Security Minded - from Kai the Security Guy

Some thoughts on security (and other stuff) from a Microsoft security professional

Browse by Tags

Related Posts
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part VII) - Moving Data Out of Your Organization

    Well, if you've been following along...we talked about who the insiders are and the metrics behind economic espionage. We've discussed why they do it and how they get the data. But I know this probably hasn't been very technical for most of you. Today that is going to change. Today we're going to talk...
  • Blog Post: The End to End Trust Vision: Microsoft's Framing of the Discussion and Call for Dialog Around Security

    You've been sitting around asking yourself, " Okay okay...I heard Bill Gates announce the whole 'trustworthy computing' concept back in 2002... What's next Microsoft? How do we solve the future security problems as an industry?" As you know, the Internet has transformed the way many of us live today...
  • Blog Post: Well, maybe I’ll get a great refund in in 2009

    Apparently the IRS just realized that they had about 1,800 unauthorized web servers attached to their corporate network !!! Now I’m glad to hear that their CIO is working to get them removed, but sounds to me this is a great opportunity for them to implement a domain isolation model using IPsec. Now...
  • Blog Post: Why Windows Vista is Better than Your O/S

    Today is a big day for Microsoft's Trustworthy Computing team! It's the release of the Windows Vista One Year Vulnerability Report composed by my good friend and teammate, Jeff Jones . First let me just put to rest any kind " of course it's favorable...it's written by Microsoft " kinda stuff that I know...
  • Blog Post: Where's Kai? RSA Conference 2008!!

    Well...if you're an IT Security Professional, you owe it to yourself to make the journey to the annual RSA Conference at least once in your life. It's the world's biggest security conference and many a great new announcement is made here. This year, it's my turn! They have some awesome speakers here...
  • Blog Post: The Security Show: Episode Two – Stopping James Bond (Part II)

    In this part, we get some good advice from the FBI on how to have that talk with your executives who like to travel out of the country and don’t really understand the risk that they assume when they carry that laptop, cell phone, or other electronic device with them. Good stuff!
  • Blog Post: Hyper-V Security Guide goes Beta

    Well, I told everyone last year on my Virtualization Security Tour that this thing was coming out soon! Well, we released a Beta of the document on our Beta site , which you should join if you haven’t already. One of my jobs is to help do technical review of documents/slides internally for our Security...
  • Blog Post: Not your Mama's Webcasts: Kai does the Defense in Depth Webcast Series

    Hopefully you were able to join me for a terrific two weeks of webcasts!! In 8 sessions we covered every layer of the security model known as "defense in depth". For those of you who missed out on the great fun we had, here's a way to go and check out the recordings. I did the best that I could to ensure...
  • Blog Post: TechNet Radio: Physical Security at Microsoft

    This is a pretty interesting podcast that I had the privilege to conduct a few weeks ago. I had the chance to go see Microsoft's Security Operations Center (SOC) and talk to Johnny Walker, CPP (Certified Protection Professional), the guy who leads the team that helps protect our physical assets. As you...
  • Blog Post: Book of the Month Club: Influence: Science and Practice, by Robert Cialdini

    I've been meaning to get back to the Book O' The Month club idea for awhile. My buddy Matt started the idea, and I'm glomming on, since I think it's a good one. Mitnick Recommended The book I just finished is entitled " Influence: Science and Practice " by Robert Cialdini. Before I dive into the why...
  • Blog Post: Rumors of my demise are greatly exaggerated...

    Well, I know it's been awhile....but I'm back. Several of you were kind enough to send me gentle reminders that I have been neglecting my blog, and were worried that I may indeed have dropped off the face of the Earth. Not so. Where Have You Been, Kai? In a nutshell......traveling like you would never...
  • Blog Post: Part Three of Four as We Chat About Physical Security

    UPDATE : I got your emails about there being a problem with this Silverlight video (thanks Doug!), so I re-rendered and have re-posted the video. Nothing stinks worse than having the movie go out in mid-series! OH YES! I actually had the privilege yesterday of getting an hour long Capabilities Tour of...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part IX) - Oldies, but Goodies

    Well....I received an absolutely unexpected and pleasure of an email from one of the excellent speakers over at the The Centre for Counterintelligence and Security Studies about my blog posts! I'm not sure they were reading or simply scanning for references to their website, but hey...I'm not picky!...
  • Blog Post: The Security Show: Episode 3 “Gates, Guards and Guns”

    More of my sitdown with Johnny Walker who helps run our Microsoft Global Security Operations Center. When we talk about physical security, as IT Pros, we’re typically talking about securing the datacenters and the boxes themselves. Johnny also has to consider things like Loss Prevention, Executive Protection...
  • Blog Post: Happy and Secure New Year!

    I have returned! As many of you are aware, I travel extensively for my job and I was literally on the road for almost 10 straight weeks the latter part of 2007. Los Angeles. New York. Buenos Aires (x2). London. Redmond. Mexico City. Washington D.C. Toronto. I was more than excited to get to my vacation...
  • Blog Post: Dripping Data: Understanding and Reducing Insider Threat (Part VIII) - Phone Home + The Power of the PMP!

    " Hey IT Guy , c heck out my cool phone! I can use it as a modem for my laptop! " Ever heard that from one of those end users? I'm sure you have. Sounds much better than " Check out my cool wireless bridge I've been using to exfil sensitive data out of our company! " No matter if you've got the latest...
  • Blog Post: Meet The Feds: Part 2

    We start off this episode with Agent Lynd explaining to us the danger of botnets and who these bot pimps are targeting. We see that some of these bad guys are using these “zombie networks” to commit extortion (or face the wrath of my botnet doing a DDoS against your business.) Good stuff. Allyn goes...
  • Blog Post: The Security Show: Episode Two – Stopping James Bond (Part I)

    I got it to work! I had some issues with the video playback in Silverlight after it came out of post-production in Sony Vegas. I really wish there was an easy way for Expressions Encoder to sort of “save your profile” so you wouldn’t have to go and tweak settings each and every time. Pretty much a hassle...
  • Blog Post: The Security Show: Episode Two – Stopping James Bond (Part III)

    I hope this is waking some folks up with regards to the huge issue that insider threat poses within your own company. We discuss some of the common characteristics that these people show and how we identify them. What are some of the triggers that make these folks turn against you? What are the warning...
  • Blog Post: Pimp my Ride...or Inbox: Check out Xobni

    Bill Gates referred to them as the “the next generation of social networking” and touted them as a great plugin for Microsoft Outlook. If you're into plugins and tweaks, this is a really sweet little deal. In case you're wondering where Xobni got their name....it's "inbox" spelled backwards! They got...
  • Blog Post: Back from vacation!

    Sorry for the long delay, but I’ve been on vacation and my wife is pretty adamant about me not checking email, posting blog entries, etc. I don’t think I need a break, but apparently I was wrong, so I took about 8 days of vacation. Of course, there are about a bunch of things I wanted to blog about in...
  • Blog Post: The Security Show: Episode Two – Stopping James Bond (Part IV)

    This is the last of Episode Two and I hope everyone has been enjoying this interesting session with the FBI. In this final session, we wrapup and get a few comments from the audience. Good stuff.   Next time, I’ll be posting Episode 3 titled “Gate, Guards, and Guns” where we’ll spend some time talking...
  • Blog Post: NEWS: ISA Server and Forefront TMG will be supported on hardware virtualization!

    Supported Virtualized Security Solutions? Yeah….We Got That! We’ve gotten many requests for this and today we’re announcing that ISA Server and Forefront Threat Management Gateway (TMG) will now be supported on hardware virtualization. This means that as long as a virtualization platform has been validated...
  • Blog Post: Big Bang Machine Hacked!

    Well, apparently no one planned any information security with the super collider. I love the quote from this guy who is obviously not a security guy “ We don’t know who they were but there seems to be no harm done. ” Right. No harm done. We’re sorta sure. Time to buy a tin-foil hat.
  • Blog Post: World of Warcraft players targeted for malware (and the new Blizzard MultiFactor Authentication Solution)

    There is a term that I hear quite often from my contacts in the law enforcement community, when it comes to cybercrime: “ Follow the money .” Well, apparently that term is also being used by the bad guys, and in this case it’s “ Follow the gold pieces .” All Your Epic Gear Is Belong to Us Okay….it’s...