Roger Halbheer on Security
You probably know them: The 10 Immutable Laws of Security, we published I think around 2000 and they were often cited. They are: Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore Law #2: If a bad guy can alter the operating system…
DetailsIf you are looking into deploying Network Access Protection, have a look at the recently published Network Access Protection Design Guide   Â
Roger
It happens pretty often but this time it seems to be wider spread then normal as our traffic with regards to this issue is higher than usual: There is a mail circulating pretending that it is coming from Steve Lipner here at Microsoft telling you to install the attached update (see the mail below). Just…
DetailsFollowing the attacks on Estonia, they published a pretty interesting paper called Cyber Security Strategy by the Ministry of Defense in Estonia. One thing which I see again and again is that most of the people looking into such strategies conclude that strong collaboration is needed between the different players as well as across country…
DetailsSAFECode just released a new paper called Fundamental Practices for Secure Software Development. This is a collaboration of different people from different companies (SAP, EMC, Symantec, Juniper, Nokia and Microsoft). As you probably know, SAFECode is a Forum to share good practices around development of secure software. It is about learning from each other but…
DetailsThis is completely new but end of September we published the version 3 of the documentation on the Common Criteria certification for Windows XP SP2 and Windows Server 2003 R2 SP2. Read this in Tim Myer’s Blog: Version 3.0 of Windows XP and Windows Server 2003 Guidance Documentation Released
Roger
It goes on and on and on: Read this one Judge Suppresses Report on Voting Machine Security
Roger
This is really clever (sounds like Hollywood but it seems to be real): In a move that could be right out of a Hollywood movie, a brazen crook apparently used a Craigslist ad to hire a dozen unsuspecting decoys to help him make his getaway following a robbery outside a bank on Tuesday. He then…
DetailsAs usual (and probably as most of you) I started today scanning through my mails and RSS feeds for important and urgent information. By doing that, I stumbled across an article called Hackers and Nigeria vulnerability to cyber terrorism and I started to read it. As you know, I blogged several times already on the…
DetailsHonestly, if you are not living in China it might not be that urgent but read yourself: China running out of IP addresses
Roger
I just read a pretty interesting paper; you should have a look at. The interesting thing is – from my point of view – the paper is close to your End to End Trust paper we published in March. What I want to say with that is, that it seems that several forces in the…
DetailsThis is pretty remarkable from my point of view: In 2005 our Forensic team together with our Investigators obtained the identification and arrest of M. Jean-Charles S. for the illegal distribution of a hacking tutorial against MSN Hotmail and MSN Messenger users. On June 12, 2008 the Tribunal Correctionnel (criminal court in France) sentenced this…
DetailsYou might have seen my recent blogpost on the botnet on eBay. They have seen it (we touched base with them as well)– now it’s gone:
Cool!!
Roger
It is getting better over time: Now you can rent a Botnet on eBay to increase your hitrate on YouTube (By the way: Free shipping is included):
|39%3A1|66%3A2|65%3A12|240%3A1318&_trksid=p3286.c0.m14
Roger
As you might know, I blogged on e-Voting recently (Why I do not like e-Voting) and got quite some reactions. A few here but most of them privately. Most of you seem to like e-Voting. Now, think again! Look at this article here Evaluating the Security of Electronic Voting Systems. There is a video in…
DetailsThis is the kind of stuff I hate to see – definitely within Microsoft but to a similar extent within competitors. I think we have a joint mission: Make the Internet a safer (and more trustworthy) place. There was quite some noise yesterday around Google Chrome. And a lot of noise about “safer browsing” and…
DetailsI just read an article this morning on Linux servers under the Phalanx gun: A problem with people, not code. There were quite some things which made me think when I read it: There was a statement in there, which I – obviously – did not like at all: Linux may be inherently more secure…
DetailsAs you know, I am Swiss. Switzerland is known as being one of the most direct democracies in the world. It is not uncommon for us having (or being allowed) to vote every other month as there are a lot of ways to influence what our politicians and/or our government does. This makes the system…
DetailsWe have regular ConfCalls with our security support to exchange trends and issues we see. During the last one we had an interesting discussion I would like to share with you: We seem to get a hell lot of calls mainly from the consumer segment with Virus/Trojan/Spyware infections. The way they get the malware is…
DetailsAs you (hopefully) know, the release of Internet Explorer 8 is coming closer. One thing we always look at is how to make surfing more secure and more private. The IE team just launched a blog post on the InPrivate features of IE 8 which is definitely worth looking at: IE8 and Privacy
Roger
