectiveness of SecureID reduced?
It seems that RSA got attacked and might have lost some information. They actually took a really courageous step and went public and the Executive Chairman wrote an open letter. To quote: While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA…
DetailsInternet Surprisingly Stable in Japan
My manager was on the Tokyo airport, when the earthquake started. We had a chat yesterday about this – he is back home in the meantime – and he told me that he was very surprised that, while the phone network broke Internet still worked and he was able to call his wife immediately after…
DetailsFraud via Phone on the Raise
FTC released their Consumer Sentinel Network Data Book for January – December 2010. The interesting and scary thing is that fraud via phone is on the raise. We get more and more complaints by customers as well, telling us that they got a call from “Microsoft†with the ask for getting access to the PC…
DetailsIE6 Countdown–Migrate to IE8 (or IE9)
10 years ago a browser was born. Its name was Internet Explorer 6. Now that we’re in 2011, in an era of modern web standards, it’s time to say goodbye. We all know that Internet Explorer is outdated and that you should move away from it to a newer browser immediately. For security, safety as…
Details10 Tough Botnet Questions
Botnets are one of the toughest problems in the world of Cybercrime today. At least, this is what we think… ENISA just published an interesting paper called Botnets: 10 Tough Questions, which raise questions about e.g. the size of botnets or better the way the size is estimated etc. Basically the 10 questions are: HOW…
DetailsUpgrading from Windows 1 to Windows 7
You might have seen this experiment but it is absolutely astonishing. A guy called Andy from Scotland tested the upgrade path from Windows 1 through to Windows 7. 10 minutes worth investing if you want to get some nostalgic feelings: Here is the original blog post: Chain of fools : Upgrading through every version of…
DetailsIs Remote-Application-Removal Acceptable?
I just read this article on Google pulling 50 applications from their Android marketplace (Google uses remote delete to remove Android apps from smartphones – Update). A very good decision as these apps leverage an exploit to access user data. However, what made me think is that they removed the applications from the devices. This…
Details