I wrote several times already about responsible disclosure and irresponsible disclosure. My point on that is clear: Every vendor has to have transparent and clear processes to handle vulnerabilities. These processes ensure that there will be a timely...

It is probably the most important and known encryption device ever: The Enigma – the machine that had a strong influence on WWII. Now you can buy your Enigma on e-bay: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=270146949978 Roger

We, being security professionals, are often "just" looking for the most secure way to implement a certain task. Often we tend to forget the user when we implement these measures. I once visited a customer showing me their ultimately secure solution to...

It was to be expected – not because Apple built bad security in their iPhone, I am definitely not in the position to judge, but because it was going to happen. Any software product is going to have vulnerabilities as a matter of fact. The more attractive...

Often the Small and Medium Businesses do not have IT resources available and it they have, the person is a IT Generalist. We try to help these kind of people to get structured and organized around the core security challenges. Therefore we published yesterday...

I blogged about three important announcements we made a few months ago ( http://blogs.technet.com/rhalbheer/archive/2007/04/25/three-microsoft-announcements.aspx ). The different malware teams are ramping up heavily and I am looking forward to working...

You know, normally I blog about all the different security challenges we are facing. This time it is different J (even though I have to care about physical security in the mountains) At the moment I am sitting at an altitude of about 1800m above sea...

If you are working with Microsoft and security you definitely know him – Stephen Toulouse one of the long-term people you know from Microsoft's security units. He worked within the Microsoft Security Response Center as one of our key spokespersons and...

I love that one: Somebody sends e-mails to Hotmail users that their account would expire and they should renew it – the attacker gets UserID/Password… Then a mail is sent on behalf of the user to their friends to tell them that they are stuck in Nigeria...

Isn't it true? Don't we always say that there is a PICNIC problem (Problem in Chair, not in Computer)? When we talk about security we often talk about the user – and this is right so. But do we always give the user what he needs to protect their information...

Looking at my father's PC I always faced the same problem: I wanted to give him a solution that actually took care of his PC without having me too often involved J . Some time ago, we had some particular solutions: Backup (use the backup in Windows...