A Security Comparison: Microsoft Office vs. Oracle Openoffice

Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only one side of the equation…


Achieving Compliant Data Residency and Security with Azure

We recently published an interesting paper to address a concern we hear often – Compliance with regards to data residency and security. The paper covers this: This paper provides guidance about the security, data residency, data flows, and compliance aspects of Azure. It is designed to help you ensure that your data on Microsoft Azure…


Adaptive Network Hardening in Azure Security Center

When you see security incidents “in the Cloud” they often link back to misconfigurations on the networking side: Public interfaces being open, public ports being misconfigured etc. Our customers often find it hard to really understand and control the Network Security Group’s settings. Therefore, we now released Adaptive Network Hardening in public preview. To quote:…


Additional Conficker Guidance

Yes, Conficker is far from being over. We still see a lot of infections. Therefore we decided to publish additional guidance for Conficker:

Microsoft Conficker guidance page for IT Professionals and those focused on security in the enterprise: http://technet.microsoft.com/en-us/security/dd452420.aspx

Microsoft Conficker guidance page for consumers and home users: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx


Advisory for the ASP.NET Vulnerability

We are basically asking the industry to follow a Coordinated Vulnerability Disclosure and are therefore not in favor of public vulnerability disclosure as it puts the industry unnecessarily at risk. Recently there was a vulnerability in ASP.NET publically disclosed. We released an advisory and you should look into implementing the suggested workaround: Vulnerability in ASP.NET…


Agile and cats and dogs – or why engineers and managers are different

Managers often do not understand the engineers – and engineers do not understand what drives a manager. A typical conflict, which gets worse when we enter the world of agile development methods. Control and processes lose importance, speed and therefore “gut feelings” need more focus. Günter Dück, former CTO of IBM Germany had a very…