Roger Halbheer on Security
I was recently pinged by a customer asking for the “real†version of this game. It was distributed at RSA in the US and I do not have any anymore – but you can still print it yourself. So, if you want to introduce SDL or if you introduced it already and want to re-enforce…
DetailsOn February 24th we announced the work we did on taking down Waledac – read Tim Cranton’s blog post called Cracking Down on Botnets. Now it is time to look back and try to understand what we learned so far. sudosecure traces the Waledac infections and give a good view of new infections by the…
DetailsWell, you know, fairly often when I look at showcases I am a little bit disappointed I have to admit. Mainly because the technology which is shown is really cool and I would love to leverage it – just it works in the US only. Or better, it works across the globe but the data…
DetailsYou know that I am not a big fan of the requirement for having all Internet users authenticate strongly. There are people in the security arena who think that this is the only way to fight cybercrime – and in parallel accept that they would kill freedom of speech. I recently had a good discussion…
DetailsI was reading two BBC articles this morning. Wow, this is scary, isn’t it? Look at the pictures below: I do not think that I would have seen that… It even has an integrated camera which is switched on, when you move the card in. That’s the original article: Would You Have Spotted the Fraud?…
DetailsIf you are running a blog, you might most probably use one of the websites which show where your user come from – no? Like Clustrmaps, which I used for a few years. Then I found a new one, which I like much more as it gives me more information. If is called WorldMaps and…
DetailsThere is a project called the web hacking incident database (WHID), which collects data and statistics on web-application related security incidents. I was just looking into their report called The Web Hacking Incident Database 2009 which has some pretty interesting statistics in. In order to judge the results and statistics of this database, we have…
DetailsTonight I got this article forwarded to me: Afraid of outside cloud attacks? You’re missing the real threat. David Linthicum (the author) claimed that if you are looking at the hackers attacking “your†cloud from the outside, you are missing the real problem as the insider threat is still bigger. When I read the article,…
DetailsI was looking at some research done by Forrester which could be interesting for you as well. They try to lay out the landscape with regards to data protection for you and it looks fairly compelling. So if you are interested in the situation of the different Privacy laws across the globe and how Forrester…
DetailsTo start with: I am an engineer not a lawyer – and this might be part of the problem… When I started to think about the Cloud and security and thought about all the work I do with Law Enforcement and the challenges they face. Additionally, I started to think about the legal challenges we…
DetailsI often talk about how we learned to engineer security into the products and the results prove that we are on the right track. One of the challenges we always have is how to help the ecosystem to improve as well. One of the ways is to communicate through our website. Not, that this is…
DetailsOur EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use. So far, in the first 4 chapters, we have addressed the usual excuses for not Managing Your…
DetailsIf you are a regular reader of my blog, you might have been surprise today – but yes, it is still my blog 🙂 From time to time I am looking into different ways of doing things. I ran my blog until now on SharePoint 2007 and an extension I found on Codeplex, which is…
DetailsIt is so old: Software telling you that you are infected and that you have to install this latest security software immediately. You can bet that this then installs malware on your PC instead of cleaning it. We mentioned this problem already in the first chapters of our Security Intelligence Report v7. And it was…
DetailsAs it happens: I have been skiing last week (the weather was gorgeous) and now I am back (unfortunately) and confronted with the next Internet Explorer 0Day vulnerability, which already causes noise – in my opinion too much for the real technical problem. If you read the blog post of the Microsoft Security Response Center…
DetailsAs you all know, I have two main pet themes: Risk Management and Compliance Management as I see very often that there is room for improvement when it comes to such processes within our customers. Internally, we often think about how we can make it easier for our customers to manage compliance in their networks.…
DetailsI just worked my way through the list SANS published. Looking at the list it is not surprising but scary to see which errors made it to the top of the list: Cross-site Scripting SQL Injection Classic Buffer Overflow Cross-Site Request Forgery Improper Access Control It shows as we often say that the attacks moved…
DetailsI read this article this morning: Safer Internet Day: How children can undermine corporate security and it actually reminds me of all the PCs I looked at in my private environment. When I see a heavily infected PC, the parents always keep telling me that the Peer-to-Peer network software on the PC was installed by…
DetailsWhen I travel through Africa, the high piracy rate is often something we address. Not necessarily from a commercial perspective but much more from a security angle. We know that pirated software is often infected with malware and therefore used for criminal activities. However, the discussion is a difficult one as a lot of people…
DetailsWhen I talk to customers, the different attacks are often something we discuss (obviously). I often mention that Virus and Worm attacks on a broad scale (like Conficker etc.) are a serious problem but at least one we see, one we understand and one we can fight (because we see and understand it). However, my…
Details