Roger Halbheer on Security
This is pretty remarkable from my point of view: In 2005 our Forensic team together with our Investigators obtained the identification and arrest of M. Jean-Charles S. for the illegal distribution of a hacking tutorial against MSN Hotmail and MSN Messenger users. On June 12, 2008 the Tribunal Correctionnel (criminal court in France) sentenced this…
DetailsYou might have seen my recent blogpost on the botnet on eBay. They have seen it (we touched base with them as well)– now it’s gone:
Cool!!
Roger
It is getting better over time: Now you can rent a Botnet on eBay to increase your hitrate on YouTube (By the way: Free shipping is included):
|39%3A1|66%3A2|65%3A12|240%3A1318&_trksid=p3286.c0.m14
Roger
As you might know, I blogged on e-Voting recently (Why I do not like e-Voting) and got quite some reactions. A few here but most of them privately. Most of you seem to like e-Voting. Now, think again! Look at this article here Evaluating the Security of Electronic Voting Systems. There is a video in…
DetailsThis is the kind of stuff I hate to see – definitely within Microsoft but to a similar extent within competitors. I think we have a joint mission: Make the Internet a safer (and more trustworthy) place. There was quite some noise yesterday around Google Chrome. And a lot of noise about “safer browsing” and…
DetailsI just read an article this morning on Linux servers under the Phalanx gun: A problem with people, not code. There were quite some things which made me think when I read it: There was a statement in there, which I – obviously – did not like at all: Linux may be inherently more secure…
DetailsAs you know, I am Swiss. Switzerland is known as being one of the most direct democracies in the world. It is not uncommon for us having (or being allowed) to vote every other month as there are a lot of ways to influence what our politicians and/or our government does. This makes the system…
DetailsWe have regular ConfCalls with our security support to exchange trends and issues we see. During the last one we had an interesting discussion I would like to share with you: We seem to get a hell lot of calls mainly from the consumer segment with Virus/Trojan/Spyware infections. The way they get the malware is…
DetailsAs you (hopefully) know, the release of Internet Explorer 8 is coming closer. One thing we always look at is how to make surfing more secure and more private. The IE team just launched a blog post on the InPrivate features of IE 8 which is definitely worth looking at: IE8 and Privacy
Roger
As you all know, most jurisdictions allow individuals to ask for data collected by an organization (being it a company or a governmental organization). A lot of countries have Data Protection Commissioners that look into what companies and more often governments do with regards to PII (Personal Identifiable Information). After 9/11 the United States forced…
DetailsYes, it is true: There is somebody who publically put known PINs on the Internet. I bet yours is there too: http://www.positiveatheism.org/crt/pin.htm
Roger
I just read an interesting post by Michael Howard (Security is bigger than finding and fixing bugs). He refers to a statement Google seem to have made on its development practices (Google shares its security secrets): In order to keep its products safe, Google has adopted a philosophy of ‘security as a cultural value’. The…
DetailsAre you interested to learn how Windows 7 (next version of Windows) is engineered? Are you willing to get in touch with the engineering team? Then read their blog: Engineering Windows 7
Roger
We all know that crime is global and that they are doing their best to leverage the legal shortcomings and the limitations of the cooperation between Law Enforcement agencies. There is a good article about one case in the New York Times which is definitely worth reading:
Global Trail of an Online Crime Ring
Roger
Our teams around the Microsoft Security Response Center recently launched a new blog called MSRC Ecosystem Strategy Team Blog. The blog is thought to give more insights into the work we do with the security ecosystem knowing that vulnerabilities and attacks today not “only” affect Microsoft products but very often the Internet as such –…
DetailsIf you ever heard me keynote an event you know that one of the key messages I have is, that partnerships are necessary in order to be able to protect against today’s threats. At Black Hat USA we just announced a new program called Microsoft Active Protections Program. The program is designed to give security…
DetailsAt Blackhat we announced an important change to our Security Bulletins becoming effective during the October release. One of the requests we often heard talking to our customers is, that they would like to get better information on how hard it is to exploit a vulnerability. We will introduce an Exploitability Index by October. Basically…
DetailsYes, I am back. I was on vacation and therefore did not take the time to blog.
Just briefly: IBM published a pretty good article on the latest DNS attacks. You can read it here: Responding to the DNS vulnerability and attacks
Roger
It is not really news anymore as it broke during my vacation. However, it is important from my point of view: We are a proud sponsor (and not for the first time) of the Privacy Enhancing Technology Awards, which recognizes the work of researchers in the area of Privacy Enhancing Technologies. There was a press…
DetailsAs always: It is the second Tuesday of the months and we released the Security Updates. However, this month is special from one perspective: We released an update for the DNS resolver, which is released simultaneously by a lot of DNS vendors with the same vulnerability. Here are some technical details about this vulnerability on…
Details