Roger Halbheer on Security
One of the questions I often get is my position on Cyber-Terrorism. I doubt that there will be “isolated†technology-related terrorism. What we see much more is the use of high-tech during classical terrorism attacks. If you look at the recent terrorism events in Mumbai, there was some pretty interesting background on it: In order…
DetailsYou will definitely have heard that we change our Anti-Malware Strategy: We recently announced that we will stop selling Windows Live OneCare and that we will launch a quality no-cost solution code-name “Morroâ€. There was quite some coverage on that but unfortunately part of the coverage was inaccurate or simply wrong. Let me give you…
DetailsJust a quick one: We received the FIPS 140-2 certification for Bitlocker in Windows Vista SP1 and Windows Server 2008. The certificates were posted on the CMVP website on November 25th. The Security Policy Document along with the certificates can be viewed at, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1054, and http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1053
Roger
I blogged today about the worm outbreak. We are seeing an increasing number of critical support calls because of customers being infected by the worm attacking the vulnerability fixed in MS08-067. Let me be even clearer than before: The update is out now for a month and believe me: There is a reason why we…
DetailsAs we were pushing on our Out-of-Band release earlier this month we tried to make you understand that immediate deployment is needed as the vulnerability is high risk. Otherwise we would not have gone out of band… Interestingly enough, we have not seen widespread attacks since now. Earlier today now we released different pieces of…
DetailsAt the moment I am travelling through the Gulf in order to launch the Security Intelligence Report v5 with local data. During one of the discussions today, a question was raised which I was thinking about quite some while (but – honestly – do not have an answer yet): How do you manage the risks…
DetailsJust a short one: I think I had to feed that into the requirements list for our Exchange team:
Roger
We see this concept all over Europe: There are National Security Awareness Days (or how ever they are called) in a lot of European countries. During these events, the industry (from software to banking to government to …) gets together to raise awareness on the most important trends, criminals explore attacking their victims. This week…
DetailsIn my last post, I briefly touched on different features of Windows Vista, which I think are important with regards to the view on Windows XP vs. Windows Vista. Let’s take a different approach now: I recently was on a panel in Eastern Europe where I was asked, which model generates more secure software: The…
DetailsThe value of Windows Vista is often questioned. There are a lot of customers who still think that there might be nor reason to migrate to Windows Vista. I will publish two blog posts giving you some views on the security of our latest operating system. Most of the facts in here are widely known…
DetailsI am often asked by a lot of people what my view is on the social networks like Facebook and what I think about it. Well, the most important points first: I am using social networks myself as I like them to keep an eye on people I might lose otherwise. However, I am really…
DetailsI just want to tell you that I will retire. Yes, sure! I just won twice in a lottery. I just have to make sure that all the taxes and insurance policies are paid… You know them as well, don’t you? The mails you get to tell you that you won in a lottery (maybe…
DetailsIf is once again one of these posts with the start like “I am just sitting in a session…â€. Actually I had some time today to visit sessions and look into some things I have never seen. We often have discussions around the future of our products and what we in the field think should…
DetailsAs you are probably used from us, we are issuing our Security Intelligence Report twice an year. It is by far the most comprehensive report across the industry. This report helps us to understand the threat landscape and will help you to do the same as we believe that the more we share this knowledge…
DetailsI did this already last year and will do it again just now: I am sitting in the keynote of TechEd EMEA and just wanted to make sure you get all the security-related (and just cool) announcements of the keynote as “real-time†as possible. In addition I am trying to give you my view on…
DetailsAs we all know, next week the new President of the United States will be elected. Behind the scenes a lot of teams are preparing the transition from President Bush to the new president. It seems now that a commission is getting ready to advise on cybersecurity for the next president. We will see how…
DetailsIt will be interesting how you see it. When I blogged on Suspended Jail for Hacking Tutorial in France, I got quite some negative feedback like “do you have nothing better to do than to go after these guysâ€, “why should it be illegal to publish such a tutorial†etc. So, where do you draw…
DetailsI am often asked about the risks of outsourcing (we often talk about processes, legal risks (e.g. Data Protection), etc.) – the list is very long. Today I read an article which touches a completely different issue: It is all about the security processes and the turnover within the outsourcing company. The story is about…
DetailsIt is as so often, autumn is the time when all the big events are happening in EMEA. This week was RSA Europe (or I think still is) and next week I am looking forward to TechEd EMEA in Barcelona. So, I worked at RSA Europe on Monday and Tuesday on the two stories with…
DetailsYou might know Jeff Jones’ work on the different vulnerability reports comparing different products and vendors. Our goal is to understand and measure our progress and see where we stand with regards to the industry. Today, Jeff release his OS Desktop vulnerability report for H1 2008, which shows to me some interesting results. One is…
Details