I blogged today about the worm outbreak. We are seeing an increasing number of critical support calls because of customers being infected by the worm attacking the vulnerability fixed in MS08-067. Let me be even clearer than before: The update is out now for a month and believe me: There is a reason why we…Details
Just a quick one: We received the FIPS 140-2 certification for Bitlocker in Windows Vista SP1 and Windows Server 2008. The certificates were posted on the CMVP website on November 25th. The Security Policy Document along with the certificates can be viewed at, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1054, and http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2008.htm#1053
You will definitely have heard that we change our Anti-Malware Strategy: We recently announced that we will stop selling Windows Live OneCare and that we will launch a quality no-cost solution code-name â€œMorroâ€. There was quite some coverage on that but unfortunately part of the coverage was inaccurate or simply wrong. Let me give you…Details
One of the questions I often get is my position on Cyber-Terrorism. I doubt that there will be â€œisolatedâ€ technology-related terrorism. What we see much more is the use of high-tech during classical terrorism attacks. If you look at the recent terrorism events in Mumbai, there was some pretty interesting background on it: In order…Details
This is an interesting thing: I just read this post on ZDNet. The blamed us for being the key target for viruses and they always told me that they do not have a security problem. I am convinced that there is no software product having no security vulnerabilities and Apple proved over time that they…Details
Today I was having a discussion with a religious Mac fan claiming that the only problem with security on the Internet is Windows and then I read this article on ZDNet: Despite what blogs (and Apple) say, Macs will eventually have malware In there it is referenced that the article I was quoting yesterday seems…Details
I am more than pleased to inform you that we announced today a partnership between EMC/RSA and us. This partnership involves the integration of EMC/RSA technology into our platform. I quote from our press release: Microsoft will build the RSAÂ® Data Loss Prevention (DLP) classification technology into the Microsoft platform and future information protection products.…Details
Well, honestly, I am not completely clear how statistically relevant this data point is. I just read it in a secunia blog where they published figures of users of their free solution. This is data of the last few weeks and looks into the results of the first scan of the product on a PCs.…Details
Well, you saw my post earlier this week on the 1.96% of PCs being updated according to Secuina. Well, as time does, I decided to install this tool as well to look at it. I did an initial scan on my home PC and this was the outcome: Outch, this hurts my soul but shows…Details
I am working on a blog post on Security and Piracy looking into the data I have available. Probably it will be ready next week but what I wanted to know: Is there anybody who did some research about this already? I would appreciate if you could let me know. I will definitely share my…Details
There are a lot of reports on a Botnet building on the back of exploits targeting MS08-067: New Windows worm builds massive botnet MS08-067 Vulnerability: Botnets Reloaded Bots exploiting Microsoft’s latest RPC flaw Exploit-MS08-067 Bundled in Commercial Malware Kit Time for forced updates? Conficker botnet makes us wonder Worm Spawns Huge New Botnet â€¦ I…Details
IÂ wanted to make you aware of a very important announcement we made earlier today. As you know, Trustworthy Computing is all about Security,Â Reliability and Business Practices. Our house has a fourth pillar -Â Privacy – which we view as extremelyÂ important, not only in terms of the way we manage our customersâ€™ data,…Details
I recently had the great opportunity to join the Europol High Tech Crime Experts Meeting 2008 in Den Haag. This is mainly a get together of the High Tech Crime leads of the EU Law Enforcement agencies and countries where they have a close relationship with (e.g. Switzerland, Norway, Canada etc). Additionally there are a…Details
On January 28th the European Union is holding the Data Protection Day. To prepare for that, they are holding a competition for young people from 15 to 19 to express their views about online privacy. Here is the teaser:
Surf the net â€“ Think privacy!
So, please spread the word!
You know that I rarely blog on Advisories we publish unless they are heavily critical. I just want to make sure that you have seen this. MSRC (the Microsoft Security Response Center) constantly updates this advisory with workarounds. Please take this very, very serious: Microsoft Security Advisory (961051) Details on updates by MSRC Details from…Details
I know that this is not particularly news but nevertheless it could well be that the non-developers out there have not yet seen this. During TechEd EMEA for Developers we announced several things around SDL and had some speeches. Some of them are public including interviews with people like Michael Howard: Video on the Announcements…Details
Just as a short notice: We just started to communicate that we will release a security update for the Internet Explorer vulnerability. At the moment, the update is schedule to be released approx 10:00 am PST (19:00 CET) tomorrow. Have a look at the Advanced Notification which you can find here: http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx Please start immediately…Details
Go out there and install the update immediately now. Here is the bulletin: MS08-078 – Security Update for Internet Explorer (960714)
If you think that you could be infected, run a scan with the online Windows Life OneCare Safety scanner which finds the malware based on this exploit as far as we know it.