Jesper's Blog

Obligatory file photo: I am a Senior Security Strategist in the Security Technology Unit at Microsoft. My job is to explain to our customers how to run Microsoft products securely, and to the extent that it is needed, help the product groups figu

Jesper's Blog

  • Some Password Policy Settings Are Not Enforced When Disconnected

    This is a post I was asked to do a while ago and have been procrastinating on. I apologize for that. For various reasons, every so often, certain FAQ items come up again. One of them is whether certain password policies are enforced when a system is not...
  • "Temporary" Administrators

    Several times in the past year someone has brought up an issue where they needed to "temporarily" grant someone administrative privilege to a system or a domain. Each time my answer has been the same: "why not just put them in the Administrators group...
  • A Fathers Pride

    Every parent knows that the main reason you have kids is for the comic relief they provide. However, watching them grow up is also fascinating. Yesterday my oldest son, who is now seven and a half, and I were sitting in front of the TV when he asked...
  • A Book on Just Passwords

    Recently I was standing in a Geek bookstore in Sydney, trying to burn half an hour between meetings, when a book on passwords caught my eye. Naturally, given my somewhat odd interest in passwords, I picked it up to see if I had head of it before. Given...
  • RFID tags on Credit Cards? Is this a good idea?

    Bruce Schneier has been a very vocal opponent of the move to put RFID tags, or at least ones without security, on passports. For instance, there is this blog post , and this article . Passports are, of course, interesting, particularly when you have to...
  • TechEd Presentations

    It appears I will be at TechEd in Boston this year after all. There are precious few sessions going around. Attendees have voiced a desire to hear more external speakers so the MS people are getting fewer sessions this year. Steve Riley (henceforth known...
  • Server and Domain Isolation Tech Center

    Maybe you are not quite as behind the times as I am, but I just found out that there is a new Server and Domain Isolation (yes, that is the correct word order) Tech Center at http://www.microsoft.com/sdisolation . Server and Domain Isolation is certainly...
  • Some organizations put too much emphasis on hardening guidance

    I have been working on hardening guidance for almost 10 years. The first few I worked on were essentially lists of settings that we thought you should turn on. Basically, if something sounded like it might have to do with security then it must be turned...
  • New Taped Presentations Available

    The Europeans have put up a couple more presentations from IT Forum 2005. There is a tape of my Is That Application Really Safe demos, as well as the Security Policy Management with SCW . They also put up Jason Zions' Unix/Linux Authentication with Active...
  • Power Users are Admins who have not made themselves admins yet

    It seems kind of odd that in 2006 I would still get these questions, but twice in the past week have I had to explain the truth about Power Users to someone. Typically they are organizations who are trying to limit the rights of their users, who right...
  • Security is a confidence building exercise

    Yesterday I was at a community event in Canberra, well, actually, it was in the middle of nowhere in New South Wales, but that's beside the point. One of the issues that came up there was how to sell security to senior management. Having struggled with...
  • Reading List

    Reading List Many people have asked me to put together a list of links to things to read that may help them become a security expert. I am not sure I can do that, but doing some reading is not a bad starting point. What you read out of this really...
  • Becoming a better presenter

    This week I went to Dr. Edward A. Tufte's course on presenting quantitative information. Being a professional (yes, I know some people argue about the professionalism part) presenter I found this to be a reasonable way to pick up a few nuggets that might...
  • Clearing the pagefile to wipe sensitive data

    The other day an old issue came up again: how do we mitigate the threat of sensitive data in page files. Page files are basically an on-disk repository of data that was in memory but not needed right at this moment. The system will page the data to disk...
  • More security theater, in the air

    Recently I was on yet another flight, trying to get some e-mail done. This time, however, I was answering e-mail offline on my SmartPhone. Of course, the phone was in flight mode so the radio was off. I wouldn't want to "interfere with the aircrafts navigation...
  • More on Using ISA to Block WMF Attacks

    Jim Harrison has created a very cool script to do much better blocking of the WMF exploit in ISA server. The script is nice because it sets up a policy that actually parses the request body and blocks WMF files that are renamed to something else by using...
  • Ready! Set! Go...patch your stuff!!!

    OK, you have probably seen it, but the official update for the WMF vulnerability was just posted! The bulletin is titled MS06-001 . The updates are on Windows Update , as well as on the download center. Links to the Download Center updates are in the...
  • Conscientious Risk Management and WMF

    This past week there have been a lot of questions about the WMF vulnerability, what Microsoft is doing, and what the community should do to protect against it. For many reasons, Microsoft's response to the problem is best left to those who do this for...
  • Blocking certain extensions in ISA server

    For some reason I decided that today was a good day to figure out how to block certain file extensions from being accessible over the web. This could be very useful, for instance, if you are trying to prevent a particular exploit that utilizes a particular...
  • Weird ISA error, and apparent solution

    This morning when I tried to use FrontPage (don't even start) to edit one of my web sites, I was faced with this error: Error Code: 500 Internal Server Error. Internet Control Message Protocol (ICMP) network is unreachable. For more information about...
  • Getting OMA to work with SBS Premium and WM 5.0

    Being that I am on vacation, I just had to take a break from all the relaxing and get my new K-JAM/QTek 9100 to connect to OMA on my SBS server. These devices have not been out very long and run the latest version of Windows Mobile (nee, Windows CE),...
  • Biometrics

    Apart from the obvious issues with biometric authentication (like the fact that revoking them is quite onerous and the fact that they are actually detachable) I have never really been much of a fan of them for other reasons, like the issue that they always...
  • Good Enough Security

    At some point about six weeks ago I once again was hit with arguments that pointed to people considering security as black and white; you are either secure or you are not. Security is not now, nor has it ever been, a binary decision. There are a lot of...
  • Tools and other new stuff from the book now available

    When we wrote Protect Your Windows Network we put some tools on the CD. The tools are now posted on the website: http://www.protectyourwindowsnetwork.com . There is even a new version of the passgen tool available there. The new version supports setting...
  • Malware and administrative rights

    For about a year I have been telling a story to highlight how users running as administrators are much more likely to get malware installed on their systems than users who run as normal users. The story is actually in Protect Your Windows Network if you...