Roger Halbheer on Security
You know that we release our Security Intelligence Report twice an year: Today Version 6 is due. Let me try to give you an overview of the “highlights†of the report from my point of view: As I wrote in the title and as I blogged about this summer („Scareware“ on the Raise) one if…
DetailsI basically like the blogosphere. It is a way to express an opinion without having to worry (too much) about censorship. The disadvantage is that there are people who present things as “factsâ€, which are simply wrong. This happened Thursday on ZDNet. I stumbled across an article called It’s time for Microsoft to supply ALL…
DetailsI just found this pretty clever website which bases its statement with regards to your possible Conficker infection on the information whether you are able to access certain websites:
http://www.joestewart.org/cfeyechart.html
Pretty clever
Roger
Since quite a while, when I am talking to government officials (and the private sector) I am asking for new ways of collaboration between Law Enforcement and the industry in order to fight cybercrime. We are already seeing big progress when it comes to training where the different bodies came closer together. However, there is…
DetailsWill the Internet world end on April 1st? This is at least the impression I got from reading the press in the last couple of days. It seems that some story spun off and started to develop a life of its own. What is really going to happen on April 1st? I quote the blog…
DetailsI pretty often have discussions about Patch Management with our customers. I think it is a very important discussion as I see too many customers not patching at all. However, taking the shining examples – they often look at the Microsoft product suite “onlyâ€. You might remember that I blogged about my experience with this…
DetailsI would love to know… You probably saw a lot of blog posts recently about “Conficker to strike back on April 1st†or similar. If you are interested in what is know about Conficker and April 1st, read our encyclopedia entry on Conficker.D and you should choose the “Analysis†tab there, which gives you the…
DetailsI was recently caught in a tricky problem: The clock of one of my host servers ran out of sync.. – significantly. The core problem was that my Mediacenter (which is domain integrated) started to record about 6-8 minutes too late but this is not the reason why I post. The actual reason was that…
DetailsYou might have seen several reports that MS09-008 does not protect you from the vulnerabilities. We reviewed these claims and customers who have deployed MS09-008 are protected from the four vulnerabilities. If you want to have the details, you should consult our Security Research & Defense Blog, where we posted MS09-008: DNS and WINS Server…
DetailsRecently I decided to spend some time to implement some new technologies in my environment at home. The environment itself is a mixture between test and production. If you are reading this post on www.halbheer.info/security, you are already accessing this environment. So, I host my web server, mail server etc. there, all our private mails…
DetailsWell, it is actually not “on Cybercrime†but on “Cooperation against Cybercrime†Today and tomorrow this conference takes place at the Council of Europe in Strasburg. The Council of Europe developed a convention on cybercrime, which is actually very good and helps to harmonize legislation. Unfortunately the convention is not yet ratified in a lot…
DetailsI only believe the statistics I forged myself So, once more, there is a debate on which browser is the most secure, who fixed which vulnerabilities how fast. The Secunia Report 2008 was just published and it seems that this injects once more the fire about browser security. Out Jeff Jones just posted at CIO.com…
DetailsI like that: As you probably know, I did a tour through the Gulf when we launched the Security Intelligence Report last year. One of the reasons was that we know that the Gulf has a pretty high malware infection rate. You can read this in the corresponding blog post: Security Intelligence Report v5 Live!…
DetailsI recently had a chat with Tonny Bjorn after my recent blog post and he pointed me to a solution he is using to have users running as non-admin on Windows XP and still having the ability to elevate: He uses a freeware called Sudo for Windows and seems to be fairly happy with it.…
DetailsBefore I start here: Let’s be clear that I will not say (and will never say) that if a customer was infected with Conficker he had a poorly managed network! I had a lot of discussions over the course of time about the reasons for customers being infected. We all know the attack vectors of…
DetailsDuring Conficker we realized that a lot of customers are on unsupported OSs. I would like to draw your attention to a few things: There is a webpage called Microsoft Support Lifecycle where you find all the information on the lifecycle of our products. Let me just quote two things: Through the policy, Microsoft will…
DetailsI just want to make sure you have seen it: There were some reports in the last day or two about targeted attacks on Excel. We are aware of these reports and are looking into this. In order to give you our assessment of the situation, we published Microsoft Security Advisory (968272) From what we…
DetailsA few days ago, we released the Security Compliance Management Toolkit. I think that this toolkit might definitely help you to secure your environment and monitor it against a security baseline
Security Compliance Management Toolkit Series
Roger
This is an interesting paper from Microsoft Research. Now, before you read it: This is research and be no means a commitement to develop it for IE 9.
The Multi-Principal OS Construction of the Gazelle Web Browser
Roger
