Renting a Botnet on eBay
It is getting better over time: Now you can rent a Botnet on eBay to increase your hitrate on YouTube (By the way: Free shipping is included):
|39%3A1|66%3A2|65%3A12|240%3A1318&_trksid=p3286.c0.m14
Roger
Why I do not like e-Voting (Part 2)
As you might know, I blogged on e-Voting recently (Why I do not like e-Voting) and got quite some reactions. A few here but most of them privately. Most of you seem to like e-Voting. Now, think again! Look at this article here Evaluating the Security of Electronic Voting Systems. There is a video in…
DetailsThis is about processes: Google Chrome Vulnerable to Carpet Bombing
This is the kind of stuff I hate to see – definitely within Microsoft but to a similar extent within competitors. I think we have a joint mission: Make the Internet a safer (and more trustworthy) place. There was quite some noise yesterday around Google Chrome. And a lot of noise about “safer browsing” and…
DetailsServers still not patched
I just read an article this morning on Linux servers under the Phalanx gun: A problem with people, not code. There were quite some things which made me think when I read it: There was a statement in there, which I – obviously – did not like at all: Linux may be inherently more secure…
DetailsWhy I do not like e-Voting
As you know, I am Swiss. Switzerland is known as being one of the most direct democracies in the world. It is not uncommon for us having (or being allowed) to vote every other month as there are a lot of ways to influence what our politicians and/or our government does. This makes the system…
Details„Scareware“ on the Raise
We have regular ConfCalls with our security support to exchange trends and issues we see. During the last one we had an interesting discussion I would like to share with you: We seem to get a hell lot of calls mainly from the consumer segment with Virus/Trojan/Spyware infections. The way they get the malware is…
DetailsIE8 – a new Set of Privacy Features
As you (hopefully) know, the release of Internet Explorer 8 is coming closer. One thing we always look at is how to make surfing more secure and more private. The IE team just launched a blog post on the InPrivate features of IE 8 which is definitely worth looking at: IE8 and Privacy
Roger
How to circumvent Privacy Laws
As you all know, most jurisdictions allow individuals to ask for data collected by an organization (being it a company or a governmental organization). A lot of countries have Data Protection Commissioners that look into what companies and more often governments do with regards to PII (Personal Identifiable Information). After 9/11 the United States forced…
DetailsYour PIN on the Internet
Yes, it is true: There is somebody who publically put known PINs on the Internet. I bet yours is there too: http://www.positiveatheism.org/crt/pin.htm
Roger
Secure Development: More than „just“ code!
I just read an interesting post by Michael Howard (Security is bigger than finding and fixing bugs). He refers to a statement Google seem to have made on its development practices (Google shares its security secrets): In order to keep its products safe, Google has adopted a philosophy of ‘security as a cultural value’. The…
DetailsInsights into Windows 7 Engineering
Are you interested to learn how Windows 7 (next version of Windows) is engineered? Are you willing to get in touch with the engineering team? Then read their blog: Engineering Windows 7
Roger
The Global Network of Crime
We all know that crime is global and that they are doing their best to leverage the legal shortcomings and the limitations of the cooperation between Law Enforcement agencies. There is a good article about one case in the New York Times which is definitely worth reading:
Global Trail of an Online Crime Ring
Roger
Announcement of the MSRC Ecosystem Strategy Team Blog
Our teams around the Microsoft Security Response Center recently launched a new blog called MSRC Ecosystem Strategy Team Blog. The blog is thought to give more insights into the work we do with the security ecosystem knowing that vulnerabilities and attacks today not “only” affect Microsoft products but very often the Internet as such –…
DetailsSecurity through Collaboration
If you ever heard me keynote an event you know that one of the key messages I have is, that partnerships are necessary in order to be able to protect against today’s threats. At Black Hat USA we just announced a new program called Microsoft Active Protections Program. The program is designed to give security…
DetailsAnnouncing the Exploitability Index
At Blackhat we announced an important change to our Security Bulletins becoming effective during the October release. One of the requests we often heard talking to our customers is, that they would like to get better information on how hard it is to exploit a vulnerability. We will introduce an Exploitability Index by October. Basically…
DetailsHow to react on the DNS attacks
Yes, I am back. I was on vacation and therefore did not take the time to blog.
Just briefly: IBM published a pretty good article on the latest DNS attacks. You can read it here: Responding to the DNS vulnerability and attacks
Roger
Microsoft sponsors Privacy Enhancing Technology Awards
It is not really news anymore as it broke during my vacation. However, it is important from my point of view: We are a proud sponsor (and not for the first time) of the Privacy Enhancing Technology Awards, which recognizes the work of researchers in the area of Privacy Enhancing Technologies. There was a press…
DetailsSome Thoughts on Today’s Bulletins
As always: It is the second Tuesday of the months and we released the Security Updates. However, this month is special from one perspective: We released an update for the DNS resolver, which is released simultaneously by a lot of DNS vendors with the same vulnerability. Here are some technical details about this vulnerability on…
DetailsLaunching Office Subscription
Yes, I know: It is US-only at the moment but it might nevertheless pretty interesting for you: We announced yesterday that we will launch a subscription-based Office version called Equipt. Here is an extract from the announcement: Initially code-named “Albany,” Microsoft Equipt offers consumers Microsoft Office Home and Student 2007, giving them the latest versions…
DetailsInternet Explorer 8 Beta 2: New Features
We announced yesterday some additional features in Internet Explorer 8, which will be part of Beta 2. They are way cool and will help to do some additional significant steps towards a more trustworthy browsing experience. Yesterday we mainly talked about two features: The XSS Filter, which helps to protect from cross-site scripting attacks SmartScreen®…
Details