Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Roger's Security Blog

  • New Consumerization of IT Test Lab Guide: Hyper-V Windows 8 corporate virtual machine on personal computer"

    Out friends in France are currently working intensively on Test Lab Guides for Consumerization of IT. The next one was just released: New Consumerization of IT Test Lab Guide: Hyper-V Windows 8 corporate virtual machine on personal computer" This...
  • Paper: Information Protection and Control (IPC) in Office 365 Preview with Windows Azure AD Rights Management

    As you know, protecting your information in the cloud is key. We just published a paper called Information Protection and Control (IPC) in Office 365 Preview with Windows Azure AD Rights Management . Here is the summary: Due to increased regulation...
  • Security Implications of Pirated Software

    A while ago, when I was travelling a journalist told me that he never pays for our software as he can easily download a tool to crack Windows XP (he was still running XP). We had an interesting discussion afterwards (besides the fact that he showed me...
  • How to secure your Facebook account

    I think that this is actually a fairly good overview of the privacy settings on Facebook and how you should set them: How to secure your Facebook account Roger
  • Hacking on the plane: who has jurisdiction?

    Wow, that's an interesting question: Let's say a Canadian flies from New York to Tokyo on Korean Air and hacks the German tourist's computer seated in front of her while over the Pacific. Who's laws apply? (Canada, US, Japan, Korea, Germany?) I mean...
  • Direct Access and Virtual Smartcard

    I am a huge fan of DirectAccess – especially as a user. This means mainly, that I love it as a user as I do not have to care anymore about where I am connected – my notebook immediately connects to our Microsoft Corporation's network. Ages ago, when we...
  • Microsoft Security Response Center: Progress Report

    End of July we issued the fourth MSRC progress report showing not only the work we did on the Security Updates but with all the different programs with run out of MSRC as well. I guess this could be interesting for you as well: Microsoft Security Response...
  • UPDATE: Security Advisory – Update For Minimum Certificate Key Length

    Yesterday I blogged about the Security Advisory – Update For Minimum Certificate Key Length . I would like to take the opportunity to give some more information on it. The reaction on the advisory is interesting so far. Some customers expect mainly...
  • Security Advisory - Update For Minimum Certificate Key Length

    As you know, I rarely blog about Security Advisories or updates but this time, I want to make sure that you saw that: We released the Microsoft Security Advisory (2661254) - Update For Minimum Certificate Key Length to make you aware of the fact that...
  • DNSChanger explained

    A very good video from Sophos on DNSChanger: Roger
  • Banking Trojan hits banks globally

    When I was talking to governments about Flame a few weeks ago, they typically told me that they do not see a lot but that they are heavily concerned about SpyEye and other banking trojans. It is now reflected in this article: New bank theft software hits...
  • Consumerization of IT

    In the meantime I guess that most of us agreed that Consumerization of IT or Bring Your Own Device or how ever you want to call this will become a reality – probably rather sooner than later. In the meantime our team in France published a few papers/guides...
  • Tackling Cybersecurity Together

    Yesterday we all had a very long day: We hosted the EU Cybersecurity and Digital Crimes Forum in Brussels. At lot of government elites from all across Europe attended and were part of very intense discussions. It was obvious that people really are serious...
  • Laptop lost with data for more than 2,000 patients, Boston Children’s reports

    What about using Bitlocker???? Laptop lost with data for more than 2,000 patients, Boston Children’s reports One such incident probably pays your Windows 7 migration project – no? Roger
  • What Microsoft can teach Apple about security response

    I guess, I do not have to comment this – right? What Microsoft can teach Apple about security response To quote the summary: Microsoft just released seven security updates to fix 23 vulnerabilities in Windows and other products. In February, Apple released...
  • Windows Defender Offline

    A few days ago, Windows Defender Offline was released. This is basically the tool to use, if you are unable to remove malware from a running PC. To quote the website: Sometimes, malicious and other potentially unwanted software, including rootkits, try...
  • Consumerization of IT–How to address this

    Bring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some...
  • Build your own sniffing kit

    When people look at attackers, they always think that they are extremely smart people. There are really smart people building the kits but the ones applying it? Well, you just need the right guidance: Hacker's Tiny Spy Computer Cracks Corporate Networks...
  • 5 Common Types of Security Professionals

    I am following Shoaib’s blog since quite a while – actually due to the beauty of the Internet, we only met virtually so far . He just posted on his blog: 5 Common Types of Security Professionals I really like this post. The way he categorizes them is...
  • Q1 Software Vulnerabilities

    This was an interesting article on cio.com: Apple, Oracle, Google Lead Major Vendors with Software Vulnerabilities in Q1, Security Report Says – by TrendMicro. Now, these stats are always a bit a challenge: They make a really good headline but if the...
  • Run your company like a burrito?

    This has nothing to do with security nor with technology – but it is worth (in my opinion) 20 minutes of your time! Recently a friend of mine told me to read Good to Great: Why Some Companies Make the Leap...And Others Don't by Jim Collins. Well, I said...
  • Keep all your software updated and current

    I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the...
  • Selecting the right Cloud partner

    One of the challenges customers always have is, how to select the right cloud partner and fairly often security drives this selection. The Cloud Security Alliance published the Cloud Controls Matrix quite a while ago and in addition a Consensus Assessments...
  • Cybersecurity–Do we need to change the approach?

    Years ago information security or cybersecurity was in the hands of specialists, which set the rules and the users had to follow – in theory. Whether the users really followed the rules, policies and recommendations is a different story but it worked...
  • Security Updates and Exploit Code

    In our last update cycle we published the security bulletin MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution . Relatively soon after the release, there was a public exploit code available - we informed here: Proof-of-Concept...