Roger Halbheer on Security
If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way…
DetailsThe Enhanced Mitigation Experience Toolkit is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going…
DetailsI know, that’s the second time now I am doing this comparison thingy and I promise that I will stop again and deliver you a cool tool as the next post but I read this article: Why I’ve finally had it with my Linux server and I’m moving back to Windows – be sure that…
DetailsWell, I have to admit – I am biased. I never used an iPhone in my life and based on my experience with my iPod, I hope I never have to, but who knows. I really do not like the UI which – to me – is everything but user friendly and the worst thing…
DetailsA lot of countries are currently looking at their capabilities to defend their networks as well as leveraging technology for offense doing “Cyberwarfareâ€. Let’s now not debate where this starts or ends… Pakistan is another example: Pakistan to open cyber warfare school I can understand where governments and militaries are coming from but this deeply…
DetailsA few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset. It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response.…
DetailsThis is actually an interesting approach: VeriSign Proposes Takedown Procedures and Malware Scanning for .Com. This leads to the discussion I have so often: What is more important? The single website or the greater good? Now, do not get me wrong: I see the risks of VeriSign taking down microsoft.com because a blog hosted there…
DetailsIt is not that rare for Law Enforcement that they use software to spy in the case of severe accusations like terrorism. What is kind of surprising is the level of sophistication some of these Trojans seem to have – and not necessarily to the good side. The German Chaos Computer Club analyzed the Trojan…
DetailsInteresting: Microsoft takes the Android profit, the Wonkas take the pain I quote: Yet Android costs Google billions, without drawing revenue. Microsoft is making half a billion a year from Android. The settlement with Oracle, when it eventually comes, will add even more costs to working with Android – for anyone who dabbled with it.…
DetailsAlways something new… As these kinds of codes are mainly used on mobile phones (or only used on mobile phones) the malware actually addresses smartphones “only†– in this case Android: Hackers using QR codes to push Android malware. If you use a code such as this (source: ZDnet Article referenced): You will be redirected…
DetailsOur Digital Crimes Unit just took down another one: After Rustock and Waladec, now comes Kelihos.
This is another great success in fighting criminals. If you want to read more: Microsoft Neutralizes Kelihos Botnet, Names Defendant in Case
Roger
Sorry but you do not get a date (I do not have one either). I was just reading an article on Bink.ru with a nice representation of the Windows timeline 
Roger
Over the course of the last few years we have seen some countries having constantly low infection rates. So, our team in Trustworthy Computing started to ask the question why this is the case. The countries are Austria, Finland, Germany and Japan. I think it is worth y look at them: Part 1: Introduction to…
DetailsWe have our Financial Year closing in end of June. This means, it is Performance Review Time at Microsoft and it is by far not that bad. But I love Dilbert:
We have seen some of the attacks recently, where people started to attack either the locks or the technology/software in the car itself controlling the chassis etc. On DarkReading I was just reading this article: Car Systems Reminiscent of Early PCs One of the things I do not get with cars is the way they…
DetailsAnd interesting development tonight: Based on what happened with DigiNotar recently (especially with the false certificates for *.google.com), the Dutch government decided to have an official statement and in there to take over operations of the CA. The official statement (in Dutch) can be found here. The key problem is that the certs were used…
DetailsI just read an article on SANS: DigiNotar breach – the story so far. To be clear: This is not a Microsoft analysis nor any official statement from us. What we have to say is in the advisory: Microsoft Security Advisory (2607712) – Fraudulent Digital Certificates Could Allow Spoofing. It just gives an interesting overview…
DetailsA result of a study by Kasperski lab is fairly promising – even though it shows the problem being raising up the stack: For the very first time in its history, the top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found…
DetailsThis is a very interesting development. Encryption generally would solve a lot of problems around data sovereignty. So, encrypting the data, keeping the key and moving the data to the public cloud could basically address a lot of the risks. Today, it comes with a high price as the data which resides encrypted in the…
Details
