Trustworthy Computing in partnership with Microsoft IT, Microsoft Consulting and the product groups just released a series of videos on targeted attacked and how to defend. I would definitely urge you to listen to them and make sure you implement the...

I just read another of these studies: Enterprises sitting on security time bomb as office workers compromise company data . Let's briefly look at the findings first: 38% of U.S. office workers admit to storing work documents on personal cloud tools...

Doing your basics is a natural given, when you defend your assets. Basics like updating your computers, staying on latest versions, dynamic network zones, incident response, identity management, monitoring etc. etc. – last but not least (or probably first...

When I talk with customers about the Cloud, we always talk about a few key themes: Identity: I am convinced that you need to be able to federate your identity from your on premise solutions to the cloud. You will want to control the process of decommissioning...

Often, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system...

I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define...

I just read a post on slashdot : During a recent trip to an eye doctor, I noticed that she was still using Windows XP. After I suggested that she might need to upgrade soon, she said she couldn't because she couldn't afford the $10,000 fee involved...

We could even talk about two-factor authentication in my opinion. The idea is, that whenever you logon from an untrusted PC, you will be asked to use a second factor (or step). In my case, which I show below, I use the Authenticator app on my phone, which...

This is a fairly scary view of the world…. Freie Universität Freiburg mapped the Internet accessible SCADA systems. Have a look on your own: https://www.scadacs.org/projects.html Roger

This morning I read an article on Infoworld: Why you should care about cyber espionage which – to me – is a strange question. First of all, most companies have to protect some sort of intellectual property. It is not new for the Internet, that state-driven...

Depending on where I travel and with which customers I talk, patch management is still the number 1 issue coming up. Not only is the challenge to deploy the updates – much worse, there is still an awareness issue in a lot of markets. People know that...

Today is the day we launched Office 2013 officially to the broad market. This is a real cool step forward you should look at: Go to http://office.microsoft.com and give it a try. For only $8/year you get the ability to have it on up to 5 PCs or Macs...

Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune teller J . But there are things we know and things we definitely need to drive this year. I...

I was just made aware of a case study, which is a really interesting "attack" on a US company via VPN. It is sometimes not like it seems… You should read this: Case Study: Pro-active Log Review Might Be A Good Idea Roger

It seems that it is an eternity ago – and it is. Pretty much three years ago, Doug Cavit and me published a paper called the Cloud Computing Security Considerations . Even though it is three years, the paper is still worth reading as the content still...

A lot of customers are asking us about Direct Access and how you can implement it. Erez Ben Ari (a Senior Support Escalation Engineer at Microsoft) and Bala Natarajan (a Program Manager in our Windows division) wrote a book on that called Windows Server...

In the recent months, we have seen more and more targeted attacks towards our customers. A lot of them use a technique called Pass the Hash. This made us publishing a paper, which explains Pass the Hash but much more important shows some fairly simple...

What a statement! The last time I was on a panel with Eugene Kaspersky, he told us that the world will end and the only way to prevent this from happening is a new really secure OS (and they have one…). And now, I read such statement: Microsoft products...

Trustworthy Computing just released two papers on current issues: Determined Adversaries and Targeted Attacks Whitepaper This paper shares Microsoft's insights into the threat that Determined Adversaries and Targeted Attacks pose, identifies challenges...

You should spend 15 minutes on this TED talk – really worth it!! http://youtu.be/7_OcyWcNi_Y Roger

Exactly the right article for a weekend: May the (En)Force(ment) Be With You – Security Lessons from Star Wars From applying security policies to DLP and effective user authentication, there are many infosecurity lessons to be learned from the classic...

Out friends in France are currently working intensively on Test Lab Guides for Consumerization of IT. The next one was just released: New Consumerization of IT Test Lab Guide: Hyper-V Windows 8 corporate virtual machine on personal computer" This...

As you know, protecting your information in the cloud is key. We just published a paper called Information Protection and Control (IPC) in Office 365 Preview with Windows Azure AD Rights Management . Here is the summary: Due to increased regulation...

A while ago, when I was travelling a journalist told me that he never pays for our software as he can easily download a tool to crack Windows XP (he was still running XP). We had an interesting discussion afterwards (besides the fact that he showed me...

I think that this is actually a fairly good overview of the privacy settings on Facebook and how you should set them: How to secure your Facebook account Roger