Roger Halbheer on Security
Henk van Roest, our EMEA Security Program Manager is running a pretty successful internal blog. Before summer vacation he started a series called “Why it pays to be secure†which I think has some great information in it. I asked him then to go public with it but he told me that he is not…
DetailsNSSLabs just recently published a study on browser security with regards to Phising and Malware protection, which we comissioned. To take it upfront: The whole methodology is transperent and therefore rather than challenging the results, let’s learn from them how we can improve. As I do not want to take the joy away for you…
DetailsI just stumbled across an interesting blog post named Legal Implications of Cloud Computing. I am not a lawyer and therefore unable to judge the details but overall it gives a good view of the risks and challenges.
Roger
I have to admit: When I first learned about Windows 7 XP Mode I was quite surprised. How can we actually ship an XP Virtual Machine with Windows 7? Well, then I started to think (no, it did not hurt too much )… But before I share my findings with you, let me tell you…
DetailsThat’s new: We have Windows Server 2008 Hyper-V Common Criteria EAL 4+ certified. The new thing is that we certified it in Germany by the BSI (Bundesamt für Sicherheit in der Informationstechnik). You can find the report here: https://www.bsi.bund.de/cae/servlet/contentblob/612768/publicationFile/35487/0570a_pdf.pdf
Roger
Not really serious – just fun (or isn’t it??):
Roger
I know that these news are not new but I was away when we announced it and to me it is important enough to take it up afterwards. Over the last few months we worked on a document explaining everything which is going on around an Update Tuesday. So, what is an Advanced Notification, what…
DetailsI guess you remember the day back in 2003: I was actually on vacation when I was called in back to the Microsoft offices as we had some strange things going on… It was the day of the Blaster breakout. The first time I personally had to deal with a very severe incident here at…
DetailsAs you might have read, I recently blogged about my infrastructure and the future of a platform towards a better management of compliance. I wrote about Deploying PKI Time Sync on Virtual DCs Patch Management, a key step towards compliance! Especially the Time Sync post was more about a technical challenge rather than a high-level…
DetailsThis has absolutely nothing to do with security but is a lot of fun: A few years ago, I read an article about Geocaching. Basically, this is a treasure hunt using GPS. Wikipedia describes it like that: Geocaching is similar to the 150-year-old game letterboxing, which uses clues and references to landmarks embedded in stories.…
DetailsI saw a lot of chatter on blogs and Twitter about Windows 7 E (the European edition without Internet Explorer). On July 24th, we published a new proposal on that. Read our statement yourself: Microsoft Proposal to European Commission
Roger
It is pretty typical – these things often happen, when I have a really bad Internet connection ;-). However, I am back home and the connection is kind of better now… I guess you have seen and heard about the two out of band updates we shipped yesterday. They are kind of special and I…
DetailsA few months ago, I already had some discussions with Eugene Kaspersky during an event of the Council of Europe on Cybercrime, how to address cybercrime on the Internet. At the moment, I am at a very, very slot connection and just got, what I saw on my RSS feed enclosure and could not verify…
DetailsWell, as I am not really working, just a quick one: http://isc.sans.org/diary.html?storyid=6787&rss
Roger
The day before yesterday we opened the Windows 7 and Internet Explorer 8 Security Baselines Beta and would look forward to getting your feedback and comment. So, sign up for it if you are interested: Sign-Up Now for the New Windows 7 and Internet Explorer 8 Security Baselines Beta Opening July 13th!
Roger
As you know, I am a big fan of the concepts behind Network Access Protection as it allows to dynamically define zones on you network. We just published a whitepaper called Manage Network Access Protection at Microsoft: Network Access Protection (NAP) is a powerful new Windows Server 2008 feature that can help protect networks from…
DetailsJust some fun before I leave for vacation: http://www.youtube.com/watch?v=VUawhjxLS2I
BTW: Office 2010 really rocks – I am running the Technical Preview since quite a while now…
Have a good summer
Roger
This is “real†hard-core security. If the ATM feels that it is tempered with, it releases pepper spray. It is kind of a “self-defense†mechanism. I just hope it never thinks that I am tempering with the machine when I just want to get money…
Roger
I often see a lot of discussions on Information Warfare. Today I just stumbled across a paper published by RAND called Strategic Information Warfare – A New Face of War – from my first impression definitely worth reading
Roger
I often get asked about Distributed Denial of Service (DDoS) attacks, how it works and what role we can play to prevent them. So, let me start with the first part of it: Our Security Intelligence Report version 5 talked about the underground economy and actually explained what is happening before a DDoS takes place.…
Details