Microsoft Switzerland Security Blog

Security informations brought to you by the Swiss Security Team.

Browse by Tags

Related Posts
  • Blog Post: APWG Releases Phishing Activity Trends

    The Anti-Phishing Working Group (APWG) has just released their Phishing Activity Trends Report for the month of December. Overall, the report showed a decrease in activity from the previous month; however, there were a few notable exceptions. It appears the number of unique phishing sites has increased...
  • Blog Post: China running out of IP addresses

    Chinese officials are calling for a mass migration to IPv6 after disclosing that they have only 830 days' worth of IPv4 resources left. Around 80 per cent of China's IPv4 resources have now been taken up. The country's IP allocation recently exceeded Japan's, making it the second largest in the world...
  • Blog Post: Internet Explorer 8 (beta2) released

    Last week Microsoft released IE8 Beta2, the faster, easier and safer successor of the existing Internet Explorer. As there are a lot of changes (new default settings, new support for standards, new features), it's definitely woth to try and test IE8. It's probably a good idea to start testing the own...
  • Blog Post: Microsoft scoops up rootkit finder Komoku

    The start-up's rootkit detection technology will be added into Microsoft's Windows Live OneCare and Forefront security products. http://www.news.com/8301-13860_3-9899808-56.html?part=rss&subj=news&tag=2547-1_3-0-5 Urs
  • Blog Post: Microsoft Freshens Retro Code Lock-Down Tool

    Microsoft has released a new version of a software tool that developers and administrators can use to harden older applications against common vulnerabilities. Short for Enhanced Mitigation Experience Toolkit, EMET version 2.0 brings several new protections to operating systems and applications such...
  • Blog Post: New Security Development Lifecycle (SDL) Programs

    As part of its commitment to make the SDL more accessible to every developer, Microsoft is delivering three new programs and tools: discover the Microsoft SDL Pro Network, the Microsoft SDL Optimization Model, and the Microsoft SDL Threat Modeling Tool v3. http://msdn.microsoft.com/en-us/security...
  • Blog Post: Automatic Patch-Based Exploit Generation

    Paper Abstract: In this paper, we propose techniques for automatic patch-based exploit generation, and show that our techniques can automatically generate exploits for vulnerable programs based upon patches provided via Windows Update. In many cases we are able to automatically generate exploits within...
  • Blog Post: Protecting your computer while travelling

    Protecting computer equipment is something that everyone should be concerned with today. It seems every week there is a news report of another stolen laptop with sensitive or confidential data on it. Here is a checklist that will help you prepare and protect your computer equipment while traveling anywhere...
  • Blog Post: Microsoft out-of-band security bulletin release for IE

    Microsoft has released an out-of-band security bulletin on March 30, 2010. The bulletin is being released to address new attacks against customers of Internet Explorer. Users of Internet Explorer 8 and Windows 7 are not vulnerable to these current attacks. However, the released update contains fixes...
  • Blog Post: Group Policy related changes in Windows Server 2008

    WindowsSecurity.com article from Jakob H. Heidelberg on GPO stuff in Windows Server 2008: http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part1.html http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part2.html http://www...
  • Blog Post: Internet Explorer and Firefox Vulnerability Analysis Report

    Jeff Jones on his blog about the Internet Explorer and Firefox Vulnerability Analysis Report: For most people, their web browser is central to their interaction with the Internet, connecting to global web sites and helping them consume online services providing everything from booking flights to banking...
  • Blog Post: A very long list of new Microsoft products for 2008...

    Bink.nu has an extensive list of new software that Microsoft will be unleashing in the marketplace. See yourself: http://blogs.technet.com/tarpara/archive/2007/12/25/microsoft-s-new-year-is-gonna-bring-a-lot-of-change.aspx Urs
  • Blog Post: Cisco hops onto patching treadmill

    Cisco has taken a leaf out of Microsoft's book by adopting a regular patch release cycle. However, the change will apply only to security bugs involving its core IOS software and not all its products. Starting on 26 March, Cisco will release bundles of IOS security advisories on the fourth Wednesday...
  • Blog Post: Generate Your Own Security Code Review Checklist Document

    In this post from the ACE Team, they show how to generate Security Code Review Checklist using patterns & practices Guidance Explorer and Outlook 2007. Checklist documents can be generated without Outlook 2007 by only using the Guidance Explorer client that is freely available for download here...
  • Blog Post: Windows Server 20008 Active Directory Certificate Services Upgrade and Migration Guide

    Active Directory Certificate Services (AD CS) provides customizable services for issuing and managing public key certificates used in software security systems that employ public key technologies. This document discusses the planning and implementation of a Windows Server 2008 AD CS upgrade and migration...
  • Blog Post: Internet Explorer security levels compared

    As a couple of people are looking at their IE currently, I found some interesting information on Steve Riley’s Technet blog: "A pretty good question came across the newsgroups the other day. Someone was asking what are the differences between IE's "medium" and "medium-high" security settings. I did...
  • Blog Post: Open-source projects certified as secure – huh?

    From the Blog of Michael Howard: I really got a chuckle out of this news item, especially this line: “Coverity, which creates automated source-code analysis tools, announced late Monday its first list of open-source projects that have been certified as free of security defects.” So we finally have...
  • Blog Post: Business biometrics raises ID theft risk

    The commercial use of biometrics will become widespread in five years, but is not without security risks The growing use of biometrics by businesses to identify individuals is insecure and in need of serious attention, according to one IT systems company. Fujitsu Siemens said that biometrics are...
  • Blog Post: Group Policy related changes in Windows Server 2008 (updated)

    I have already written about that, but now, Part 3 is available as well: http://www.windowsecurity.com/articles/Group-Policy-related-changes-Windows-Server-2008-Part3.html Group Policy related changes in Windows Server 2008 WindowsSecurity.com article from Jakob H. Heidelberg on GPO stuff in Windows...
  • Blog Post: Cybersecurity Today: The Wild, Wild West

    If you purchased a brand new computer today with all the latest security software and plug it into the Internet, how long would it be before the first hacker probed it? Answer : About four hours... http://www.newsfactor.com/story.xhtml?story_id=12100CEDYE09 Probing? 4 hours? I attached lately a...
  • Blog Post: What does it mean if my version of Windows is no longer supported?

    An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information. Windows Update also installs the latest software...
  • Blog Post: The Open Computer Forensics Architecture (OCFA)

    The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency. The main goal is to automate the digital forensic process to speed up the investigation and give tactical investigators direct access to the seized data through an easy...
  • Blog Post: Microsoft Forefront Integration Kit for Network Access Protection

    The Microsoft Forefront Integration Kit for Network Access Protection provides a way for two Microsoft technologies to work together: Forefront Client Security and Network Access Protection (NAP). Forefront Client Security is comprehensive anti-malware software from Microsoft that provides unified protection...
  • Blog Post: Microsoft Releases SDL Docs with Creative Commons License

    [PCMag] In the last several years, for the most part, Microsoft "got" the importance of security and took it to heart. One of the main points they got was that it was in their interest for all the software running on Windows systems (the Windows "ecosystem") to be secure, so they have been increasingly...
  • Blog Post: Cisco's (and other's) backdoor for Hackers

    Activists have long grumbled about the privacy implications of the legal backdoors that networking companies like Cisco build into their equipment — functions that let law enforcement quietly track the Internet activities of criminal suspects. Now an IBM researcher has revealed a more serious problem...