Dilbert on Cloud Computing
The worst thing is, that there is some truth in that:
At least, this is what I see often, before I talk to customers
Roger
Exciting News from the Consumer Electronics Show in Vegas
After the launch of different products for the consumer, businesses and in the Cloud, Steve Ballmer opened CES today in Las Vegas. You should look at it. There are a few very cool announcements
Roger
Targeted Attacks: The Biggest Risk in 2011?
Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night.
BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears
I think that this is a real issue and very hard to fight!
Roger
My Blackberry Is Not Working!
That’s absolutely great and worth spending the few minutes – enjoy:
Roger
I sold my soul to Google, can I get it back?
Well, this question was not asked by me but by a guy called Joe Wilcox on Betanews: I sold my soul to Google, can I get it back?. He raises a few points I never really thought of: While the organizations all charge something, not one puts content behind a true paywall. To do so…
DetailsOn the effectiveness of DEP and ASLR
Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR. There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and…
DetailsMitigating the use of Local Admin
We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a guest blog. General Goals of Strategic…
DetailsBehind the Curtain of Second Tuesdays: Challenges in Software Security Response
You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of Second Tuesdays: Challenges in Software…
DetailsSecurity Development Lifecycle: Quick References
A quick one: An interesting download location: With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the perspective of multiple business roles – business decision maker, architect, developer, and tester/QA. These papers will help you address a critical…
DetailsPublishing Secret or Sensitive Information
With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not able…
DetailsThe Cloud is Also Green
Yes, not only gray Seriously, we commissioned a study to see what the impact of cloud computing is not only to efficiency but the the environment. Can you save CO2 by moving to the cloud? I think something, we do not look at often enough. As pictures say more than 1000 words, here you see…
DetailsInformation Security Management System for Microsoft Cloud Infrastructure
Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Information Security Management System program for Microsoft’s Cloud Infrastructure, as well as some of the processes and benefits realized from operating this model.…
DetailsNew Baselines for the Security Compliance Manager
There were just new resources released for the Security Compliance Manager: the Windows Server 2008 R2 Security Baseline and the Office 2010 Security Baseline, and setting packs for Windows 7 and Internet Explorer 8. This packs help you to manage your security and compliance. The Security Compliance Manager works with the Microsoft Assessment and Planning…
DetailsBasic Malware Protection for Free?
It is kind of strange, whenever I talk to governments and customers, everybody seems to agree that basic malware protection should be for free or even integrated into the OS. I am talking about malware, which is “installed†by the user as well… However, it seems that not everybody is happy… Security firms blast Microsoft…
DetailsFixing Risk Management
Since quite a while I am not satisfied with the way we (in the industry) are doing risk management. In my early days, before I was actually entering the security space, I was doing project management and as part of it risk management. The way we did it was fairly simple (as probably most of…
DetailsThe Value of Government Clouds
We recently released a paper called The Economics of Cloud Computing for the EU Public Sector, which is actually valid for every other European country as well as it is not too narrowly focused on the EU only. Additionally there is a US-version of the paper as well.
Now, Gartner commented on it as well with “Microsoft offers a refreshing perspective on government clouds”.
Turkey signed Cybercrime Convention
We are huge supporter of the Convention on Cybercrime by the Council of Europe. The reason for this is that we are convinced that there is a need of a certain level of harmonization across the Globe regarding cybercrime laws. Today I learned, that Turkey signed the convention yesterday. This is a great achievement and…
DetailsHotmail now with full-session SSL
If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that:
Hotmail security improves with full-session HTTPS encryption
Roger
ISF Congress in Monte Carlo–let’s meet
I will be at the ISF Congress in Monte Carlo from tomorrow on. If you are there as well and want to meet, drop me a mail
It is actually the first event since a long time I am just going to participate, not to hold any speeches 
Roger