Roger Halbheer on Security
I really love reading Kim Cameron’s Identity Weblog. Fairly often it is thought provoking… He recently wrote about his experience with the new iPhone privacy policy: Apple giving out your iPhone fingerprints and location. He was one (probably of the very few) reading the privacy policy and found the following statement: Collection and Use of…
DetailsI think I told the story thousands of time and everybody knows it but I will do it the 1001st time now . When I joined Microsoft and became what is the Chief Security Advisor for Switzerland today, we had an airlift for Windows Server 2003. The Product Manager in Switzerland asked me to keynote…
DetailsSteve Ballmer was once asked by a journalist whether and why he allows blogging by Microsoft employees, without any approval process. His answer was that he lets Microsoft employees talk to customers without approval process as well (at least that’s the story which was told ). You know that I am a big fan of…
DetailsSometimes I wonder whether I am too paranoid. I just got a call, which went like that: Caller: “Hello, we are doing a health insurance survey and have just three questions for you, would you mind to join in? Just 20 seconds. We do it for Health Insurance statistics.†Me: Was in a very good…
DetailsIt is an interesting and difficult question. What can we do to really be able to stay on top? Or shall we give up? Well, clearly, I do not think so. I read this article today, which really made me think: Black Hats are Winning, Symantec Says – wow! A fairly clear statement. We lost…
DetailsI am convinced that there are workloads that can and should be moved to the Cloud: For security reasons as well as for economical reasons. E-Mail might well be the first one of them.
There is a good post on that: Editor’s Note: Email, the Lowest-Hanging Fruit of the Cloud
Roger
I blogged often about it: Blocking certain websites today can fire back in different ways. The CIO published an article called Workarounds: 5 Ways Employees Try to Access Restricted Sites – and they say: “Some workarounds can be dangerous because they might create a channel that data can flow out through that is not managed…
DetailsIf you do not know this blog, it is definitely worth looking at it from time to time: Paleo-Future. There I found a prediction on cybercrime dated 1981: It describes the impact of computers in the “future†– say today. If you click on the picture, you can see the original. There is a good…
DetailsThis month it is pretty important to read the Security Research and Defense blog post: Assessing the risk of the August security updates
It might help you to get an overview on the biggest release ever
Roger
I just read this article E-crime unit arrests suspected phishing gang, which shows that we are making progress in fighting cybercrime. Very good news
Roger
You know my opinion on collaboration between countries, on public-private-partnerships as well as on collaboration between companies. Since quite a while we run a program called MAPP – the Microsoft Active Protections Program, where we share vulnerability information with security vendors to help them to get signatures out to our joint customers the moment we…
DetailsThis is always a fairly emotional theme. What is better to protect the ecosystem? Public or private disclosure? Should somebody paying for vulnerabilities or not? Is a vulnerability auction ethical or not? I know that there are numerous views on that and I do not want to debate them here and now. What I just…
DetailsAfter my overall announcement that we grow the community in Off to See the World, and Stuart Aston joining as the CSA in the UK, it is a great pleasure to see Magnus Lindkvist coming back. Magnus was the CSA in Sweden a few years back and accepted the offer now to come back and…
DetailsAs you have seen in my post Off to see the World, we are hiring Chief Security Advisors all over the place. The first one was announced last week: Stuart Aston was announced to take over the Chief Security Advisor in the UK.
Have a good start!
Roger
And everybody tells me how secure they are….. So,according to this article Secunia: Apple makes the most vulnerable software in the market today, apple hast most vulns, then Oracle and then us (and then the rest). And you know, the interesting thing is that the comparison is not “apples with apples†as we tend to…
DetailsEven though it might be obvious, compliance is not only about protecting data but identities as well – and more. Jon Collins, Freeform Dynamics, whom I value high, wrote a good article: Doing the right thing on ID management isn’t enough… – you should read it!
Roger
The Department of Homeland Security published a report on A Roadmap for Cybersecurity Research, I was definitely impressed! All the themes, which are important to me are in their list : Scalable trustworthy systems (including system architectures and requisite development methodology) Enterprise-level metrics (including measures of overall system trustworthiness) System evaluation life cycle (including approaches…
DetailsYou know that I am not a big fan of blocking social networks within enterprises for different reasons. I just read an article on this subject based on a study by Trend Micro. One of the conclusions in the article is: Trying to just prevent users accessing social networks from work could potentially increase the…
DetailsI just wanted to remind you: The support for Windows XP SP2 ends today. I hope that this does not catch you by surprise. If you need all the information about which kind of support ends when for which product, please consult out Lifecycle page. If you have a Premier Support contract with us, your…
DetailsIf you follow my blog you saw recently that there are two themes constantly popping up: One is everything about a government’s Cybersecurity Agenda (or the lack thereof) and the second one is the Cloud. Let me briefly line them out: When I talk to governments I often feel that there is a lack of…
Details