Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

April, 2007

  • Analysis of ANI vulnerability

    Michael Howard did a very good analysis of the ANI vulnerability and showed what we learned and where we will improve SDL (the Security Development Lifecycle). He posted that on our new SDL bog: http://blogs.msdn.com/sdl/archive/2007/04/26/lessons-learned...
  • Three Microsoft Announcements

    Last night Vinny Gullotto made some significant announcements at RSA Japan. At least for us they are significant: We published the second Security Intelligence Report. Now, you might ask, we this is significant. Think about the data sources, we...
  • Risks in Online Calendar Sharing

    Do you know that scenario: My wife would like to fix a meeting and should have access to my calendar. I am not available, therefore she cannot just call me but - again - she should see my availability. Not uncommon, isn't it? A typical solution for...
  • Yet another UAC discussion

    If I would have to nominate the number one feature of Windows Vista, it would be UAC. Not because I think that it is the most important feature (it is one important feature among a lot of others) but because UAC caused an unbelievable amount of press...
  • Protecting your disk with biometric devices?

    As you (hopefully) know, Windows Vista ships with a component we call Bitlocker - at least some of the Windows Vista versions do. Now, Bitlocker can be run with different way of protecting your keys: a TPM chip (basically a smartcard on your motherboard...
  • Haven't we seen this already? Disgusting!

    Remember the days back when Katrina hit New Orleans? The tragedy was still going on and the first phishers started to launch an attack - disgusting. Guess what is happening now with the Virginia Tech shooting? There were now sites registered carrying...
  • Trustworthy Computing is an Industry Initiative

    Remember the early days of Trustworthy Computing? 2002 I started to give keynotes about TwC - as we call it - and told the "world" about what we think should be done in the industry in order to regain trust. I usually compared it with the power network...
  • Mapping the Malicious Sites on the Web

    McAfee SiteAdvisor did an interesting study about the number of malicious sites per domain on the web: http://www.siteadvisor.com/studies/map_malweb_mar2007.html They have an interactive map that helps you to get an overview of the different threats...
  • An E-Mail-Bot Analysis

    Well, we all know that we shall not click on links in mails and stuff like that. Marc Russinovich did an interesting analysis of a pretty simple bot: http://blogs.technet.com/markrussinovich/archive/2007/04/09/741440.aspx What I like as well is that...