Roger Halbheer on Security
I just want to tell you that I will retire. Yes, sure! I just won twice in a lottery. I just have to make sure that all the taxes and insurance policies are paid… You know them as well, don’t you? The mails you get to tell you that you won in a lottery (maybe…
DetailsIf is once again one of these posts with the start like “I am just sitting in a session…â€. Actually I had some time today to visit sessions and look into some things I have never seen. We often have discussions around the future of our products and what we in the field think should…
DetailsAs you are probably used from us, we are issuing our Security Intelligence Report twice an year. It is by far the most comprehensive report across the industry. This report helps us to understand the threat landscape and will help you to do the same as we believe that the more we share this knowledge…
DetailsI did this already last year and will do it again just now: I am sitting in the keynote of TechEd EMEA and just wanted to make sure you get all the security-related (and just cool) announcements of the keynote as “real-time†as possible. In addition I am trying to give you my view on…
DetailsAs we all know, next week the new President of the United States will be elected. Behind the scenes a lot of teams are preparing the transition from President Bush to the new president. It seems now that a commission is getting ready to advise on cybersecurity for the next president. We will see how…
DetailsIt will be interesting how you see it. When I blogged on Suspended Jail for Hacking Tutorial in France, I got quite some negative feedback like “do you have nothing better to do than to go after these guysâ€, “why should it be illegal to publish such a tutorial†etc. So, where do you draw…
DetailsI am often asked about the risks of outsourcing (we often talk about processes, legal risks (e.g. Data Protection), etc.) – the list is very long. Today I read an article which touches a completely different issue: It is all about the security processes and the turnover within the outsourcing company. The story is about…
DetailsIt is as so often, autumn is the time when all the big events are happening in EMEA. This week was RSA Europe (or I think still is) and next week I am looking forward to TechEd EMEA in Barcelona. So, I worked at RSA Europe on Monday and Tuesday on the two stories with…
DetailsYou might know Jeff Jones’ work on the different vulnerability reports comparing different products and vendors. Our goal is to understand and measure our progress and see where we stand with regards to the industry. Today, Jeff release his OS Desktop vulnerability report for H1 2008, which shows to me some interesting results. One is…
DetailsOur security team just published an excellent post with a lot more details on the vulnerability we patched. You should definitely read it: http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx
Roger
This is just to inform you that we just released the announced out of band security update MS08-067. Please read the bulletin carefully and then apply the update as soon as possible
Roger
I guess you have seen this already but wanted to make sure that we are reaching you: We are planning to release an Out of Band Security Update today 10am Pacific Time (which is 18pm GMT). This update will affect all currently supported versions of Windows. Please read the official Advanced Notification in our MSRC…
DetailsI recently had the pleasure to be part of an article in World Finance called Stacked against hacks
Visit the virtual version here and go to page 60 and 61
Roger
I already blogged a few times on MSAT (the Microsoft Security Assessment Tool). We just released a new version for it, version 4. For those of you who do not know MSAT: MSAT is a free (stress: free) Risk Assessment Tool mainly targeted a Small and Medium Businesses to get a good understanding of their…
DetailsToday is the day! At Blackhat in August we announced two significant changes to our bulletin release process and today it is the first time this actually kicks in. Just to recapitulate: What did we change? We introduced the Microsoft Active Protections Program which is to me a major shift in policy. Up to now…
DetailsCool title, isn’t it? And you really read this post? Well then: We announced yesterday at PDC that we now will name the next version of Windows as we code named it: Windows 7!
So, you can read Mike Nash’s blog post about that:
Roger
As you know (at least I hope that you do) we introduced Network Access Protection with Windows Server 2008. Thomas Shinder now published an article on WindowsSecurity.com about how to implement NAP and IPSec and Domain Isolation via Group Policies. It is a first part of a very good step-by-step guide: Deploying IPsec Server and…
DetailsIt is still something, people love to blog about: User Account Control. It is one of the most discussed features in Windows Vista.
Now, our engineering team published a blog about the learnings and a few things about what we are going to do in Windows 7 based on the learnings:
http://blogs.msdn.com/e7/archive/2008/10/08/user-account-control.aspx
Roger
You probably know them: The 10 Immutable Laws of Security, we published I think around 2000 and they were often cited. They are: Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore Law #2: If a bad guy can alter the operating system…
DetailsIf you are looking into deploying Network Access Protection, have a look at the recently published Network Access Protection Design Guide   Â
Roger
