There have been a few recent incidents of what we previously thought was extremely rare — malware authors using code signing certificates that were issued to companies with good reputations. The high-profile Stuxnet incident included validly signed malware with misappropriated Authenticode certificates...

Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it — never write it down. And, oh yes, change it every few months... Yes, that's it? Or not? "Keeping a keylogger off your machine is about a trillion times more important than the strength...

Microsoft has released a new version of a software tool that developers and administrators can use to harden older applications against common vulnerabilities. Short for Enhanced Mitigation Experience Toolkit, EMET version 2.0 brings several new protections to operating systems and applications such...

Security relevant? Not sure... Fun? Definitely! Can't await mine... ;-) But to still give it a security touch, let's put this under 'Consumerization of IT'. http://www.cnet.com/8301-17918_1-20015314-85.html?tag=mncol;1n -Urs

[PCMag] In the last several years, for the most part, Microsoft "got" the importance of security and took it to heart. One of the main points they got was that it was in their interest for all the software running on Windows systems (the Windows "ecosystem") to be secure, so they have been increasingly...

Microsoft has made available for download the second Beta development milestone of an anti-DoS extension for version 7.0 of Internet Information Services [IIS]. The Microsoft Dynamic IP Restrictions for IIS 7.0 has reached Beta2 and is up for grabs via the Microsoft Download Center in two flavors, 32...

[PCWorld] You already know the basics of internet security, right? But when you've got the basics covered, but you still don't feel secure, what can you do? Here are a few advanced security tips to help you thwart some of today's most common attacks. http://www.pcworld.com/article/201309/security_secrets_the_bad_guys_dont_want_you_to_know...

Microsoft executive Bob Muglia said he was meeting with a chief information officer last year when the man grabbed him and said, "You don't get it. We never want another update from Microsoft again." The man was frustrated by the software updates a corporate customer has to install if it uses Microsoft...

As Microsoft announced in 2008, support for Windows XP Service Pack 2 (SP2) will end on July 13, 2010. Support for Windows 2000 will end on the same date. Customers running an unsupported version of Windows or Windows service pack will not be eligible for any Microsoft support options. Updates, including...

Microsoft this week published a best practices guide for writing applications to its Windows Azure cloud computing environment. http://download.microsoft.com/download/7/3/E/73E4EE93-559F-4D0F-A6FC-7FEC5F1542D1/SecurityBestPracticesWindowsAzureApps.docx "We wrote this paper because no matter how many...

MSRC blogs: We will use this account to augment the content here on the blog. For example, we will use the account to rapidly respond to emerging issues while we are gathering information for a more complete blog post. In addition, we will also use the account as a way to push content to our followers...

The Security Compliance Manager will help you accelerate knowledge to merge best practices, customize once to centralize decision making, and export to multiple formats to enable monitoring, verification, and compliance. The tool is designed to help accelerate your organization’s ability to efficiently...

DarkReading: If your security strategy relies on end users to perform updates or avoid risky behavior, then it's time to ask yourself a question: How much do end users really know about security vulnerabilities? "Non-IT folks are often only aware of security vulnerabilities that are covered in mainstream...

Network World: Who's got the biggest cloud in the tech universe? Google? Pretty big, but no. Amazon? Lots and lots of servers, but not even close. Microsoft? They're just getting started. Household names all, but their capacity pales to that of the biggest cloud on the planet, the network of computers...

Scott Hogg, Core Networking and Security: "I find it useful to seek out new perspectives on the ever-changing security realm. By reviewing these [security] reports, we can gain a greater understanding of the emerging Internet threats our organizations are facing." Includes links to various security...

Elevation of Privilege is the easy way to get started threat modeling. Threat modeling is a core component of the design phase in the Microsoft Security Development Lifecycle (SDL). The Elevation of Privilege (EoP) card game helps clarify the details of threat modeling and examines possible threats...

[NIST] With the dwindling number of IPv4 addresses, the Office of Management and Budget (OMB) mandated that U.S. federal agencies begin using the IPv6 protocol. This document provides guidelines for organizations to securely deploy IPv6. http://csrc.nist.gov/publications/drafts/800-119/draft-sp800...

Information security awareness and training is critical to any organization’s information security strategy and operations. People are in many cases the last line of defense against threats such as malicious code, disgruntled employees, and malicious third parties. Microsoft offers the security awareness...

Microsoft released a template for applying its Security Development Lifecycle (SDL) methodology to agile software development projects built with the Visual Studio development environment. http://www.infoworld.com/d/developer-world/microsoft-links-security-guidelines-agile-development-738 http://www...

If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure — 86 percent of the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real...

The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers...

Scammers are targeting social networks with phishing scams and relying more heavily on worms and Trojans to attack computers, according to security trend reports to be released Monday by Microsoft and McAfee. http://news.cnet.com/8301-27080_3-10387768-245.html The Microsoft Security Intelligence...

The Windows 7 security story has three main chapters that have received a fair amount of attention: DirectAccess, BitLocker To Go, and AppLocker. With these, as well as features such as BranchCache and enhancements to UAC (user account control), officials at Microsoft have said they feel they are pushing...

EMET, short for Enhanced Mitigation Evaluation Toolkit, allows developers and administrators to add specific security protections to applications. Unlike mitigations released in the past, EMET doesn't require programs to be recompiled, so it can be used to fortify applications even when the source code...

With shopping and banking transactions occurring primarily online today, password stealing has become a common cyber crime. Whatever the vector of attack, in many cases some sort of password-stealing malware makes its way onto victims’ computers. McAfee Research Report: http://www.mcafee.com/us/local_content...