Are You Focused On The Wrong Security Risks?
There are some high-level indsutry trends, which tend to be ignored by security officers. The CIO Central published an article, which I would even go further looking at the trends raised.
DetailsPhishing still very effective: 35 cards in 5 hours
I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours. They analyzed a very poorly designed phishing attack and found that: The first access to the site was on January 20 at 10:01 pm (as seen in picture). The latest registered access was on the same…
DetailsFrom the Inside: Our CISO on Cloud Security
If you evern wondered, what our CISO thinks about security in the Cloud, you should listen to him directly.
DetailsHow to Build a CERT
Often, when governments look into Critical Infrastructure Protection, they start to build a CERT (Computer Emergency Response Team) or a CSIRT (Computer Security and Incident Response Team). The questions then always comes up: How do you do that? ENISA (European Network and Information Security Agency) just published a step-by-step guide on how to do this…
DetailsConclusion on UNODC: Open Ended Expert Group on Cybercrime
I blogged about my attendence at the above mentioned UNODC meeting. This is a short summary on how I preceived the meeting.
DetailsAttacks on Application Level
As attacks are moving up the stack, PDF becomes the number 1 exploited file type. Make sure you patch all your applications
DetailsUNODC: Open Ended Expert Group on Cybercrime
From tomorrow on, UNDOC invited for an Open Ended Expert Group on Cybercrime in Vienna. I am really interested in seeing hoe these discussions will go. If – by any chance – you are there as well, please ping me and we will have a chat. Otherwise, I will see what I can blog about.…
Details
Cybercrime as a Service–Our Future?
It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud – like any other business. Some way back, there were discussions on how to leverage GPUs to crack passwords: Graphics Cards…
DetailsDilbert on Cloud Computing
The worst thing is, that there is some truth in that:
At least, this is what I see often, before I talk to customers
Roger
Exciting News from the Consumer Electronics Show in Vegas
After the launch of different products for the consumer, businesses and in the Cloud, Steve Ballmer opened CES today in Las Vegas. You should look at it. There are a few very cool announcements
Roger
Targeted Attacks: The Biggest Risk in 2011?
Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night.
BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears
I think that this is a real issue and very hard to fight!
Roger
My Blackberry Is Not Working!
That’s absolutely great and worth spending the few minutes – enjoy:
Roger
I sold my soul to Google, can I get it back?
Well, this question was not asked by me but by a guy called Joe Wilcox on Betanews: I sold my soul to Google, can I get it back?. He raises a few points I never really thought of: While the organizations all charge something, not one puts content behind a true paywall. To do so…
DetailsOn the effectiveness of DEP and ASLR
Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR. There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and…
DetailsMitigating the use of Local Admin
We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a guest blog. General Goals of Strategic…
DetailsBehind the Curtain of Second Tuesdays: Challenges in Software Security Response
You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of Second Tuesdays: Challenges in Software…
DetailsSecurity Development Lifecycle: Quick References
A quick one: An interesting download location: With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles – business decision maker, architect, developer, and tester/QA. These papers will help you address a critical…
DetailsPublishing Secret or Sensitive Information
With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not able…
Details