• Accenture
  • Cybercrime
    • Crime
    • Terrorism
  • Fun
  • Government
    • Critical Infrastructure Protection
    • Law Enforcement
    • Legislation
  • Industry
    • Associations
    • Cloud Computing
    • Consumerization of IT
    • Events/Trainings
    • General
    • Incidents
    • Internet of Things
    • Open Source
    • Outsourcing
    • Piracy
    • Social Media
    • Technology
    • Trends
  • Intergovernmental Organizations
  • Microsoft
    • Cloud Computing
    • Consumer
    • Incidents
    • Partner
    • Processes
    • Products
    • Strategy
  • Privacy
  • Security
    • People
    • Policy
    • Process
    • Technology
Catagories
Roger Halbheer on SecurityRoger Halbheer on Security
Roger Halbheer on Security
Information Security Discussion

Roger Halbheer on Security

  • Home
  • Downloads
  • My Photo Gallery
  • Bio and Contact
  • Blogroll
    • Chief Security Advisor Microsoft Finland
    • Chief Security Advisor Microsoft Italy
    • Chief Security Advisor Microsoft Russia
    • Chief Security Advisor Microsoft South Africa
    • Chief Security Advisor Microsoft Switzerland
    • Chief Security Advisor GCR (Chinese)
    • Chief Security Advisor Germany
    • Gerhard Göschl (Microsoft Austria)
    • Microsoft’s Security Blog
    • Trustworthy Computing
    • Microsoft Switzerland Security Blog
    • Shoaib Yousuf
  • Tweetroll
    • Roger Halbheer
    • Henk van Roest
    • Microsoft Security Response
    • Microsoft Digital Crimes Unit
Menu back  
LinkedinRssTwitterXING
Find
Date Name
DescAsc

On-Premise vs. On-Demand (or SaaS) – A Quocirca Report

I was made aware of a pretty good report on Software as a Service Quocirca did in collaboration with Microsoft. It is not the kind of “new, what you never heard before”-thing but I personally think that it is a good investment of time to get an overview of Software as a Service and some…

Details
June 3, 2008Leave a commentCloud Computing, Technology, TrendsBy Roger Halbheer

The Emancipation of Hackers

In the world of Chinese Hackers there seems to be a group especially for female hackers. I just read this post: Chinese Female Hacker Group which show a pretty high growth rate of women joining: The website for the China Girl Security Team was registered on 12 Mar 2007 and currently has 2,217 members. The…

Details
June 3, 2008Leave a commentCrime, CybercrimeBy Roger Halbheer

The “successful” attack on Cardspace

I guess you read it as it was pretty wide-spread in the press in the last few days: On the Insecurity of Microsoft’s Identity Metasystem CardSpace. Well, is there any official Microsoft reaction to it? No, not yet and if you look a little bit more in depth into it, I doubt that there will…

Details
June 2, 2008Leave a commentProcess, Products, Technology, TrendsBy Roger Halbheer

Microsoft Advisory for Safari Flaw

I posted yesterday on the Safari flaw (Why Apple has to fix the Safari flaw) as Apple did not acknowledge that this is a security vulnerability. Unfortunately we had now to release an advisory for this as we started to see that the bad guys could use this “feature” to attack machines – we are…

Details
May 31, 2008Leave a commentCrime, Incidents, TechnologyBy Roger Halbheer

New Guidance on the SQL Injection Attacks

We just published yesterday two new pieces of guidance for the latest SQL Injection attacks, which I want to make sure you saw it:

  • Preventing SQL Injections in ASP
  • SQL Injection Attack – which is a great piece of work pulling the different views of the latest attacks together

Roger

May 31, 2008Leave a commentIncidents, TechnologyBy Roger Halbheer

Why Apple has to fix the Safari flaw

Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to responsible disclosure of vulnerabilities: And then, what does the vendor do with it? Does the company act on it? Now, we can debate on what a vulnerability is and what not. Personally I am convinced that a…

Details
May 30, 2008Leave a commentIncidents, Process, SecurityBy Roger Halbheer

The latest SQL Injection Attacks

Well, there was quite some chatter over the last few weeks with regards to the massive defacements we saw based on SQL Injection Attacks. So, what was really new? Close to nothing. Well, this is not completely true. The new thing we have seen with these attacks is automation; however a lot of people did…

Details
May 30, 2008Leave a commentIncidents, Process, TechnologyBy Roger Halbheer

Researcher at Microsoft Research wins ACM award for Privacy Protection

I just read this article on Cryptography Expert Wins ACM Award for Advances in Protecting Privacy of Information Retrieval. This is really cool to see that research with do at Microsoft Research not “only” leads to advancements in our products but to public recognition as well. Well done Sergey!

Roger

May 26, 2008Leave a commentMicrosoftBy Roger Halbheer

How to Hack Windows Vista

No, no. For sure. I am not going to give you advise how to hack – but look at this video: . I am always amazed about these kind of videos, which still surprise people. If look years back, we published the 10 Immutable Laws of Security, which contains Law #3: If a bad guy…

Details
May 26, 2008Leave a commentCybercrime, Incidents, Processes, ProductsBy Roger Halbheer

Two Important Whitepaper on Windows Server 2008

If you are planning to implement Windows Server 2008, there are two paper recently published that could help you with it:

  • Active Directory Certificate Services Upgrade and Migration Guide
  • Configuring and Troubleshooting Certification Authority Clustering in Windows Server 2008

Roger

May 26, 2008Leave a commentProcesses, ProductsBy Roger Halbheer

How to sell security

I just read this essay by Bruce Schneier: How to Sell Security. This is definitely a must-read in my opinion. Not that it really tells you how to sell it but it helps you to understand the “mechanics” about it.
Roger

May 26, 2008Leave a commentProcess, SecurityBy Roger Halbheer

SANS Commits $1 Million to Fight Cybercrime in Developing Countries

You know that I criticize SANS from time to time. Especially when it come to their handlers, I am convinced that they are creating the problem rather than solving it. This time I have to say that I am impressed as they are helping developing countries to help to fight Cybercrime. This is as “we…

Details
May 24, 2008Leave a commentCrime, Critical Infrastructure Protection, Cybercrime, Government, TerrorismBy Roger Halbheer

Is Security Research Ethical?

Shoaib’s blog actually pointed me to a pretty interesting article called Face-Off: Is vulnerability research ethical? – Security Experts Bruce Schneier & Marcus Ranum Offer Their Opposing Points of View. Not surprisingly Bruce says “yes” and Marcus says “no”. If you read through their points, you might even agree partly with each of them: Bruce…

Details
May 22, 2008Leave a commentIncidents, People, PolicyBy Roger Halbheer

Adding additional File Formats in Office 2007 SP2

We just announced that we will add support for additional file formats in Office System 2007 SP2. Just read more on Open XML, ODF, PDF, and XPS in Office

Roger

May 22, 2008Leave a commentProductsBy Roger Halbheer

Analysis of the Estonian Attacks

We all remember the cyber-attacks on Estonia last April. A lot of people are interested what really was going on during these attacks. You find a lot of sites looking into the technical analysis of the attack – which could be more or less speculation. What I found recently and just had time to read…

Details
May 21, 2008Leave a commentCrime, Critical Infrastructure Protection, Cybercrime, Government, TerrorismBy Roger Halbheer

Security Risks of VoIP

Internet Telephony Has Security Problems: This was an interesting read this morning for different reasons: First of all, it is not surprising (even if we would not have known the problems it would have to be expected). I liked the statement: The goal is to raise awareness about flaws in these systems – and create…

Details
May 20, 2008Leave a commentTechnology, TrendsBy Roger Halbheer

Building a faster Internet

Does not solve any of the security problems (challenges?) but it sounds promising anyway

Building A Faster Internet

Roger

May 20, 2008Leave a commentTechnology, TrendsBy Roger Halbheer

How long does it take to hack a Power Plant?

I start to get scared – more and more. Back in September I blogged on Critical Infrastructure Protection – Live which shows what would happen if somebody would be able to tamper with power generators. Now, during RSA there was a guy called Ira Winkler telling the audience that they had the job to do…

Details
May 20, 2008Leave a commentCritical Infrastructure Protection, TerrorismBy Roger Halbheer

“The Security Business has no Future” (Quote by IBM)

This is actually an interesting statement. If you had ever to deal with the press you know how these headlines are composed. It might be that the person actually made the sentence in this way – the question is whether he meant it so absolute. Nevertheless, if you read the corresponding article on darkReading, I…

Details
May 20, 2008Leave a commentTrendsBy Roger Halbheer

SDL and End to End Trust

Last week we published – as you hopefully know – our “End to End Trust” whitepaper. If not, please read my blog post on it J Now, Eric Bidstrup just commented on End to End Trust in the light of the Security Development Lifecycle (or better: the other way around). It might be interesting for…

Details
May 20, 2008Leave a commentMicrosoft, Process, ProcessesBy Roger Halbheer
1
23456789101112131415161718192021222324252627282930313233343536373839
…4041424344
Prev pageNext page
Tag Cloud
Calendar
May 2022
M T W T F S S
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
« Aug    
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
Copyright by Roger Halbheer Dream-Theme — truly premium WordPress themes