TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Internet Explorer
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Lync
See all products »
Resources
Curah! curation service
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Subscriptions
TechNet Video
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Microsoft Update
Trials
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Related Sites
Microsoft Download Center
TechNet Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
e-Learning overview
Certifications
Certification overview
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Other resources
TechNet Events
Second shot for certification
Born To Learn blog
Find technical communities in your area
Support options
For small and midsize businesses
For enterprises
For developers
For IT professionals
From partners
For technical support
Support offerings
For home users
More support
Microsoft Premier Online
Microsoft Fix It Center
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Jeff's InfoSec Blog
Thoughts about information security, privacy, and regulatory compliance. Brought to you by Jeff Newfeld, the product unit manager for security solutions in Microsoft's Core Infrastructure Solutions group.
Tags
Information Security
Privacy
Regulatory Compliance
Browse by Tags
TechNet Blogs
»
Jeff's InfoSec Blog
»
All Tags
»
information security
Related Posts
Blog Post:
The Trustworthy Computing Security Development Lifecycle
TechNet Archive
If you're wondering how Microsoft bakes security into its software development practices, this paper (by one of the co-authors of "Writing Secure Code") takes you through the process. This is far more than a guide for individual developers; it goes through the organization stucture and processes necessary...
on
28 Mar 2005
Blog Post:
Automagically isolating Internet worms
TechNet Archive
A paper from Microsoft Research (MSR), first published last summer, is getting new interest after MSR's internal TechFest last week. The idea is that hosts would analyze traffic hitting them and automatically broadcast alerts. While false negatives can mean that many hosts will not detect the worm, doing...
on
7 Mar 2005
Blog Post:
Hey, Mom finally gets security!
TechNet Archive
Interesting -- According to a UK study, demograpghics are skewing for home users, with older people buying a larger percentage of home infosec products (AV, etc.) and younger people being the ones that naively assume they're OK. Without the data it's hard to analyze further. I hope that the shift is...
on
8 Feb 2005
Blog Post:
Is finding security holes a good idea?
TechNet Archive
Some interesting papers came out of the third annual Workshop on Economics and Information Security. If you're an IEE Computer Society member you can read the full text. Eric Rescorla's article, "Is Finding Security Holes a Good Idea?", provides a statistical analysis of a point I have long held: that...
on
16 Feb 2005
Blog Post:
Microsoft's Security Cooperation Program
TechNet Archive
I love how news reporting can subtly (or not so subtly) slant interpretations while professing to still be reporting facts. CNet's reporting of the Microsoft Security Cooperation Program is a great example. When I heard about this program I thought it was great -- a mechanism for getting governments...
on
2 Feb 2005
Blog Post:
How do we fight spyware when no one can agree what it is?
TechNet Archive
Ahh, the wonderful world of information security in the United States, where the threat of litigation can keep holes open and spyware active. eWeek has had a couple of articles this week on this topic. In The Chaotic World of Defining Spyware they discuss issues that CA has with companies that are fighting...
on
4 Apr 2005
Blog Post:
First open O/S, now open BIOS?
TechNet Archive
Sorry, I just can't get behind this: Battle brews over unlocking PC secrets . The PC industry has suffered for not having trusted mechanisms for identifying computers and locking down digital rights. I read the article and I still don't see Stallman's point. Then I read his manifesto and I really don...
on
7 Apr 2005
Blog Post:
Former AOL employee pleads guilty in spam case
TechNet Archive
Ouch -- 92 million screen names and email addresses stolen from AOL. The guy netted $28k, and will have to pay $200-400k in restitution. Not exactly a lucrative business, was it? Once again we see privacy compromised from the inside -- nothing that the individual account holder could have done would...
on
7 Feb 2005
Blog Post:
Vulnerability analysis using search tools
TechNet Archive
Interesting article: Google Yourself to Identify Security Holes by Tony Bradley. His point is that security people should be using Google and the discussed tools as one facet of a vulnerability analysis program.
on
7 Apr 2005
Blog Post:
New! IPSec Guidance from Microsoft
TechNet Archive
My team just released a new security guide: Server & Domain Isolation Using IPSec and Group Policy . This soluton, aimed at enterprise IT Pros, is focused on how you can use IPSec and Group Policy to secure the data connections between systems. One of the key threats that this can mitigate is the...
on
28 Mar 2005
Blog Post:
7 computer security tips for students
TechNet Archive
My group didn't write this... that is, I don't think we did, although this may have come out of our Consumer team. But it is pretty good, basic advice for students that are heading off to school with their new laptops. School is in: 7 computer security tips for students
on
30 Mar 2005