Roger Halbheer on Security
There is an interesting article on the value of the Malicious Software Removal Tool (MSRT – the tool we release monthly to clean PCs) and the fight against storm. It gives you some insight how our Malware Protection Center works and what they did against storm. A pretty interesting reading (even though I do not…
DetailsAs you probably know: I am Swiss. We have a saying in Switzerland (I do not know whether something like this exists in English as well) that the kids of the shoemaker always have the worst shoes… So, what about the security professionals? No, I am not talking about their shoes but what about the…
DetailsYou might know Brian Komar. He wrote numerous books on PKI and Certificate Management and he is a well-known speaker at quite some events like TechEd and IT Forum. Now, nCipher organized a Webimar on Best Practices for Microsoft PKI & Certificate Management.
If you are interested, you might register at the link above.
Roger
Cert.org published guidance on how to secure your browser. Here you would find them if you are interested: Securing Your Web Browser
I am just not clear, how the browsing experience for my mom and dad would be…
Roger
There has been a lot of discussions in different blogs on the attacks on IIS servers. Microsoft Security Response Center has publised a post on it: Questions about Web Server Attacks
Roger
Are you working on Office System 2007? Ever looked for a command, you knew in 2003 exactly where it is but you were unable to locate it? Well, do not get me wrong: Since I am used to the Ribbon, I love it – really. And my wife is all of a sudden able to…
DetailsIf there would be a price for the “Dumbest Thief of the Month”, this guy deserves #1: Texan tries to cash $360bn cheque
Roger
I just read this article called 8 Dirty Secrets Of The Security Industry, which seems pretty nasty. Let’s briefly have a look at them: Vendors do not need to be ahead of the hackers; they only need to be ahead of the buyer: Wow, this is a bad statement – but how true is it?…
DetailsI wrote on that already earlier. We make processes and tools available how we internally do Threat Modeling. To make it clear: this has nothing to do with the Security Development Lifecycle but much more with Microsoft’s own IT department. The reason for this post is that we just released version 2.1 of the Threat…
DetailsQuite a while ago, I blogged on Virtual Labs, an offering we are making to you to get your hands dirty with our products and give you the opportunity to work with different hands-on labs. There is the VirtualLabs offering, containing MSDN and TechNet labs. The idea behind them is: It’s simple: no complex setup…
DetailsI just read an interesting chat with Joel Snyder from Opus One who did Interop testing on the different NAC solutions. I think he makes some statements which are worth to read (from my perspective anyway J): He also says that those who are anti-NAC simply don’t understand the technology. What we ended up with…
DetailsRecently I was sitting on a panel which was pretty heterogeneous: There was a representative from IBM (actually from former ISS), customers, a representative from the Open Source community (who actually, during his presentation always said how bad our security is) – well, and me. In order to have some fun, the moderator wanted to…
DetailsIf you would like to know a little bit more on botnets and how they actually look like, there is a researcher who actually draw a map of one: What a Botnet Looks Like
Roger
BSA just released today a new piracy study and there are some remarkable facts in there: The worldwide weighted average of piracy rate is 38% The median piracy rate in 2007 is 61% Think about the second point for a second: This means that in half of the countries they studied, the piracy rate is…
DetailsWow, this was impressive: A Swiss Developer posted on Saturday a blog that he found a bug which remained hidden for more than 25 years: When seekdir() Won’t Seek to the Right Position. BTW: It is in BSD, where the code is available to everyone and as I am told on most of the panels…
DetailsOver the last few weeks there has been a lot of chatter about a tool we provide in a Beta version to Law Enforcement called COFEE: Computer Online Forensic Evidence Extractor. Let me give you some information on COFEE and put it into the proper context. I am personally convinced that every company has its…
DetailsI just read this article by Bruce Schneier on what to do about US Customs searches: Taking your laptop into the US? Be sure to hide all your data first So, if you look at part of his recommendations, they are: You’re going to have to hide your data. Set a portion of your hard…
DetailsWell, this is not what I am claiming to have…. This is what I am looking for. At the moment, I am monitoring/reading the following security-related blogs (sorted alphabetically): Microsoft BitLockerâ„¢ Drive Encryption Team Blog Chief Security Advisor Finland (in Finish) Chief Security Advisor Italy (in Italian) Chief Security Advisor Switzerland (in English) Chief Security…
DetailsShoaib just blogged on Hacking & Security Community – Ethical or Unethical?. To start with: I do not claim that I know all about ethics and that there is only one view on ethics but I have a clear view on certain things. I blogged on this theme several times already and made my points…
Details