Roger Halbheer on Security
I just read an article on SANS: DigiNotar breach – the story so far. To be clear: This is not a Microsoft analysis nor any official statement from us. What we have to say is in the advisory: Microsoft Security Advisory (2607712) – Fraudulent Digital Certificates Could Allow Spoofing. It just gives an interesting overview…
DetailsA result of a study by Kasperski lab is fairly promising – even though it shows the problem being raising up the stack: For the very first time in its history, the top 10 rating of vulnerabilities includes products from just two companies: Adobe and Oracle (Java), with seven of those 10 vulnerabilities being found…
DetailsThis is a very interesting development. Encryption generally would solve a lot of problems around data sovereignty. So, encrypting the data, keeping the key and moving the data to the public cloud could basically address a lot of the risks. Today, it comes with a high price as the data which resides encrypted in the…
DetailsA very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of our…
DetailsI know, I have been fairly slow in blogging currently but I was fairly busy with a few cool projects (which I will disclose later) and – time flies if you are having fun Just a quick one: The MMPC on Facebook and Twitter The Microsoft Malware Protection Center (MMPC) officially launched its Facebook page…
DetailsYou heard about the launch of Office365 recently and I hope you read the blog post on the application of the Cloud Computing Security Considerations to the private. cloud. If not, here it is: Security Considerations in a Private Cloud To complete the series now, we released an additional paper on how these considerations can…
DetailsAs you might remember, on Match 16th Microsoft together with other industry players was successfully able to take down the Rustock botnet and thus significantly reducing the spam level. We now just published a special Intelligence Report on this botnet: Read an overview of the Win32/Rustock family of rootkit-enabled backdoor Trojans background, functionality, how it…
DetailsI am talking a lot about Cloud Security. There are a few observations I made: Even though a lot of people are talking about the Cloud, there is still not too much knowledge about it. What is a private Cloud versus a public Cloud? What is Infrastructure as a Service, Platform as a Service, Application…
DetailsBack at the times of outsourcing, there was real tension between IT and the business. Internal IT had the “comfortable†position of having a monopoly: The business used the internal IT and basically just had to pay the bill. Then times came, where the business was not satisfied anymore. That basically started with the time…
DetailsOne of the things which surprises me often, when talking to customers is, that they do not know, when certain (key) products run out of support – and therefore no security updates will be shipped. You should include the following dates in your plans: Windows XP Home: Mainstream support ended 4/14/2009 Windows XP Professional: Extended…
DetailsYou might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom†of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important as version…
DetailsThis is actually a great speech but very, very, very scary:
and the scariest part is that I never looked at it that way but he is right
Roger
Wow, I guess the reason for you clicking on the link is this statement – right? Well, “unfortunately†I cannot claim ownership of it. It was made by a Google representative during an interview in Australia: Google: Who cares where your data is? To me, the whole Cloud discussion sometimes drives into interesting directions. I…
DetailsQuite a while ago, I blogged about the File Classification Infrastructure in Windows Server 2008 R2: File Classification Infrastructure in Windows Server 2008 R2 File Classification Infrastructure:More content In my opinion, this is an interesting tool, built in to your server platform. Now, we just published a paper about how we use this File Classification…
DetailsWe often talk about consumerization of IT. The advantages are huge – and so are the risks. The key challenge is, that we increasingly started to rely on devices built for consumers to safeguard our company’s – or even worse our country’s – secrets. Consumerization is huge and makes a lot of sense from a…
DetailsThis is not surprising as I guess they are not alone: China’s Blue Army of 30 computer experts could deploy cyber warfare on foreign powers However, what really scares me is, that I expect governments to train more people than they really need – or some of them might be laid off during priority shifts…
DetailsThis is actually a great development to fight Child Porn:
Facebook adopts PhotoDNA and joins Microsoft and The National Center for Missing & Exploited Children to disrupt the proliferation of online child exploitation.
You find the information here.
Roger
Yesterday we released our Security Intelligence Report v10. A few highlights/lowlights from the Key Findings section: Industry vulnerability disclosure trends continue an overall trend of moderate declines since 2006. This trend is likely because of better development practices and quality control throughout the industry, which result in more secure software and fewer vulnerabilities. Vulnerability disclosures…
Details