Jesper's Blog

Obligatory file photo: I am a Senior Security Strategist in the Security Technology Unit at Microsoft. My job is to explain to our customers how to run Microsoft products securely, and to the extent that it is needed, help the product groups figu

Jesper's Blog

  • Last Post

    Today was my last "normal" day at Microsoft. (That's with a grain of salt - an exceptional company has few normal days). Tomorrow I just have the exit interview early and then I will be unemployed for a few days. I wonder when I am officially not an employee...
  • Yet another change of plan - TechEd Japan

    Today the plans for what I am doing before I leave changed, again, but not as drastically as last time. It turns out that I am going to TechEd Japan after all. I will be delivering the "Is That App Really Safe" and "Baking Security Into The Development...
  • I Got A New Blog!

    Some of Microsoft's amazing Most Valuable Professionals (MVP) made me a blog on a new site they call msinfluentials.com . I can't thank Susan , Nick , Vlad , Chad , and Wayne enough. You guys are truly special and exemplify all the best things about the...
  • Yes, it is unfortunately true

    I have unfortunately been prevented from speaking at TechEd in New Zealand, Australia, and Japan; the final events I was planning to speak at before I leave Microsoft on September 1. I cannot express how terrible I feel about this. The hope was that these...
  • Intel Centrino Driver Vulnerability

    Last week a new security problem was announced in the Intel Centrino wireless drivers. It appears to affect the 2200BG and 2915ABG wireless hardware. These are extremely common components that are shipped in many laptops. You would do well to check whether...
  • Free Windows Software

    Blake Handler sent me a link to his blog post about free Windows software a couple of days ago. It is a very cool list that shows a lot of free things published by Microsoft. Check it out at: http://bhandler.spaces.live.com/blog/cns!70F64BC910C9F7F3!1231...
  • All good things must come to an end

    This is an excerpt from a mail I sent out internally today: The sands of time seem finally to have run their course. On September 1 I will not only celebrate the 5-year anniversary of my time here at Microsoft but also my departure from the company...
  • How LMCompatibilityLevel really works

    A while ago I once again got frustrated by LMCompatibilityLevel and the amount of confusion that is out there about it. There was also an intriguing thing in the SAMBA documentation that they (incorrectly) called "NTLM2 Session Response" that needed figured...
  • Required Attributes of Security Solutions

    I've been trying to come up with a list of attributes that a security solution needs to have to be complete and sufficient. The idea is to develop a set of attributes that can be used when analyzing security to see if it fulfills the needs of the situation...
  • Microsoft Purchases Winternals

    In a very interesting twist Microsoft today announced the acquisition of Winternals and Sysinternals . This is really interesting news and I am glad to see Mark Russinovich and Bryce Cogswell getting to have more of an impact on the Windows product.
  • How many vulnerabilities are there really?

    Just in case your are of the vulnerability counting type, you may be interested in an analysis posted by my friend Jeff Jones in his blog. Jeff has done some pretty amazingly detailed analysis of the number of vulnerabilities in each of several products...
  • Resources from U.S. Security Summits

    Many of the attendees from the recently concluded Security Summit series in the U.S. have been asking for the slides. Since we will be doing web casts of the presentations we are not making the slides availble. What many people want though are simply...
  • Please don't disable security features, at least while we are testing them

    I couldn't tell you how many times I have either had the question "how do I turn off User Account Control" or heard the statement "boy, I sure hate all those annoying user account control popups in Vista." Yeah, security sucks, it gets in the way of...
  • Are You A People Person?

    As my family keeps reminding me, I'm not much of a people person. It could just be that I am projecting myself onto others, but I am pretty sure that much of the IT industry is like me, which raises a number of serious security problems. If you are interested...
  • Structuring Infosec Organizationally

    Last week I visited a customer and was greeted by two people who introduced themselves, respectively, as the "Chief Information Security Officer" and the "Chief IT Security Officer." Yes, they had two separate functions for this, one to secure information...
  • Free Security Support Number For Your Region

    At an event in Germany today the issue came up how to access the free security support in your region. For a couple of years now Microsoft has offered no-charge support for security issues. However, the number is different in different regions. To find...
  • What is a "zero-day"?

    Once again, it seems misguided reporters have appropriated a technical term and are misusing it in ways to confuse the field. "Hacker" was not the first term they ruined, but it is still the one that irks me the most. The primary definition of "Hacker...
  • I Really Do Not Hate Hardening Guides

    Unfortunately, it seems that people are getting the impression that I hate hardening guides. A few people told me that after I delivered the "Security Myths" presentation at Microsoft's Federal Security Summit West last week. It is really not the case...
  • Going Wild With Administrative Accounts

    Today I got a question that reminded me that I have not written a whole lot about how to manage the accounts used by system administrators. The question was whether I could think of any reasons why you would share an administrative account between several...
  • Are we too simplistic in how we think about risk?

    Yesterday I had a fascinating meeting where we discussed a number of theoretical concepts, including how we think about risk. Risk, of course, should be the driver in everything we do in information security, and risk management should be the discipline...
  • Why your comments no longer automatically show

    Just a quick note to let you know why your comments to my blog no longer show up automatically. It turns out that someone decided my blog was a good place to post ads for online pharmacies, gambling, and all that other stuff that we apparently do not...
  • More Security Myths

    About a year ago Steve Riley and I built a presentation based on a set of security myths we put into the book . It was one of the most popular presentations we have ever made, and we kept coming up with more myths every time we delivered it, or talked...
  • Upcoming engagements

    The schedule for Spring 2006 is in full swing. Just in case anyone is interested in meeting up with me somewhere in the world (or has some new gig they think I should go to) I thought it makes sense to post my schedule here. February 6 and 7 - Albuquerque...
  • Windows Firewall: the best new security feature in Vista?

    It is interesting how some of the best security features in Windows receive either no attention, or get criticized for the strangest reasons. Case in point: Windows Firewall is one of the best firewalls out there, and yet much of the talk about it are...
  • Why Phishing Will Remain Lucrative For The Foreseeable Future

    Today I received a message that purports to be from Discover regarding a 5% cashback program on gas purchases on that card. (For the non-American readers, Discover is a credit card widely used in the U.S.). The e-mail had a couple of links to click, both...