Jeff's InfoSec Blog

Thoughts about information security, privacy, and regulatory compliance. Brought to you by Jeff Newfeld, the product unit manager for security solutions in Microsoft's Core Infrastructure Solutions group.

Browse by Tags

Related Posts
  • Blog Post: The Trustworthy Computing Security Development Lifecycle

    If you're wondering how Microsoft bakes security into its software development practices, this paper (by one of the co-authors of "Writing Secure Code") takes you through the process. This is far more than a guide for individual developers; it goes through the organization stucture and processes necessary...
  • Blog Post: Automagically isolating Internet worms

    A paper from Microsoft Research (MSR), first published last summer, is getting new interest after MSR's internal TechFest last week. The idea is that hosts would analyze traffic hitting them and automatically broadcast alerts. While false negatives can mean that many hosts will not detect the worm, doing...
  • Blog Post: Hey, Mom finally gets security!

    Interesting -- According to a UK study, demograpghics are skewing for home users, with older people buying a larger percentage of home infosec products (AV, etc.) and younger people being the ones that naively assume they're OK. Without the data it's hard to analyze further. I hope that the shift is...
  • Blog Post: Is finding security holes a good idea?

    Some interesting papers came out of the third annual Workshop on Economics and Information Security. If you're an IEE Computer Society member you can read the full text. Eric Rescorla's article, "Is Finding Security Holes a Good Idea?", provides a statistical analysis of a point I have long held: that...
  • Blog Post: Microsoft's Security Cooperation Program

    I love how news reporting can subtly (or not so subtly) slant interpretations while professing to still be reporting facts. CNet's reporting of the Microsoft Security Cooperation Program is a great example. When I heard about this program I thought it was great -- a mechanism for getting governments...
  • Blog Post: How do we fight spyware when no one can agree what it is?

    Ahh, the wonderful world of information security in the United States, where the threat of litigation can keep holes open and spyware active. eWeek has had a couple of articles this week on this topic. In The Chaotic World of Defining Spyware they discuss issues that CA has with companies that are fighting...
  • Blog Post: First open O/S, now open BIOS?

    Sorry, I just can't get behind this: Battle brews over unlocking PC secrets . The PC industry has suffered for not having trusted mechanisms for identifying computers and locking down digital rights. I read the article and I still don't see Stallman's point. Then I read his manifesto and I really don...
  • Blog Post: Former AOL employee pleads guilty in spam case

    Ouch -- 92 million screen names and email addresses stolen from AOL. The guy netted $28k, and will have to pay $200-400k in restitution. Not exactly a lucrative business, was it? Once again we see privacy compromised from the inside -- nothing that the individual account holder could have done would...
  • Blog Post: Vulnerability analysis using search tools

    Interesting article: Google Yourself to Identify Security Holes by Tony Bradley. His point is that security people should be using Google and the discussed tools as one facet of a vulnerability analysis program.
  • Blog Post: New! IPSec Guidance from Microsoft

    My team just released a new security guide: Server & Domain Isolation Using IPSec and Group Policy . This soluton, aimed at enterprise IT Pros, is focused on how you can use IPSec and Group Policy to secure the data connections between systems. One of the key threats that this can mitigate is the...
  • Blog Post: 7 computer security tips for students

    My group didn't write this... that is, I don't think we did, although this may have come out of our Consumer team. But it is pretty good, basic advice for students that are heading off to school with their new laptops. School is in: 7 computer security tips for students