Roger Halbheer on Security
I know that this is not particularly news but nevertheless it could well be that the non-developers out there have not yet seen this. During TechEd EMEA for Developers we announced several things around SDL and had some speeches. Some of them are public including interviews with people like Michael Howard: Video on the Announcements…
DetailsYou know that I rarely blog on Advisories we publish unless they are heavily critical. I just want to make sure that you have seen this. MSRC (the Microsoft Security Response Center) constantly updates this advisory with workarounds. Please take this very, very serious: Microsoft Security Advisory (961051) Details on updates by MSRC Details from…
DetailsOn January 28th the European Union is holding the Data Protection Day. To prepare for that, they are holding a competition for young people from 15 to 19 to express their views about online privacy. Here is the teaser:
Surf the net – Think privacy!
So, please spread the word!
Roger
I recently had the great opportunity to join the Europol High Tech Crime Experts Meeting 2008 in Den Haag. This is mainly a get together of the High Tech Crime leads of the EU Law Enforcement agencies and countries where they have a close relationship with (e.g. Switzerland, Norway, Canada etc). Additionally there are a…
DetailsI wanted to make you aware of a very important announcement we made earlier today. As you know, Trustworthy Computing is all about Security, Reliability and Business Practices. Our house has a fourth pillar - Privacy – which we view as extremely important, not only in terms of the way we manage our customers’ data,…
DetailsThere are a lot of reports on a Botnet building on the back of exploits targeting MS08-067: New Windows worm builds massive botnet MS08-067 Vulnerability: Botnets Reloaded Bots exploiting Microsoft’s latest RPC flaw Exploit-MS08-067 Bundled in Commercial Malware Kit Time for forced updates? Conficker botnet makes us wonder Worm Spawns Huge New Botnet … I…
DetailsI am working on a blog post on Security and Piracy looking into the data I have available. Probably it will be ready next week but what I wanted to know: Is there anybody who did some research about this already? I would appreciate if you could let me know. I will definitely share my…
DetailsWell, you saw my post earlier this week on the 1.96% of PCs being updated according to Secuina. Well, as time does, I decided to install this tool as well to look at it. I did an initial scan on my home PC and this was the outcome: Outch, this hurts my soul but shows…
DetailsWell, honestly, I am not completely clear how statistically relevant this data point is. I just read it in a secunia blog where they published figures of users of their free solution. This is data of the last few weeks and looks into the results of the first scan of the product on a PCs.…
DetailsI am more than pleased to inform you that we announced today a partnership between EMC/RSA and us. This partnership involves the integration of EMC/RSA technology into our platform. I quote from our press release: Microsoft will build the RSA® Data Loss Prevention (DLP) classification technology into the Microsoft platform and future information protection products.…
DetailsToday I was having a discussion with a religious Mac fan claiming that the only problem with security on the Internet is Windows and then I read this article on ZDNet: Despite what blogs (and Apple) say, Macs will eventually have malware In there it is referenced that the article I was quoting yesterday seems…
DetailsThis is an interesting thing: I just read this post on ZDNet. The blamed us for being the key target for viruses and they always told me that they do not have a security problem. I am convinced that there is no software product having no security vulnerabilities and Apple proved over time that they…
DetailsOne of the questions I often get is my position on Cyber-Terrorism. I doubt that there will be “isolated†technology-related terrorism. What we see much more is the use of high-tech during classical terrorism attacks. If you look at the recent terrorism events in Mumbai, there was some pretty interesting background on it: In order…
DetailsYou will definitely have heard that we change our Anti-Malware Strategy: We recently announced that we will stop selling Windows Live OneCare and that we will launch a quality no-cost solution code-name “Morroâ€. There was quite some coverage on that but unfortunately part of the coverage was inaccurate or simply wrong. Let me give you…
DetailsJust a quick one: We received the FIPS 140-2 certification for Bitlocker in Windows Vista SP1 and Windows Server 2008. The certificates were posted on the CMVP website on November 25th. The Security Policy Document along with the certificates can be viewed at, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1054, and http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1053
Roger
I blogged today about the worm outbreak. We are seeing an increasing number of critical support calls because of customers being infected by the worm attacking the vulnerability fixed in MS08-067. Let me be even clearer than before: The update is out now for a month and believe me: There is a reason why we…
DetailsAs we were pushing on our Out-of-Band release earlier this month we tried to make you understand that immediate deployment is needed as the vulnerability is high risk. Otherwise we would not have gone out of band… Interestingly enough, we have not seen widespread attacks since now. Earlier today now we released different pieces of…
DetailsAt the moment I am travelling through the Gulf in order to launch the Security Intelligence Report v5 with local data. During one of the discussions today, a question was raised which I was thinking about quite some while (but – honestly – do not have an answer yet): How do you manage the risks…
DetailsJust a short one: I think I had to feed that into the requirements list for our Exchange team:
Roger
