TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Internet Explorer
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Lync
See all products »
Resources
Curah! curation service
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Subscriptions
TechNet Video
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Microsoft Update
Trials
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Related Sites
Microsoft Download Center
TechNet Evaluation Center
Drivers
Compatability & Converters
Windows Sysinternals
TechNet Gallery
Training
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
e-Learning overview
Certifications
Certification overview
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Other resources
TechNet Events
Second shot for certification
Born To Learn blog
Find technical communities in your area
Support by product
Exchange Server
Forefront Server
Forefront Edge Security
Forefront Server Security
Internet Explorer
Office
SharePoint
SQL Server
System Center
Windows Server
Windows XP
Windows Vista
Windows 7
Windows 8
Other support links
Microsoft Premier Online
Microsoft Fix It Center
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
International support solutions
Log a support ticket
Look up event IDs and error codes
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Options
About
Email Blog Author
RSS for posts
Atom
RSS for comments
OK
Search Blogs
Tags
Cloud
Cloud Computing
Competition
Consumer
Crime
Critical Infrastructure Protection
cybercrime
Events/Training
Fun
Incident Response
Incidents
Industry Associations
Law Enforcement
Microsoft
Microsoft products
patch management
Policies
Policy
politics
Privacy
Processes
Security
Technology
Terrorism
trends
Archive
Archives
August 2013
(3)
June 2013
(4)
May 2013
(3)
April 2013
(2)
March 2013
(1)
February 2013
(2)
January 2013
(5)
December 2012
(1)
November 2012
(1)
October 2012
(4)
September 2012
(4)
August 2012
(4)
July 2012
(1)
June 2012
(3)
May 2012
(2)
April 2012
(9)
March 2012
(2)
February 2012
(2)
January 2012
(1)
December 2011
(3)
November 2011
(6)
October 2011
(11)
September 2011
(8)
August 2011
(3)
July 2011
(4)
June 2011
(8)
May 2011
(7)
April 2011
(7)
March 2011
(13)
February 2011
(18)
January 2011
(15)
December 2010
(6)
November 2010
(15)
October 2010
(15)
September 2010
(32)
August 2010
(10)
July 2010
(14)
June 2010
(18)
May 2010
(8)
April 2010
(6)
March 2010
(22)
February 2010
(5)
January 2010
(12)
December 2009
(8)
November 2009
(7)
October 2009
(11)
September 2009
(17)
August 2009
(12)
July 2009
(12)
June 2009
(13)
May 2009
(14)
April 2009
(16)
March 2009
(11)
February 2009
(12)
January 2009
(14)
December 2008
(22)
November 2008
(13)
October 2008
(22)
September 2008
(8)
August 2008
(14)
July 2008
(4)
June 2008
(16)
May 2008
(30)
April 2008
(29)
March 2008
(19)
February 2008
(16)
January 2008
(26)
December 2007
(18)
November 2007
(23)
October 2007
(11)
September 2007
(10)
August 2007
(7)
July 2007
(11)
June 2007
(11)
May 2007
(4)
April 2007
(9)
March 2007
(8)
February 2007
(8)
January 2007
(6)
January, 2008
TechNet Blogs
»
Roger's Security Blog
»
January, 2008
Sort by:
Most Recent
|
Most Views
|
Most Comments
Excerpt View
|
Full Post View
Microsoft Windows CardSpace and the Identity Metasystem
Posted
over 5 years ago
by
rhalbheer
A friend of mine (Ole Tom Seierstad, the Norwegian CSA) just published a very interesting article on Microsoft Windows CardSpace and the Identity Metasystem . So, have a look. Happy reading Roger
Securing My Infrastructure: Introduction (part 2)
Posted
over 5 years ago
by
rhalbheer
5
Comments
Looking at Jacks comment to my initial post this morning ( Securing My Infrastructure: Introduction ) it seems that I have to give you some additional information: So let me start with the goal of this network: Basically I started to build it on...
LiveMessenger Trojan in the Wild
Posted
over 5 years ago
by
rhalbheer
1
Comment
At the moment we are tracking a Trojan that is spreading through Messenger and AIM. It is called Win32/Pushbot.BD and you can find additional information on our Malware Protection Center . This just give me the opportunity to remind you that you definitely...
Securing My Infrastructure: Introduction
Posted
over 5 years ago
by
rhalbheer
5
Comments
As you probably know, some time ago, I asked for feedback and themes you are interested in. Some of you replied to me privately, some with comments and I would like to thank you for the constructive feedback. One of the inputs I got several times is that...
Usually our customer support is not THAT bad (taking 10 years to call back :-))
Posted
over 5 years ago
by
rhalbheer
Microsoft Customer Service Calls Back 10 Years Later Roger
“Creative Capitalism” by Bill Gates
Posted
over 5 years ago
by
rhalbheer
In Wall Street Journal there is a preview on Bill's speech today at World Economic Forum (they are actually flying over my house going to Davos – I hear them all the time J ). It is a pretty interesting reading on new ways how capitalism could work not...
Was the plain crash caused by hackers?
Posted
over 5 years ago
by
rhalbheer
If Al Qaida really has these capabilities, I am starting to get scared when I have to fly (which happens to me pretty often): There are reports that the plan crash last week could be caused by hackers attacking the plane before take-off in Beijing…. Al...
CERT’s Secure Coding Standards
Posted
over 5 years ago
by
rhalbheer
Something that might be worth looking at: Carnegie Mellon's CERT just published two Secure Coding Standards: One for C++ and one for C . I had no chance to look into this and understand how this compares to our Writing Secure Code but it is definitely...
Jeff’s Vista One-Year Vulnerability Report
Posted
over 5 years ago
by
rhalbheer
2
Comments
Jeff released another report: He is looking back into one year of Windows Vista. We had the discussion about the value of vulnerability comparison and I do not want to open another discussion thread about that. But as long as we hear that our products...
What can you do if you are a victim of e-crime?
Posted
over 5 years ago
by
rhalbheer
2
Comments
I think that there is a very good example of how a platform could be offered for victims of cyber crime. There are often questions around: What are my rights? What can I do if something bad happens? Who is here to help?... www.e-victims-org offers answers...
What is more important: Security or Privacy?
Posted
over 5 years ago
by
rhalbheer
5
Comments
This is basically a very interesting and pretty fundamental question for the society. After 9/11 the US changed the way they work significantly. Just as an example: Airlines had to give the US government information about passengers flying to the US that...
2-year old terrorist
Posted
over 5 years ago
by
rhalbheer
1
Comment
Well, this is not new: Government agencies with insecure websites. Actually I did not want to blog on this (you find the article about an insecure TSA-website here ) but then I drilled into the comments and there is one that actually shocked me (well...
Investigating new public reports of Excel vulnerability
Posted
over 5 years ago
by
rhalbheer
I guess, you have seen this but I just want to make sure: Vulnerability in Microsoft Excel Could Allow Remote Code Execution . I would like to quote two things: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel...
Oracle DBAs rarely install Patches
Posted
over 5 years ago
by
rhalbheer
1
Comment
Wow, this is scary: A company called Sentrigo just published a study about how DBAs patch Oracle databases . Even though you could challenge their findings (they asked only 305 people) and therefore only shows half the truth, it is really scary (I quote...
Participate in the Windows Server 2008 Security Guide Beta program!
Posted
over 5 years ago
by
rhalbheer
2
Comments
We just started the Beta program for the Windows Server 2008 Security Guide. So, if you plan to roll out Windows Server 2008 soon, participate and have a look at it: Here is the Technet Executive overview. To join the Beta program, click here . ...
Hacker sent to jail
Posted
over 5 years ago
by
rhalbheer
You remember my post on The Economy of Cyber-Crime ? One of my claims was, that you need to work with Law Enforcement in order to increase the cost for the criminals – and here we have one of the outcomes: Norcross hacker sent to prison I quote: ...
Even the FBI has to pay the bills
Posted
over 5 years ago
by
rhalbheer
No comment: FBI wiretaps dropped due to unpaid bills Roger
There it is – the security Silver bullet
Posted
over 5 years ago
by
rhalbheer
1
Comment
I love that: There is finally software that is free of bugs and completely secure. Hmm, this kind of reminds me of the world-famous marketing campaign of a big software company which called itself "unbreakable". However, let's be fair: There is an article...
Video about the future: Bill Gates’ last day at Microsoft
Posted
over 5 years ago
by
rhalbheer
1
Comment
Watch this: http://video.msn.com/video.aspx?mkt=en-us&vid=be9075bb-df0a-41c9-8d86-7ded46627e26 If you want to see the whole CES keynote: http://istream.edgeboss.net/wmedia-live/istream/30743/750_istream-ces2008_080102.asx Roger
How to Phish yourself :-)
Posted
over 5 years ago
by
rhalbheer
1
Comment
A guy in the UK wanted to prove that the loss of two CDs is not really serious and published his bank account details – and lost £500 to a charity J Clarkson stung after bank prank Roger
Hacking a Boeing 787
Posted
over 5 years ago
by
rhalbheer
It seems that the new dreamliner has a serious security vulnerability: FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack Roger
Extranet Collaboration Toolkit for SharePoint - Beta
Posted
over 5 years ago
by
rhalbheer
Working together within different organizations and companies is always a big challenge. How can you work within different workspaces and share documents etc.? Usually you use E-Mail is the core infrastructure to share information. We just released a...
You thought Worms are gone? Think again!
Posted
over 5 years ago
by
rhalbheer
2
Comments
I am one of the security guys saying that the likelihood for us seeing events like Blaster or Slammer again is very, very low (this shall not be a "call to action" for the criminals…). I think that the measures the whole industry took as well as the increased...
Analysis of recent vulnerabilities
Posted
over 5 years ago
by
rhalbheer
Michael Howard just wrote a post about recent vulnerabilities of third-party applications he looked into. This is pretty interesting as it shows certain challenges of current processes (e.g. what do you do with third-party software you rely on?): Recent...
IPSec Interop
Posted
over 5 years ago
by
rhalbheer
Based on my post about IPSec, Steve Lamb posted about IPSec Interoperability and has an interesting follow-up link: How to implement IPSec between LINUX and Windows Vista: Why use IPSec network security? Roger
>