Microsoft Switzerland Security Blog

Security informations brought to you by the Swiss Security Team.

Browse by Tags

Related Posts
  • Blog Post: Visual Studio 2008 and .NET Framework 3.5 released to manufacturing (RTM)

    November 19 – Visual Studio 2008 and .NET Framework 3.5 RTM (Developer, Connected Systems Division) Microsoft made its flagship development tool, Visual Studio 2008, available for download to its developer subscribers. The release also includes technology called Language Integrated Query (LINQ) which...
  • Blog Post: Internet Explorer 8 (beta2) released

    Last week Microsoft released IE8 Beta2, the faster, easier and safer successor of the existing Internet Explorer. As there are a lot of changes (new default settings, new support for standards, new features), it's definitely woth to try and test IE8. It's probably a good idea to start testing the own...
  • Blog Post: Microsoft Freshens Retro Code Lock-Down Tool

    Microsoft has released a new version of a software tool that developers and administrators can use to harden older applications against common vulnerabilities. Short for Enhanced Mitigation Experience Toolkit, EMET version 2.0 brings several new protections to operating systems and applications such...
  • Blog Post: New Security Development Lifecycle (SDL) Programs

    As part of its commitment to make the SDL more accessible to every developer, Microsoft is delivering three new programs and tools: discover the Microsoft SDL Pro Network, the Microsoft SDL Optimization Model, and the Microsoft SDL Threat Modeling Tool v3. http://msdn.microsoft.com/en-us/security...
  • Blog Post: Automatic Patch-Based Exploit Generation

    Paper Abstract: In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update. In many cases we are able to automatically generate exploits within...
  • Blog Post: A very long list of new Microsoft products for 2008...

    Bink.nu has an extensive list of new software that Microsoft will be unleashing in the marketplace. See yourself: http://blogs.technet.com/tarpara/archive/2007/12/25/microsoft-s-new-year-is-gonna-bring-a-lot-of-change.aspx Urs
  • Blog Post: Generate Your Own Security Code Review Checklist Document

    In this post from the ACE Team, they show how to generate Security Code Review Checklist using patterns & practices Guidance Explorer and Outlook 2007. Checklist documents can be generated without Outlook 2007 by only using the Guidance Explorer client that is freely available for download here...
  • Blog Post: Internet Explorer security levels compared

    As a couple of people are looking at their IE currently, I found some interesting information on Steve Riley’s Technet blog: "A pretty good question came across the newsgroups the other day. Someone was asking what are the differences between IE's "medium" and "medium-high" security settings. I did...
  • Blog Post: Open-source projects certified as secure – huh?

    From the Blog of Michael Howard: I really got a chuckle out of this news item, especially this line: “Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.” So we finally have...
  • Blog Post: The Open Computer Forensics Architecture (OCFA)

    The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency. The main goal is to automate the digital forensic process to speed up the investigation and give tactical investigators direct access to the seized data through an easy...
  • Blog Post: Microsoft Releases SDL Docs with Creative Commons License

    [PCMag] In the last several years, for the most part, Microsoft "got" the importance of security and took it to heart. One of the main points they got was that it was in their interest for all the software running on Windows systems (the Windows "ecosystem") to be secure, so they have been increasingly...
  • Blog Post: Anti-DoS Dynamic IP Restrictions for IIS 7.0 Hits Beta2

    Microsoft has made available for download the second Beta development milestone of an anti-DoS extension for version 7.0 of Internet Information Services [IIS]. The Microsoft Dynamic IP Restrictions for IIS 7.0 has reached Beta2 and is up for grabs via the Microsoft Download Center in two flavors, 32...
  • Blog Post: New Method IDs Phishing, Malicious Domains

    At a closed-door security summit hosted on Yahoo’s Sunnyvale campus last week, a researcher demonstrated a new technique to more easily identify phishing and other malicious Websites. Dan Hubbard, vice president of security research for Websense, showed a tool Websense researchers have built that...
  • Blog Post: Minimizing User Rights Can Increase Security

    Taking a least-privilege approach to user accounts is a key part of any in-depth defense strategy, many analysts and security pros say. "I think it's very important … not even just as [a component] of security, but in the broader sense [of] risk posed to the business in IT," said Scott Crawford, an...
  • Blog Post: Model predicts chance of software flaws

    Researchers from a German university have developed a model to predict programming errors in applications. The method has the potential to save software companies money by allowing them to isolate parts of their code that need more rigorous testing, said Kim Herzig, a researcher at the Universität...
  • Blog Post: Microsoft SQL Server 2008 Encryption (TechArticles)

    Two interesting blogs found on Microsoft SQL Server 2008 and encription: SQL Server 2008 Encryption Keys http://blogs.technet.com/andrew/archive/2007/12/24/sql-server-2008-encryption-keys.aspx SQL Server 2008 Transparent Data Encryption and Replication http://blogs.technet.com/andrew/archive/2007...
  • Blog Post: Researchers Find a New Way to Attack the Cloud

    Amazon and Microsoft have been pushing cloud-computing services as a low-cost way to outsource raw computing power, but the products may introduce new security problems that have yet to be fully explored, according to researchers at the University of California, San Diego, and the Massachusetts Institute...
  • Blog Post: Internet Explorer 8 Readiness Toolkit

    We just made Internet Explorer 8 Beta 1 available. This could be important if you are developing web applications or just if you are curious! :-) http://www.microsoft.com/windows/products/winfamily/ie/ie8/readiness/Install.htm See also: http://channel9.msdn.com/showpost.aspx?postid=388331 http...
  • Blog Post: A strong Password isn’t the strongest Security

    Make your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it — never write it down. And, oh yes, change it every few months... Yes, that's it? Or not? "Keeping a keylogger off your machine is about a trillion times more important than the strength...
  • Blog Post: Microsoft releases Windows Phone 7 to manufacturers (RTM)

    Security relevant? Not sure... Fun? Definitely! Can't await mine... ;-) But to still give it a security touch, let's put this under 'Consumerization of IT'. http://www.cnet.com/8301-17918_1-20015314-85.html?tag=mncol;1n -Urs
  • Blog Post: Free Microsoft Security Tool Locks Down Buggy Apps (EMET)

    EMET, short for Enhanced Mitigation Evaluation Toolkit, allows developers and administrators to add specific security protections to applications. Unlike mitigations released in the past, EMET doesn't require programs to be recompiled, so it can be used to fortify applications even when the source code...
  • Blog Post: Web 2.0, meet Internet attack 2.0

    The glitzy, interactive abilities of Web 2.0 have led to a profusion of new applications, but the technology also is bringing a new era of security vulnerabilities, a security researcher warned Wednesday. "Security was a challenge to begin with, but if anything it's getting harder in the Web 2.0 world...
  • Blog Post: Covert channel vulnerabilities in anonymity systems

    Excerpt: The spread of wide-scale Internet surveillance has spurred interest in anonymity systems that protect users’ privacy by restricting unauthorized access to their identity. This requirement can be considered as a flow control policy in the well established field of multilevel secure systems. I...
  • Blog Post: Windows 7 Security Story May Appeal to Enterprises

    The Windows 7 security story has three main chapters that have received a fair amount of attention: DirectAccess, BitLocker To Go, and AppLocker. With these, as well as features such as BranchCache and enhancements to UAC (user account control), officials at Microsoft have said they feel they are pushing...
  • Blog Post: Trojans Dominated Malware Threats in Dec. '08

    Sunbelt Software has released its monthly data dump that charts the most commonly observed malware and spyware threats, and, as has been the case for a good while, trojan attacks continued to lead the way across the Top Ten rankings during Dec. 2008. http://securitywatch.eweek.com/exploits_and_attacks...