You know that I rarely did trip reports in the past. I am personally convinced that you do not want to read, what I had for breakfast in Barcelona. But this trip was different. When I told the people around me that I will be travelling to Nigeria I got...

Since Blaster/Slammer, namely since the start of Trustworthy Computing I am working at Microsoft in a publically facing security role. I went through all the blaming and had to take all the heat of what we did wrong and how bad we are – and I admitted...

It is always fascinating to see an event of this size! I actually arrived in Barcelona yesterday night and yes, you might be jealous if you see the weather. But actually I will probably not have a lot of time to enjoy it - PR filled my schedule all over...

Yankee Group Study Actually near future might be wrong: I am convinced that the future (with regards to the requirements) is already here. We sponsored a study with Yankee Group with the title Anywhere Access Technologies - Open Enterprise Networks...

I told you that I will keep you posted. We had some pretty exciting announcement at the keynote at IT Forum. For me, the whole area of virtualization is probably the biggest step forward. We announced that we name the official product/feature "Hyper...

I just stumbled across a pretty cool website allowing you to measure your up- and download speed wherever you are. Additionally you can compare it with others: http://www.speedtest.net Roger

During RSA Europe an industry forum called SAFECode ( S oftware A ssurance F orum for E xcellence in C ode) was announced " to identify and share software assurance best practices, promote broader adoption of such practices into the cyber ecosystem, and...

I commented on that already twice and I stated that WabiSabiLabi seems to have a different view on ethics than me. For those of you who do not know WabiSabiLabi, it is an online auction for vulnerabilities . We met the founder of this platform during...

I am in the position of the Chief Security Advisor in Europe, Middle East and Africa since February 1 st . Since then I am blogging here (before that I ran together with Urs the Swiss Security Blog). The hits per post rose over the first 6-7 months but...

David Litchfield ran a scan on the Internet for the typical SQL Server and Oracle ports. It is unbelievable that he found approx. 490'000 servers on the Internet – unprotected and often un-patched. On unsupported version levels, on unsupported Service...

I am still convinced that there is limited value in comparing vulnerabilities between different products. However, there are a few products which seem extremely emotional: The Operating System, Office, and the browser. We already discussed pretty emotionally...

Well, slowly the year is coming to an end – 10% to go J . This is the time where everybody is looking back and – additionally – tries to look into the Crystal Ball to understand how 2008 could be. Interestingly enough, I just had the discussion about...

When I talk to customers I sometimes ask them, whether they do background checks on whom they hire as employees or contractors. If it comes to security, the whole theme gets pretty sensitive. Imaging that you hire an employee to deal with your security...

I just found a pretty interesting article on "social engineering". It is one of these articles showing an anecdote on how to use social engineering to enter a building and get access to everything: The Spy in Your Server Room Roger

Well, well: You know that I never ever would bash a competitor and I will not do so now. However, I have to give you the link to the above mentioned article – not because of the article but because of the comments the article got. It seems that our efforts...

This is an interesting phenomenon on the Internet: There is one source publishing the statement that they picked up an Internet announcement by Al Qaeda that they will start a cyber attack on November 11 th : DEBKAfile Exclusive: Al Qaeda declares Cyber...

I just read a pretty good article that goes definitely into the direction I am trying to work with the different communities we are in touch. Even though technology is a key part of any security solution, the user is key and explaining the user the "why...

You know about Silverlight, don't you? We built a new Online Event platform on it. Sorry? You did NOT hear of Silverlight yet? Come on, don't tell me you missed this announcement? It is absolutely cool and if you really missed it, there you go: Sliverlight...

I am not completely clear how much a lot of the measures we see (like the fluid restrictions on planes, the forced violation of privacy laws by airlines by having to transmit PII to the US, ...) really bring. On the other hand we definitely see some...

Remember Economy of Cybercrime ? I hope so! There I made the statement that Cybercrime has to pay off. On Zone-h today they summarized a research from G DATA with the title How much can cyberterrorist get ? In there you see how much you have to pay...

One of the big challenges we face all the time is how to control one of these growing networks at home. How shall I help my neighbors to actually manage their growing environment with different PCs (one per parent and one per kid and a mediacenter and...

A reader of my blog actually pointed me to that (thank you Shoaib) and asked me for a comment. Here is the article: PlayStation a hacker's dream . It is really an interesting thing: Gaming consoles today have quite some computing power, so why should...

I recently talked at different events on social engineering or at least touched the theme. You might know the layer 8 problem J When I had some discussions after my speech I realized that close to nobody (I talked with) knew about the "The Art of Deception...