Roger Halbheer on Security
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled…
DetailsA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards.…
DetailsThe Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies, the DSD claims that While no single strategy can…
Detailsl am still sitting in the parliament room of the Council of Europe at the celebration event for the Budapest Convention. It was another very good event advancing the challenges fighting Cybercrime. Let me try to summarize a few thoughts: The Budapest Convention is probably the best convention out there allowing a wide adoption of…
Detailslt is time again! The Council of Europe Octopus Conference on Cooperation against Cybercrime is taking place this week. This year it is even the 10th anniversary of the Budapest Convention. Therefore a broad country of legal, law enforcement and private sector organizations are discussing the current state and the future of the collaboration to…
DetailsI have to admit – it is not my title but it caught my attention. Over the course of the last few years, the term “Cyberwar†came up all over the place. I was recently reading a book on it, where there was a chapter called “Definition of Cyberwar†and I thought that finally somebody…
DetailsA few years back a customer’s CSO left the room when I said that this customer should start thinking about a scenario, where selected users bring their own devices – he called me “nutsâ€. Well, I think the smartphone area proofed me right. Basically the smartphones were the first Bring Your Own Device (BYOD) as…
DetailsAs I said in one of my recent posts Comparing Windows Phone 7 and iPhone, there are very few apps I am (and now was) missing on my Windows Phone 7 compared to what I know of the iPhone Apps. Actually the one which I was really missing was something like Peaks on the iPhone…
DetailsI tried to convince my wife that using the Windows Phone 7 to keep track of the shopping to do is a cool idea. Well, she is not there (yet). And now I saw the latest commercial…
Probably I should convince my kids, not my wife 
Roger
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking about what…
DetailsIf you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way…
DetailsThe Enhanced Mitigation Experience Toolkit is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going…
DetailsI know, that’s the second time now I am doing this comparison thingy and I promise that I will stop again and deliver you a cool tool as the next post but I read this article: Why I’ve finally had it with my Linux server and I’m moving back to Windows – be sure that…
DetailsWell, I have to admit – I am biased. I never used an iPhone in my life and based on my experience with my iPod, I hope I never have to, but who knows. I really do not like the UI which – to me – is everything but user friendly and the worst thing…
DetailsA lot of countries are currently looking at their capabilities to defend their networks as well as leveraging technology for offense doing “Cyberwarfareâ€. Let’s now not debate where this starts or ends… Pakistan is another example: Pakistan to open cyber warfare school I can understand where governments and militaries are coming from but this deeply…
DetailsA few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset. It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response.…
DetailsThis is actually an interesting approach: VeriSign Proposes Takedown Procedures and Malware Scanning for .Com. This leads to the discussion I have so often: What is more important? The single website or the greater good? Now, do not get me wrong: I see the risks of VeriSign taking down microsoft.com because a blog hosted there…
DetailsIt is not that rare for Law Enforcement that they use software to spy in the case of severe accusations like terrorism. What is kind of surprising is the level of sophistication some of these Trojans seem to have – and not necessarily to the good side. The German Chaos Computer Club analyzed the Trojan…
DetailsInteresting: Microsoft takes the Android profit, the Wonkas take the pain I quote: Yet Android costs Google billions, without drawing revenue. Microsoft is making half a billion a year from Android. The settlement with Oracle, when it eventually comes, will add even more costs to working with Android – for anyone who dabbled with it.…
DetailsAlways something new… As these kinds of codes are mainly used on mobile phones (or only used on mobile phones) the malware actually addresses smartphones “only†– in this case Android: Hackers using QR codes to push Android malware. If you use a code such as this (source: ZDnet Article referenced): You will be redirected…
Details