Why you should move to IPv6 – NOW!
Honestly, if you are not living in China it might not be that urgent but read yourself: China running out of IP addresses
Roger
Information Accountability
I just read a pretty interesting paper; you should have a look at. The interesting thing is – from my point of view – the paper is close to your End to End Trust paper we published in March. What I want to say with that is, that it seems that several forces in the…
DetailsSuspended Jail for Hacking Tutorial in France
This is pretty remarkable from my point of view: In 2005 our Forensic team together with our Investigators obtained the identification and arrest of M. Jean-Charles S. for the illegal distribution of a hacking tutorial against MSN Hotmail and MSN Messenger users. On June 12, 2008 the Tribunal Correctionnel (criminal court in France) sentenced this…
DetailsRent a Botnet on eBay (Part 2)
You might have seen my recent blogpost on the botnet on eBay. They have seen it (we touched base with them as well)– now it’s gone:
Cool!!
Roger
Renting a Botnet on eBay
It is getting better over time: Now you can rent a Botnet on eBay to increase your hitrate on YouTube (By the way: Free shipping is included):
|39%3A1|66%3A2|65%3A12|240%3A1318&_trksid=p3286.c0.m14
Roger
Why I do not like e-Voting (Part 2)
As you might know, I blogged on e-Voting recently (Why I do not like e-Voting) and got quite some reactions. A few here but most of them privately. Most of you seem to like e-Voting. Now, think again! Look at this article here Evaluating the Security of Electronic Voting Systems. There is a video in…
DetailsThis is about processes: Google Chrome Vulnerable to Carpet Bombing
This is the kind of stuff I hate to see – definitely within Microsoft but to a similar extent within competitors. I think we have a joint mission: Make the Internet a safer (and more trustworthy) place. There was quite some noise yesterday around Google Chrome. And a lot of noise about “safer browsing” and…
DetailsServers still not patched
I just read an article this morning on Linux servers under the Phalanx gun: A problem with people, not code. There were quite some things which made me think when I read it: There was a statement in there, which I – obviously – did not like at all: Linux may be inherently more secure…
DetailsWhy I do not like e-Voting
As you know, I am Swiss. Switzerland is known as being one of the most direct democracies in the world. It is not uncommon for us having (or being allowed) to vote every other month as there are a lot of ways to influence what our politicians and/or our government does. This makes the system…
Details„Scareware“ on the Raise
We have regular ConfCalls with our security support to exchange trends and issues we see. During the last one we had an interesting discussion I would like to share with you: We seem to get a hell lot of calls mainly from the consumer segment with Virus/Trojan/Spyware infections. The way they get the malware is…
DetailsIE8 – a new Set of Privacy Features
As you (hopefully) know, the release of Internet Explorer 8 is coming closer. One thing we always look at is how to make surfing more secure and more private. The IE team just launched a blog post on the InPrivate features of IE 8 which is definitely worth looking at: IE8 and Privacy
Roger
How to circumvent Privacy Laws
As you all know, most jurisdictions allow individuals to ask for data collected by an organization (being it a company or a governmental organization). A lot of countries have Data Protection Commissioners that look into what companies and more often governments do with regards to PII (Personal Identifiable Information). After 9/11 the United States forced…
DetailsYour PIN on the Internet
Yes, it is true: There is somebody who publically put known PINs on the Internet. I bet yours is there too: http://www.positiveatheism.org/crt/pin.htm
Roger
Secure Development: More than „just“ code!
I just read an interesting post by Michael Howard (Security is bigger than finding and fixing bugs). He refers to a statement Google seem to have made on its development practices (Google shares its security secrets): In order to keep its products safe, Google has adopted a philosophy of ‘security as a cultural value’. The…
DetailsInsights into Windows 7 Engineering
Are you interested to learn how Windows 7 (next version of Windows) is engineered? Are you willing to get in touch with the engineering team? Then read their blog: Engineering Windows 7
Roger
The Global Network of Crime
We all know that crime is global and that they are doing their best to leverage the legal shortcomings and the limitations of the cooperation between Law Enforcement agencies. There is a good article about one case in the New York Times which is definitely worth reading:
Global Trail of an Online Crime Ring
Roger
Announcement of the MSRC Ecosystem Strategy Team Blog
Our teams around the Microsoft Security Response Center recently launched a new blog called MSRC Ecosystem Strategy Team Blog. The blog is thought to give more insights into the work we do with the security ecosystem knowing that vulnerabilities and attacks today not “only” affect Microsoft products but very often the Internet as such –…
DetailsSecurity through Collaboration
If you ever heard me keynote an event you know that one of the key messages I have is, that partnerships are necessary in order to be able to protect against today’s threats. At Black Hat USA we just announced a new program called Microsoft Active Protections Program. The program is designed to give security…
DetailsAnnouncing the Exploitability Index
At Blackhat we announced an important change to our Security Bulletins becoming effective during the October release. One of the requests we often heard talking to our customers is, that they would like to get better information on how hard it is to exploit a vulnerability. We will introduce an Exploitability Index by October. Basically…
DetailsHow to react on the DNS attacks
Yes, I am back. I was on vacation and therefore did not take the time to blog.
Just briefly: IBM published a pretty good article on the latest DNS attacks. You can read it here: Responding to the DNS vulnerability and attacks
Roger