TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Internet Explorer
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Lync
See all products »
Resources
Curah! curation service
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Subscriptions
TechNet Video
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Microsoft Update
Trials
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Related Sites
Microsoft Download Center
TechNet Evaluation Center
Drivers
Windows Sysinternals
TechNet Gallery
Training
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
e-Learning overview
Certifications
Certification overview
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Other resources
TechNet Events
Second shot for certification
Born To Learn blog
Find technical communities in your area
Support options
For small and midsize businesses
For enterprises
For developers
For IT professionals
From partners
For technical support
Support offerings
For home users
More support
Microsoft Premier Online
Microsoft Fix It Center
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Options
About
Email Blog Author
RSS for posts
Atom
RSS for comments
OK
Search Blogs
Tags
Cloud
Cloud Computing
Competition
Consumer
Crime
Critical Infrastructure Protection
cybercrime
Events/Training
Fun
Incident Response
Incidents
Industry Associations
Law Enforcement
Microsoft
Microsoft products
patch management
Policies
Policy
politics
Privacy
Processes
Security
Technology
Terrorism
trends
Archive
Archives
August 2013
(3)
June 2013
(4)
May 2013
(3)
April 2013
(2)
March 2013
(1)
February 2013
(2)
January 2013
(5)
December 2012
(1)
November 2012
(1)
October 2012
(4)
September 2012
(4)
August 2012
(4)
July 2012
(1)
June 2012
(3)
May 2012
(2)
April 2012
(9)
March 2012
(2)
February 2012
(2)
January 2012
(1)
December 2011
(3)
November 2011
(6)
October 2011
(11)
September 2011
(8)
August 2011
(3)
July 2011
(4)
June 2011
(8)
May 2011
(7)
April 2011
(7)
March 2011
(13)
February 2011
(18)
January 2011
(15)
December 2010
(6)
November 2010
(15)
October 2010
(15)
September 2010
(32)
August 2010
(10)
July 2010
(14)
June 2010
(18)
May 2010
(8)
April 2010
(6)
March 2010
(22)
February 2010
(5)
January 2010
(12)
December 2009
(8)
November 2009
(7)
October 2009
(11)
September 2009
(17)
August 2009
(12)
July 2009
(12)
June 2009
(13)
May 2009
(14)
April 2009
(16)
March 2009
(11)
February 2009
(12)
January 2009
(14)
December 2008
(22)
November 2008
(13)
October 2008
(22)
September 2008
(8)
August 2008
(14)
July 2008
(4)
June 2008
(16)
May 2008
(30)
April 2008
(29)
March 2008
(19)
February 2008
(16)
January 2008
(26)
December 2007
(18)
November 2007
(23)
October 2007
(11)
September 2007
(10)
August 2007
(7)
July 2007
(11)
June 2007
(11)
May 2007
(4)
April 2007
(9)
March 2007
(8)
February 2007
(8)
January 2007
(6)
Roger's Security Blog
TechNet Blogs
»
Roger's Security Blog
Sort by:
Most Recent
|
Most Views
|
Most Comments
Excerpt View
|
Full Post View
Making Sense from Snowden: What’s Significant in the NSA Surveillance Revelations
Posted
over 1 year ago
by
rhalbheer
I do not want to comment this but it is a fairly interesting article on Snowden's Revelations, the consequences and the legal frameworks. Definitely worth spending the time: Making Sense from Snowden: What's Significant in the NSA Surveillance Revelations...
Careful, when Microsoft Support is calling
Posted
over 1 year ago
by
rhalbheer
2
Comments
I guess you are aware of the phone scams, when Microsoft support is calling you to tell you that you have an issue on your computer, which needs to be fixed. A Norwegian team was actually able to film that. The whole conversation with the "supporter"...
Windows XP: The world after April 8, 2014
Posted
over 1 year ago
by
rhalbheer
9
Comments
To be clear upfront: After support for Windows XP will end, the world will still exist – at least I hope. However, over the course of the last few months I read numerous articles with speculations, what is going to happen, once we stop support of Windows...
Unique in the Crowd – False sense of Privacy
Posted
over 1 year ago
by
rhalbheer
1
Comment
This morning, I was reading a very interesting article called Unique in the Crowd: The privacy bounds of human mobility . This is the abstract: We study fifteen months of human mobility data for one and a half million individuals and find that human...
Targeted Attacks – a Video Series
Posted
over 1 year ago
by
rhalbheer
Trustworthy Computing in partnership with Microsoft IT, Microsoft Consulting and the product groups just released a series of videos on targeted attacked and how to defend. I would definitely urge you to listen to them and make sure you implement the...
Are we sitting on a time bomb?
Posted
over 1 year ago
by
rhalbheer
I just read another of these studies: Enterprises sitting on security time bomb as office workers compromise company data . Let's briefly look at the findings first: 38% of U.S. office workers admit to storing work documents on personal cloud tools...
The Moscow Rules in the Cyberspace
Posted
over 1 year ago
by
rhalbheer
Doing your basics is a natural given, when you defend your assets. Basics like updating your computers, staying on latest versions, dynamic network zones, incident response, identity management, monitoring etc. etc. – last but not least (or probably first...
Enabling the Hybrid Cloud with Microsoft Technology
Posted
over 1 year ago
by
rhalbheer
When I talk with customers about the Cloud, we always talk about a few key themes: Identity: I am convinced that you need to be able to federate your identity from your on premise solutions to the cloud. You will want to control the process of decommissioning...
Is there a future for Product Certifications?
Posted
over 1 year ago
by
rhalbheer
Often, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system...
Will the user define security policies in the future?
Posted
over 1 year ago
by
rhalbheer
I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define...
Some Windows XP Users Can't Afford To Upgrade
Posted
over 1 year ago
by
rhalbheer
9
Comments
I just read a post on slashdot : During a recent trip to an eye doctor, I noticed that she was still using Windows XP. After I suggested that she might need to upgrade soon, she said she couldn't because she couldn't afford the $10,000 fee involved...
Microsoft Account: Enable Two-Step Verification
Posted
over 1 year ago
by
rhalbheer
We could even talk about two-factor authentication in my opinion. The idea is, that whenever you logon from an untrusted PC, you will be asked to use a second factor (or step). In my case, which I show below, I use the Authenticator app on my phone, which...
Internet Accessible SCADA Systems
Posted
over 1 year ago
by
rhalbheer
3
Comments
This is a fairly scary view of the world…. Freie Universität Freiburg mapped the Internet accessible SCADA systems. Have a look on your own: https://www.scadacs.org/projects.html Roger
Cyber Espionage and Targeted Attacks
Posted
over 1 year ago
by
rhalbheer
1
Comment
This morning I read an article on Infoworld: Why you should care about cyber espionage which – to me – is a strange question. First of all, most companies have to protect some sort of intellectual property. It is not new for the Internet, that state-driven...
The Challenge of Patch Management
Posted
over 2 years ago
by
rhalbheer
2
Comments
Depending on where I travel and with which customers I talk, patch management is still the number 1 issue coming up. Not only is the challenge to deploy the updates – much worse, there is still an awareness issue in a lot of markets. People know that...
Try Office 365 Home Premium
Posted
over 2 years ago
by
rhalbheer
2
Comments
Today is the day we launched Office 2013 officially to the broad market. This is a real cool step forward you should look at: Go to http://office.microsoft.com and give it a try. For only $8/year you get the ability to have it on up to 5 PCs or Macs...
Security in 2013 – the way forward?
Posted
over 2 years ago
by
rhalbheer
3
Comments
Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune teller J . But there are things we know and things we definitely need to drive this year. I...
An Attack via VPN – Really?
Posted
over 2 years ago
by
rhalbheer
I was just made aware of a case study, which is a really interesting "attack" on a US company via VPN. It is sometimes not like it seems… You should read this: Case Study: Pro-active Log Review Might Be A Good Idea Roger
The Directory in the Cloud?
Posted
over 2 years ago
by
rhalbheer
It seems that it is an eternity ago – and it is. Pretty much three years ago, Doug Cavit and me published a paper called the Cloud Computing Security Considerations . Even though it is three years, the paper is still worth reading as the content still...
New book on Direct Access
Posted
over 2 years ago
by
rhalbheer
A lot of customers are asking us about Direct Access and how you can implement it. Erez Ben Ari (a Senior Support Escalation Engineer at Microsoft) and Bala Natarajan (a Program Manager in our Windows division) wrote a book on that called Windows Server...
Mitigating Pass the Hash Attacks
Posted
over 2 years ago
by
rhalbheer
In the recent months, we have seen more and more targeted attacks towards our customers. A lot of them use a technique called Pass the Hash. This made us publishing a paper, which explains Pass the Hash but much more important shows some fairly simple...
Kaspersky Lab: Microsoft software products pretty darn secure
Posted
over 2 years ago
by
rhalbheer
What a statement! The last time I was on a panel with Eugene Kaspersky, he told us that the world will end and the only way to prevent this from happening is a new really secure OS (and they have one…). And now, I read such statement: Microsoft products...
Two Papers on Current Issues
Posted
over 2 years ago
by
rhalbheer
Trustworthy Computing just released two papers on current issues: Determined Adversaries and Targeted Attacks Whitepaper This paper shares Microsoft's insights into the threat that Determined Adversaries and Targeted Attacks pose, identifies challenges...
The Future of Crime
Posted
over 2 years ago
by
rhalbheer
You should spend 15 minutes on this TED talk – really worth it!! http://youtu.be/7_OcyWcNi_Y Roger
Security Lessons from Star Wars
Posted
over 2 years ago
by
rhalbheer
1
Comment
Exactly the right article for a weekend: May the (En)Force(ment) Be With You – Security Lessons from Star Wars From applying security policies to DLP and effective user authentication, there are many infosecurity lessons to be learned from the classic...
>