Building a faster Internet
Does not solve any of the security problems (challenges?) but it sounds promising anyway
Building A Faster Internet
Roger
How long does it take to hack a Power Plant?
I start to get scared – more and more. Back in September I blogged on Critical Infrastructure Protection – Live which shows what would happen if somebody would be able to tamper with power generators. Now, during RSA there was a guy called Ira Winkler telling the audience that they had the job to do…
Details“The Security Business has no Future†(Quote by IBM)
This is actually an interesting statement. If you had ever to deal with the press you know how these headlines are composed. It might be that the person actually made the sentence in this way – the question is whether he meant it so absolute. Nevertheless, if you read the corresponding article on darkReading, I…
DetailsSDL and End to End Trust
Last week we published – as you hopefully know – our “End to End Trust” whitepaper. If not, please read my blog post on it J Now, Eric Bidstrup just commented on End to End Trust in the light of the Security Development Lifecycle (or better: the other way around). It might be interesting for…
DetailsThe ideal profile of a CSO
I was in Bratislava this week for an IDC Conference. During these kind of events I often talk to the press as well. Additionally I had this time the opportunity to talk to a pretty well-known blogger in Slovakia called Jozef VyskoÄ. You may have a look at his blog (provided your Slovakian is better…
Details0-Day-Patch – An new Metric for Security?
The Federal Institute of Technology in Zurich released a study at Blackhat, which is definitely worth looking into. Now, let’s be serious: They looked at a metric they call 0-Day-Patch being the number of patches a vendor is able to release at the day of the public disclosure of a new vulnerability. We could discuss…
DetailsHacking Back?
Pretty often there is a discussion how far it is allowed to hack back. I was just reading an interesting post called Hackers Could Become The Hacked? which I wanted to share with you
Roger
Technology to Circumvent Censorship (Part 2)
Back in March I blogged on a Technology to Circumvent Censorship. I actually expected some dialogue on this but today somebody posted an interesting comment, I think is worth reading. Just click the link above and look at the second comment
Roger
Infosec: Security community must work together
Ed Gibson, our CSA in the UK had an interview during Infosec with VNunet. He made some interesting statements: We have a good set of laws in place and they have teeth. But the police have priorities and budgets set by the Home Office and Any one of you here would volunteer for neighborhood watch…
DetailsOur Malicious Software Removal Tool and Storm
There is an interesting article on the value of the Malicious Software Removal Tool (MSRT – the tool we release monthly to clean PCs) and the fight against storm. It gives you some insight how our Malware Protection Center works and what they did against storm. A pretty interesting reading (even though I do not…
DetailsSecurity Pros ignoring their own message
As you probably know: I am Swiss. We have a saying in Switzerland (I do not know whether something like this exists in English as well) that the kids of the shoemaker always have the worst shoes… So, what about the security professionals? No, I am not talking about their shoes but what about the…
DetailsBest Practices for Microsoft PKI & Certificate Management
You might know Brian Komar. He wrote numerous books on PKI and Certificate Management and he is a well-known speaker at quite some events like TechEd and IT Forum. Now, nCipher organized a Webimar on Best Practices for Microsoft PKI & Certificate Management.
If you are interested, you might register at the link above.
Roger
Securing your Web Browser
Cert.org published guidance on how to secure your browser. Here you would find them if you are interested: Securing Your Web Browser
I am just not clear, how the browsing experience for my mom and dad would be…
Roger
The recent IIS Attacks
There has been a lot of discussions in different blogs on the attacks on IIS servers. Microsoft Security Response Center has publised a post on it: Questions about Web Server Attacks
Roger
Public Testing for Office
Are you working on Office System 2007? Ever looked for a command, you knew in 2003 exactly where it is but you were unable to locate it? Well, do not get me wrong: Since I am used to the Ribbon, I love it – really. And my wife is all of a sudden able to…
DetailsThe Dumbest Thief of the Month
If there would be a price for the “Dumbest Thief of the Month”, this guy deserves #1: Texan tries to cash $360bn cheque
Roger
8 Dirty Secrets Of The Security Industry
I just read this article called 8 Dirty Secrets Of The Security Industry, which seems pretty nasty. Let’s briefly have a look at them: Vendors do not need to be ahead of the hackers; they only need to be ahead of the buyer: Wow, this is a bad statement – but how true is it?…
DetailsHow Microsoft IT does Threat Analysis
I wrote on that already earlier. We make processes and tools available how we internally do Threat Modeling. To make it clear: this has nothing to do with the Security Development Lifecycle but much more with Microsoft’s own IT department. The reason for this post is that we just released version 2.1 of the Threat…
DetailsTesting our Security Technology
Quite a while ago, I blogged on Virtual Labs, an offering we are making to you to get your hands dirty with our products and give you the opportunity to work with different hands-on labs. There is the VirtualLabs offering, containing MSDN and TechNet labs. The idea behind them is: It’s simple: no complex setup…
DetailsMicrosoft is winning the NAC war
I just read an interesting chat with Joel Snyder from Opus One who did Interop testing on the different NAC solutions. I think he makes some statements which are worth to read (from my perspective anyway J): He also says that those who are anti-NAC simply don’t understand the technology. What we ended up with…
Details