Roger Halbheer on Security
I guess you have seen this already but wanted to make sure that we are reaching you: We are planning to release an Out of Band Security Update today 10am Pacific Time (which is 18pm GMT). This update will affect all currently supported versions of Windows. Please read the official Advanced Notification in our MSRC…
DetailsI recently had the pleasure to be part of an article in World Finance called Stacked against hacks
Visit the virtual version here and go to page 60 and 61
Roger
I already blogged a few times on MSAT (the Microsoft Security Assessment Tool). We just released a new version for it, version 4. For those of you who do not know MSAT: MSAT is a free (stress: free) Risk Assessment Tool mainly targeted a Small and Medium Businesses to get a good understanding of their…
DetailsToday is the day! At Blackhat in August we announced two significant changes to our bulletin release process and today it is the first time this actually kicks in. Just to recapitulate: What did we change? We introduced the Microsoft Active Protections Program which is to me a major shift in policy. Up to now…
DetailsCool title, isn’t it? And you really read this post? Well then: We announced yesterday at PDC that we now will name the next version of Windows as we code named it: Windows 7!
So, you can read Mike Nash’s blog post about that:
Roger
As you know (at least I hope that you do) we introduced Network Access Protection with Windows Server 2008. Thomas Shinder now published an article on WindowsSecurity.com about how to implement NAP and IPSec and Domain Isolation via Group Policies. It is a first part of a very good step-by-step guide: Deploying IPsec Server and…
DetailsIt is still something, people love to blog about: User Account Control. It is one of the most discussed features in Windows Vista.
Now, our engineering team published a blog about the learnings and a few things about what we are going to do in Windows 7 based on the learnings:
http://blogs.msdn.com/e7/archive/2008/10/08/user-account-control.aspx
Roger
You probably know them: The 10 Immutable Laws of Security, we published I think around 2000 and they were often cited. They are: Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore Law #2: If a bad guy can alter the operating system…
DetailsIf you are looking into deploying Network Access Protection, have a look at the recently published Network Access Protection Design Guide   Â
Roger
It happens pretty often but this time it seems to be wider spread then normal as our traffic with regards to this issue is higher than usual: There is a mail circulating pretending that it is coming from Steve Lipner here at Microsoft telling you to install the attached update (see the mail below). Just…
DetailsFollowing the attacks on Estonia, they published a pretty interesting paper called Cyber Security Strategy by the Ministry of Defense in Estonia. One thing which I see again and again is that most of the people looking into such strategies conclude that strong collaboration is needed between the different players as well as across country…
DetailsSAFECode just released a new paper called Fundamental Practices for Secure Software Development. This is a collaboration of different people from different companies (SAP, EMC, Symantec, Juniper, Nokia and Microsoft). As you probably know, SAFECode is a Forum to share good practices around development of secure software. It is about learning from each other but…
DetailsThis is completely new but end of September we published the version 3 of the documentation on the Common Criteria certification for Windows XP SP2 and Windows Server 2003 R2 SP2. Read this in Tim Myer’s Blog: Version 3.0 of Windows XP and Windows Server 2003 Guidance Documentation Released
Roger
It goes on and on and on: Read this one Judge Suppresses Report on Voting Machine Security
Roger
This is really clever (sounds like Hollywood but it seems to be real): In a move that could be right out of a Hollywood movie, a brazen crook apparently used a Craigslist ad to hire a dozen unsuspecting decoys to help him make his getaway following a robbery outside a bank on Tuesday. He then…
DetailsAs usual (and probably as most of you) I started today scanning through my mails and RSS feeds for important and urgent information. By doing that, I stumbled across an article called Hackers and Nigeria vulnerability to cyber terrorism and I started to read it. As you know, I blogged several times already on the…
DetailsHonestly, if you are not living in China it might not be that urgent but read yourself: China running out of IP addresses
Roger
I just read a pretty interesting paper; you should have a look at. The interesting thing is – from my point of view – the paper is close to your End to End Trust paper we published in March. What I want to say with that is, that it seems that several forces in the…
DetailsThis is pretty remarkable from my point of view: In 2005 our Forensic team together with our Investigators obtained the identification and arrest of M. Jean-Charles S. for the illegal distribution of a hacking tutorial against MSN Hotmail and MSN Messenger users. On June 12, 2008 the Tribunal Correctionnel (criminal court in France) sentenced this…
DetailsYou might have seen my recent blogpost on the botnet on eBay. They have seen it (we touched base with them as well)– now it’s gone:
Cool!!
Roger
