Roger Halbheer on Security
There was and still is a lot of noise regarding the Internet Explorer vulnerability reported in Microsoft Security Advisory 979352 – including the normal discussion about which browser is most secure. A discussion I do not want to get into here but I think it is necessary to lay out the facts instead of all…
DetailsI guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution. The reason for that is that our investigations have shown that this vulnerability was one…
DetailsThe recent IE attacks have show again that the current technology built in Windows Vista and Windows 7 could at least help to mitigate the attacks. One of these technologies which could be used more broadly is Data Execution Prevention (DEP). Here is how to switch DEP on (it is fairly well hidden). First, enable…
DetailsOften when I talk to our customers and they ask me about the cloud, a lot of questions come up. Most of them are security related (obviously) but some of them are more management focused. For example the question about how to manage a hybrid environment, where part of your business is run on premise,…
DetailsA few days ago, I blogged on Tired of Web 2.0? Kill your Online Identities – an automated way to “disappear†from Web 2.0 (actually Facebook has banned the tool since…). Today, I was reading an article called Un-Google Yourself. Trust me, I am not explicitly looking for such approaches but seem to find them…
DetailsNo, this is not a joke. If you are tired of all the discussions about Web 2.0, the privacy breaches and the related problems, you can commit Web 2.0 Suicide. There is a Web 2.0 Suicide Machine – but we warned before you do it – this process seems to work and is not reversible.…
DetailsWhen the industry prepared for the Year 2000, I was working in a consulting company living good from doing reviews on Y2k-projects. Then the year 2000 came and nothing happened (besides a big party). Then year 2010 came – and the bug actually got hold of us. Initially I thought that I was reading a…
DetailsWell, in my last post I wrote about the prices for malware. Today I read the next evolution of this: The possibility to have malware tested against anti-malware tools – not to make sure malware is really recognized, no, the other way round: To make sure it is not recognized. I read this article on…
DetailsI know that Christmas is over and I know how my kids actually compile a Wish List: They take most of the ads (which are targeted to them) and glue them onto a piece of paper for Mom and Dad to make sure that everything can be found under the Christmas tree… I guess you…
DetailsWhen I tweeted last week that I am on my way to Algeria, I got quite some reactions and questions that I shall report how it was. So, let me try to briefly summarize my impressions. I was invited to speak at a conference on certification in Algiers. Well, initially I pushed back as I…
DetailsToday we were adding 17 additional markets to our Microsoft Security Essentials offering. I am really excited about that as all these markets are in EMEA: Algeria, Bahrain, Egypt, India, Jordan, Kuwait, Lebanon, Morocco, Oman, Pakistan, Qatar, Romania, Russia, Saudi Arabia, South Africa, Tunisia, and the United Arab Emirates. Additionally we added Russian an Romanian…
DetailsThis is a pretty interesting approach: During the Copenhagen conference now, United Nations Environment Programme, esa and the European Environment Agency launched a website called the Environmental Atlas of Europe. The goal of this atlas is to give examples where people, organizations or communities are already working on the climate change challenge and what they…
DetailsLast week there was quite some discussion about “successful attacks†on Bitlocker. Those discussions are often quite interesting for me as they show sometimes that people are looking for one technical solution for all the problems. Bitlocker has a clear threat model it wants to protect you from. This is mainly the loss of your…
DetailsYou know, there are people who blog late, there are people who blog very late and then there is me… I actually missed that one even though I was triggered: Mid November there was the Get Safe Online Week 2009 in the UK. Usually they do really good stuff and this is the reason I…
DetailsIt has nothing to do with security – I know but it is very, very, very cool!!!! We just released the new Bing Maps explorer! The first thing you will see is that we integrated Photosynth and Silverlight. So, no tiles anymore when loading a map. It just comes smoothly. And zooming in to photos…
DetailsOh, wow – sometimes the power of social media, the blogs and the Internet can backfire. I guess in the meantime you have seen the claims by Prevx that approx. 80 Mio of PCs are affected by the Black Screen of Death problems supposedly caused by our November Security Updates. This caused (and still causes)…
DetailsYou know that I am a big fan of Security Development Lifecycles as we run it internally to build code which is more resilient against attacks. And I recently blogged on Security – A Feature Discussion? Some Thoughts on Google’s Chrome OS as I am convinced that it is much more important to look into…
DetailsIt is not a new concept: The secure way is only secure if it is the easiest way. I have seen a lot of solutions which are extremely secure – in the eyes of the security people. However, the users find a lot of ways to circumvent the security measures because they are too complex…
DetailsThis is a nice feature – on this page http://www.microsoft.com/windowsazure/support/status/servicedashboard.aspx we show the current state of our Azure services. This is the kind of transparency (on the operations’ side) we need. There is much more needed with regards to process transparency but this is a great first step
Roger
To be clear upfront: This is not a “Microsoft versus Google†post. I cannot even judge how far Google pushed security with the Chrome OS. But the following article raised quite some questions how we look at security: Inside the Google Chrome OS security model. This article, like so many when security of an Operating…
Details