Roger Halbheer on Security
I was recently caught in a tricky problem: The clock of one of my host servers ran out of sync.. – significantly. The core problem was that my Mediacenter (which is domain integrated) started to record about 6-8 minutes too late but this is not the reason why I post. The actual reason was that…
DetailsYou might have seen several reports that MS09-008 does not protect you from the vulnerabilities. We reviewed these claims and customers who have deployed MS09-008 are protected from the four vulnerabilities. If you want to have the details, you should consult our Security Research & Defense Blog, where we posted MS09-008: DNS and WINS Server…
DetailsRecently I decided to spend some time to implement some new technologies in my environment at home. The environment itself is a mixture between test and production. If you are reading this post on www.halbheer.info/security, you are already accessing this environment. So, I host my web server, mail server etc. there, all our private mails…
DetailsWell, it is actually not “on Cybercrime†but on “Cooperation against Cybercrime†Today and tomorrow this conference takes place at the Council of Europe in Strasburg. The Council of Europe developed a convention on cybercrime, which is actually very good and helps to harmonize legislation. Unfortunately the convention is not yet ratified in a lot…
DetailsI only believe the statistics I forged myself So, once more, there is a debate on which browser is the most secure, who fixed which vulnerabilities how fast. The Secunia Report 2008 was just published and it seems that this injects once more the fire about browser security. Out Jeff Jones just posted at CIO.com…
DetailsI like that: As you probably know, I did a tour through the Gulf when we launched the Security Intelligence Report last year. One of the reasons was that we know that the Gulf has a pretty high malware infection rate. You can read this in the corresponding blog post: Security Intelligence Report v5 Live!…
DetailsI recently had a chat with Tonny Bjorn after my recent blog post and he pointed me to a solution he is using to have users running as non-admin on Windows XP and still having the ability to elevate: He uses a freeware called Sudo for Windows and seems to be fairly happy with it.…
DetailsBefore I start here: Let’s be clear that I will not say (and will never say) that if a customer was infected with Conficker he had a poorly managed network! I had a lot of discussions over the course of time about the reasons for customers being infected. We all know the attack vectors of…
DetailsDuring Conficker we realized that a lot of customers are on unsupported OSs. I would like to draw your attention to a few things: There is a webpage called Microsoft Support Lifecycle where you find all the information on the lifecycle of our products. Let me just quote two things: Through the policy, Microsoft will…
DetailsI just want to make sure you have seen it: There were some reports in the last day or two about targeted attacks on Excel. We are aware of these reports and are looking into this. In order to give you our assessment of the situation, we published Microsoft Security Advisory (968272) From what we…
DetailsA few days ago, we released the Security Compliance Management Toolkit. I think that this toolkit might definitely help you to secure your environment and monitor it against a security baseline
Security Compliance Management Toolkit Series
Roger
This is an interesting paper from Microsoft Research. Now, before you read it: This is research and be no means a commitement to develop it for IE 9.
The Multi-Principal OS Construction of the Gazelle Web Browser
Roger
Jeff Jones just started a blog series to show the impact of our Security Development Lifecycle on the updates to be deployed. It is a pretty interesting read:
Here is the February version: Feb09 Security Bulletin SDL Benefit Summary
Roger
I guess you know Get Safe Online in the meantime. They are publishing a lot of good and insightful information. Now, they collaborate with the Office of Fair Trading in the UK for a Scam Awareness Month. Again, there is a log of excellent information on the web for you to look at: Get Safe…
DetailsNot directly security related: I am often asked about the interoperability between our products and third-party products. Additionally people claim that we do not allow others to use our technology – that we lock you in. Just now I read the following news: Google just announced Google Sync, which licenses our Active Sync technology. As…
DetailsYes, Conficker is far from being over. We still see a lot of infections. Therefore we decided to publish additional guidance for Conficker:
Microsoft Conficker guidance page for IT Professionals and those focused on security in the enterprise: http://technet.microsoft.com/en-us/security/dd452420.aspx
Microsoft Conficker guidance page for consumers and home users: http://www.microsoft.com/protect/computer/viruses/worms/conficker.mspx
Roger
Jon and Steven released another blog post on UAC and explained their decision how to change things: They start with the risk of blogging: When we started the “E7†blog we were both excited and also a bit uneasy. The excitement is obvious. The unease is because at some point we knew we would mess…
DetailsI have to come back to the UAC problem again. I just read a good article from Larry Seltzer on eWeek.com: Both Sides of the Win7 UAC Problem I think it is one of the first one I read, which takes the emotions out of the discussion and tries to understand the real problem. He…
DetailsNo, sorry but this is not a tutorial
I just read this blog post on Websense which is pretty interesting: The way to a zero-day
Roger
It is always interesting how some things spin off. The claimed UAC vulnerability in Windows 7 in one of those events. There are numerous blogs which claim that they found a huge vulnerability in Windows 7. The reason for that is that you can change the settings for UAC without getting a UAC prompt. Let’s…
Details