Roger Halbheer on Security
Michael Howard, one of our gurus, when it comes to secure code development, wrote a dialogue on SDL and Threat Modeling called A Conversation About Threat Modeling – this is definitely a must read, even if you are not a developer
Roger
This is impressive to me: I was looking at the website of the Centers for Disease Control and Prevention and the way they use the Internet and social media to communicate about the Swine Flu. They use all the latest media like Widgets, websites for mobile browsers, buttons to add to your website, online videos,…
DetailsThis is not about piracy and not about leaks and not about… I am waiting for the new RC build as you are. I am running an intermediate build between Beta and RC and would love to upgrade all my machines (including my MediaCenter) to RC. However, I refrain from downloading it from any of…
DetailsJust a quick one. We released SP2 for Office 2007. You can download it here.
Roger
Scott held a keynote during RSA this week. Here you find the webcast (it is about 30 minutes) – definitely worth looking at:
Roger
I guess you have read it in the meantime: There are a lot of reports out there, that Finjan found a Botnet affecting 1.9 Million computers. This is really bad – obviously. The press now started to cover this and I think we are already losing a little bit of focus in the discussion. I…
DetailsJust a brief one: I wrote an article for Infosecurity which was just published in the latest version covering the economic downturn as well. It is called Time to Step Up and can be found on page 45 of the latest edition.
Roger
This is a question I often get asked: What is the impact of the economic downturn on security? I am convinced that three things will happen: Cybercrime will grow Security budgets will shrink – it is just open whether the budgets will shrink at the same pace as IT budgets or faster but I am…
DetailsYou know that I am a big fan of what we are going to deliver with our Forefront Suite in the next version code-named Stirling. You probably heard me talking about compliance (where, from a technical perspective Forefront can play an integral part) and what I call the best of need integrated platform – where…
DetailsOver the last few day we have seen a lot of coverage about new Conficker variants. Let me give you a very brief update. But before I start, let me make sure that we are clear on one thing. In the area of security, we often see coverage about somebody who heard something from the…
DetailsYou know that we release our Security Intelligence Report twice an year: Today Version 6 is due. Let me try to give you an overview of the “highlights†of the report from my point of view: As I wrote in the title and as I blogged about this summer („Scareware“ on the Raise) one if…
DetailsI basically like the blogosphere. It is a way to express an opinion without having to worry (too much) about censorship. The disadvantage is that there are people who present things as “factsâ€, which are simply wrong. This happened Thursday on ZDNet. I stumbled across an article called It’s time for Microsoft to supply ALL…
DetailsI just found this pretty clever website which bases its statement with regards to your possible Conficker infection on the information whether you are able to access certain websites:
http://www.joestewart.org/cfeyechart.html
Pretty clever
Roger
Since quite a while, when I am talking to government officials (and the private sector) I am asking for new ways of collaboration between Law Enforcement and the industry in order to fight cybercrime. We are already seeing big progress when it comes to training where the different bodies came closer together. However, there is…
DetailsWill the Internet world end on April 1st? This is at least the impression I got from reading the press in the last couple of days. It seems that some story spun off and started to develop a life of its own. What is really going to happen on April 1st? I quote the blog…
DetailsI pretty often have discussions about Patch Management with our customers. I think it is a very important discussion as I see too many customers not patching at all. However, taking the shining examples – they often look at the Microsoft product suite “onlyâ€. You might remember that I blogged about my experience with this…
DetailsI would love to know… You probably saw a lot of blog posts recently about “Conficker to strike back on April 1st†or similar. If you are interested in what is know about Conficker and April 1st, read our encyclopedia entry on Conficker.D and you should choose the “Analysis†tab there, which gives you the…
DetailsI was recently caught in a tricky problem: The clock of one of my host servers ran out of sync.. – significantly. The core problem was that my Mediacenter (which is domain integrated) started to record about 6-8 minutes too late but this is not the reason why I post. The actual reason was that…
DetailsYou might have seen several reports that MS09-008 does not protect you from the vulnerabilities. We reviewed these claims and customers who have deployed MS09-008 are protected from the four vulnerabilities. If you want to have the details, you should consult our Security Research & Defense Blog, where we posted MS09-008: DNS and WINS Server…
Details