Good series of articles about Windows 7 security: http://www.windowsecurity.com/articles/Windows-7-Security-Primer-Part1.html http://www.windowsecurity.com/articles/Windows-7-Security-Primer-Part2.html http://www.windowsecurity.com/articles/Windows-7-Security-Primer-Part3.html These articles cover...

Good article and step by step instruction on simplifying DA/NAP deployments with UAG: http://www.windowsecurity.com/articles/Integrated-NAP-Functionality-UAG-2010-Service-Pack1-DirectAccess.html - Urs

Microsoft has released a new version of a software tool that developers and administrators can use to harden older applications against common vulnerabilities. Short for Enhanced Mitigation Experience Toolkit, EMET version 2.0 brings several new protections to operating systems and applications such...

[PCMag] In the last several years, for the most part, Microsoft "got" the importance of security and took it to heart. One of the main points they got was that it was in their interest for all the software running on Windows systems (the Windows "ecosystem") to be secure, so they have been increasingly...

For the past week or so, MSRC has been closely tracking a new family of threats called Stuxnet (a name derived from some of the filename/strings in the malware — mrxcls.sys, mrxnet.sys). In the past few days, it has become a popular topic of discussion amongst security researchers and in the media...

An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information. Windows Update also installs the latest software...

As Microsoft announced in 2008, support for Windows XP Service Pack 2 (SP2) will end on July 13, 2010. Support for Windows 2000 will end on the same date. Customers running an unsupported version of Windows or Windows service pack will not be eligible for any Microsoft support options. Updates, including...

Microsoft this week published a best practices guide for writing applications to its Windows Azure cloud computing environment. http://download.microsoft.com/download/7/3/E/73E4EE93-559F-4D0F-A6FC-7FEC5F1542D1/SecurityBestPracticesWindowsAzureApps.docx "We wrote this paper because no matter how many...

The Security Compliance Manager will help you accelerate knowledge to merge best practices, customize once to centralize decision making, and export to multiple formats to enable monitoring, verification, and compliance. The tool is designed to help accelerate your organization’s ability to efficiently...

DarkReading: If your security strategy relies on end users to perform updates or avoid risky behavior, then it's time to ask yourself a question: How much do end users really know about security vulnerabilities? "Non-IT folks are often only aware of security vulnerabilities that are covered in mainstream...

Network World: Who's got the biggest cloud in the tech universe? Google? Pretty big, but no. Amazon? Lots and lots of servers, but not even close. Microsoft? They're just getting started. Household names all, but their capacity pales to that of the biggest cloud on the planet, the network of computers...

Elevation of Privilege is the easy way to get started threat modeling. Threat modeling is a core component of the design phase in the Microsoft Security Development Lifecycle (SDL). The Elevation of Privilege (EoP) card game helps clarify the details of threat modeling and examines possible threats...

[NIST] With the dwindling number of IPv4 addresses, the Office of Management and Budget (OMB) mandated that U.S. federal agencies begin using the IPv6 protocol. This document provides guidelines for organizations to securely deploy IPv6. http://csrc.nist.gov/publications/drafts/800-119/draft-sp800...

Information security awareness and training is critical to any organization’s information security strategy and operations. People are in many cases the last line of defense against threats such as malicious code, disgruntled employees, and malicious third parties. Microsoft offers the security awareness...

For years computer security experts have been preaching that users should never share the same password across their connected lives — at online banking sites, at Amazon, on their Web mail services, even on their cell phones. Apparently, most people ignore that advice. It really can't be repeated...

Microsoft released a template for applying its Security Development Lifecycle (SDL) methodology to agile software development projects built with the Visual Studio development environment. http://www.infoworld.com/d/developer-world/microsoft-links-security-guidelines-agile-development-738 http://www...

Public Wi-Fi networks such as those in coffee shops and airports present a bigger security threat than ever to computer users because attackers can intercede over wireless to poison users' browser caches in order to present fake Web pages or even steal data at a later time. That’s according to security...

It’s been three weeks since Google announced that a sophisticated and coordinated hack attack dubbed Operation Aurora recently targeted it and numerous other U.S. companies. Now a leading computer forensic firm is providing the closest look so far at the nature of the attacks, and attackers that struck...

If you go solely by top-level stats on encryption use, you'll come away feeling pretty secure — 86 percent of the 499 business technology professionals responding to our InformationWeek Analytics State of Encryption Survey employ encryption of some type. But that finding doesn't begin to tell the real...

Using your laptop to get work done away from your office or on the road is becoming widely accepted. But this rapid growth in laptop computing has made portable systems the target for theft around the world. If your laptop computer is stolen, company information can be exposed, as well as your personal...

This guide was designed to help IT professionals better understand and use Microsoft security release information, processes, communications, and tools. Our goal is to help IT professionals manage organizational risk and develop a repeatable, effective deployment mechanism for security updates. http...

EMET, short for Enhanced Mitigation Evaluation Toolkit, allows developers and administrators to add specific security protections to applications. Unlike mitigations released in the past, EMET doesn't require programs to be recompiled, so it can be used to fortify applications even when the source code...

The U.S. continues to dominate as the main source of the world's viruses, producing 15.9 percent of all viruses. It is followed closely by Brazil, which produces 14.5 percent (similar levels to last month's 14.1 percent). You can see more about virus trends from the Microsoft Security Intelligence...

The Security Development Lifecycle (SDL) team at Microsoft released two security testing tools. BinScope Binary Analyzer BinScope is a Microsoft verification tool that analyzes binaries on a project-wide level to ensure that they have been built in compliance with Microsoft’s Security Development...

Simply visiting one of the "Top 100 Dirtiest" Web sites - without downloading or even clicking anything - could expose your computer to infection and put your personal information into the hands of criminals, anti-virus software company Norton Symantec said. http://www.smh.com.au/technology/technology...