Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

November, 2007

  • YOUR FEEDBACK REQUESTED

    I am in the position of the Chief Security Advisor in Europe, Middle East and Africa since February 1 st . Since then I am blogging here (before that I ran together with Urs the Swiss Security Blog). The hits per post rose over the first 6-7 months but...
  • IE and Firefox vulnerabilities

    I am still convinced that there is limited value in comparing vulnerabilities between different products. However, there are a few products which seem extremely emotional: The Operating System, Office, and the browser. We already discussed pretty emotionally...
  • Hackers using Playstations to crack Passwords

    A reader of my blog actually pointed me to that (thank you Shoaib) and asked me for a comment. Here is the article: PlayStation a hacker's dream . It is really an interesting thing: Gaming consoles today have quite some computing power, so why should...
  • Security Threats in 2008

    Well, slowly the year is coming to an end – 10% to go J . This is the time where everybody is looking back and – additionally – tries to look into the Crystal Ball to understand how 2008 could be. Interestingly enough, I just had the discussion about...
  • Teach a Man to Fish

    I just read a pretty good article that goes definitely into the direction I am trying to work with the different communities we are in touch. Even though technology is a key part of any security solution, the user is key and explaining the user the "why...
  • I was visiting Nigeria – watch out!

    You know that I rarely did trip reports in the past. I am personally convinced that you do not want to read, what I had for breakfast in Barcelona. But this trip was different. When I told the people around me that I will be travelling to Nigeria I got...
  • Are you ready for your users of the (near) future?

    Yankee Group Study Actually near future might be wrong: I am convinced that the future (with regards to the requirements) is already here. We sponsored a study with Yankee Group with the title Anywhere Access Technologies - Open Enterprise Networks...
  • The Value of Operating System Comparisons

    Since Blaster/Slammer, namely since the start of Trustworthy Computing I am working at Microsoft in a publically facing security role. I went through all the blaming and had to take all the heat of what we did wrong and how bad we are – and I admitted...
  • Want to check your Up- and Download-Speed

    I just stumbled across a pretty cool website allowing you to measure your up- and download speed wherever you are. Additionally you can compare it with others: http://www.speedtest.net Roger
  • More than 490’000 Database Server unprotected on the Web

    David Litchfield ran a scan on the Internet for the typical SQL Server and Oracle ports. It is unbelievable that he found approx. 490'000 servers on the Internet – unprotected and often un-patched. On unsupported version levels, on unsupported Service...
  • Be Careful Whom You Trust

    When I talk to customers I sometimes ask them, whether they do background checks on whom they hire as employees or contractors. If it comes to security, the whole theme gets pretty sensitive. Imaging that you hire an employee to deal with your security...
  • TechEd-IT Forum: The Keynote and Announcements

    I told you that I will keep you posted. We had some pretty exciting announcement at the keynote at IT Forum. For me, the whole area of virtualization is probably the biggest step forward. We announced that we name the official product/feature "Hyper...
  • IT Forum is about to begin

    It is always fascinating to see an event of this size! I actually arrived in Barcelona yesterday night and yes, you might be jealous if you see the weather. But actually I will probably not have a lot of time to enjoy it - PR filled my schedule all over...
  • A fun reading on social engineering

    I recently talked at different events on social engineering or at least touched the theme. You might know the layer 8 problem J When I had some discussions after my speech I realized that close to nobody (I talked with) knew about the "The Art of Deception...
  • WabiSabiLabi and their view on ethics

    I commented on that already twice and I stated that WabiSabiLabi seems to have a different view on ethics than me. For those of you who do not know WabiSabiLabi, it is an online auction for vulnerabilities . We met the founder of this platform during...
  • Mary Jo Foley: It’s payback time: If the Vista team could write ad copy …

    Well, well: You know that I never ever would bash a competitor and I will not do so now. However, I have to give you the link to the above mentioned article – not because of the article but because of the comments the article got. It seems that our efforts...
  • Fight against Terror and how it can be abused

    I am not completely clear how much a lot of the measures we see (like the fluid restrictions on planes, the forced violation of privacy laws by airlines by having to transmit PII to the US, ...) really bring. On the other hand we definitely see some...
  • The next step at home: Windows Home Server

    One of the big challenges we face all the time is how to control one of these growing networks at home. How shall I help my neighbors to actually manage their growing environment with different PCs (one per parent and one per kid and a mediacenter and...
  • Social Engineering - Live

    I just found a pretty interesting article on "social engineering". It is one of these articles showing an anecdote on how to use social engineering to enter a building and get access to everything: The Spy in Your Server Room Roger
  • Pricelist for Cybercriminals

    Remember Economy of Cybercrime ? I hope so! There I made the statement that Cybercrime has to pay off. On Zone-h today they summarized a research from G DATA with the title How much can cyberterrorist get ? In there you see how much you have to pay...
  • SAFECode: Writing Secure Code – learning from each other

    During RSA Europe an industry forum called SAFECode ( S oftware A ssurance F orum for E xcellence in C ode) was announced " to identify and share software assurance best practices, promote broader adoption of such practices into the cyber ecosystem, and...
  • Rumors about Cyber-Terror Attack, November 11th

    This is an interesting phenomenon on the Internet: There is one source publishing the statement that they picked up an Internet announcement by Al Qaeda that they will start a cyber attack on November 11 th : DEBKAfile Exclusive: Al Qaeda declares Cyber...
  • Spotlight – The coolest online event platform

    You know about Silverlight, don't you? We built a new Online Event platform on it. Sorry? You did NOT hear of Silverlight yet? Come on, don't tell me you missed this announcement? It is absolutely cool and if you really missed it, there you go: Sliverlight...