Yesterday we released our Security Intelligence Report v10. A few highlights/lowlights from the Key Findings section: Industry vulnerability disclosure trends continue an overall trend of moderate declines since 2006. This trend is likely because of better development practices and quality control throughout the industry, which result in more secure software and fewer vulnerabilities. Vulnerability disclosures…Details
Internet Explorer was certified early May with a seal of â€œtrusted softwareâ€, which is great news in my opinion. Here is the English translation of the official press bulletin: Internet Explorer 9 passed the review of TÃœV Trust IT GmbH and carries the official TÃœV seal approval from today on. Within the framework of the…Details
A good paper: NSA – Best Practices for Keeping Your Home Network Secure
To me, one of the benefits of moving to the Cloud is security â€“ obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sonyâ€™s game network being significantly compromised. This is definitely not to blame them but I was heavily…Details
Fairly often I am asked whether the Security Guides for our products still exist. The good news is: They do. The bad news is: They are called differently The previously stand-alone Microsoft product-specific security guides are now included within the Microsoft Security Compliance Manager (SCM) tool, which I blogged about several times already (e.g. New…Details
You might know the problem if you are working in consulting: You have to fill out the report, form whom you spent your time. And then you forgot to fill in the tool and all of a sudden you have a hard time figuring out where you have been. There is a revolution: iPhone solves…Details
Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only one side of the equation…Details
This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed Forces Law Enforcement Judges…Details
An interesting article by ISACA: Six predictions for CIOs. Here they are: Prediction 1: Cloud computing is here to stay and will become business as usual. Prediction 2: Virtualization will be a catalyst that drives IT modernization. Prediction 3: IT operations become service-centric and business value-focused, rather than process-driven and reactive. Prediction 4: Risk management…Details
This is one of the rare more private posts on this blog and this time has nothing to do with security at all. Since ages one singer was always part of my wifeâ€™s and my live: Chris de Burgh. And even if it is uncool in our kidâ€™s world, they love him and his songs…Details
On March 24th, we got the certificate for the Common Criteria certification for Windows 7 and Windows Server 2008 on EAL 4+.
Here are the certified products: http://www.commoncriteriaportal.org/products/ and here you find the certificate.
A great job by the team â€“ congratulations!
Thatâ€™s really interesting:
Impressive! Kudos to MIT
A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether we…Details
A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand how quickly you need to apply…Details
It is kind of strange: I worked with some kids on Tuesday on online safety challenges and mainly we talked about Facebook, Netlog, Twitter etc. We had a lot of very good discussions with them about how to protect your privacy Tonight we will talk to the parentâ€™s of these kids and do our best…Details
Forbes posted: The World’s Most Ethical Companies. I quote: The Ethisphere Institute, a New York City think tank, has just announced its fifth annual list of the World’s Most Ethical Companies. The selection, open to every company in every industry around the globe, gives its winners an opportunity to trumpet their do-gooding ways. It is…Details
It seems that RSA got attacked and might have lost some information. They actually took a really courageous step and went public and the Executive Chairman wrote an open letter. To quote: While at this time we are confident that the information extracted does not enable a successful direct attack on any of our RSA…Details
My manager was on the Tokyo airport, when the earthquake started. We had a chat yesterday about this â€“ he is back home in the meantime â€“ and he told me that he was very surprised that, while the phone network broke Internet still worked and he was able to call his wife immediately after…Details