Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

January, 2008

  • What is more important: Security or Privacy?

    This is basically a very interesting and pretty fundamental question for the society. After 9/11 the US changed the way they work significantly. Just as an example: Airlines had to give the US government information about passengers flying to the US that...
  • LiveMessenger Trojan in the Wild

    At the moment we are tracking a Trojan that is spreading through Messenger and AIM. It is called Win32/Pushbot.BD and you can find additional information on our Malware Protection Center . This just give me the opportunity to remind you that you definitely...
  • Hacker sent to jail

    You remember my post on The Economy of Cyber-Crime ? One of my claims was, that you need to work with Law Enforcement in order to increase the cost for the criminals – and here we have one of the outcomes: Norcross hacker sent to prison I quote: ...
  • There it is – the security Silver bullet

    I love that: There is finally software that is free of bugs and completely secure. Hmm, this kind of reminds me of the world-famous marketing campaign of a big software company which called itself "unbreakable". However, let's be fair: There is an article...
  • What can you do if you are a victim of e-crime?

    I think that there is a very good example of how a platform could be offered for victims of cyber crime. There are often questions around: What are my rights? What can I do if something bad happens? Who is here to help?... www.e-victims-org offers answers...
  • Even the FBI has to pay the bills

    No comment: FBI wiretaps dropped due to unpaid bills Roger
  • You thought Worms are gone? Think again!

    I am one of the security guys saying that the likelihood for us seeing events like Blaster or Slammer again is very, very low (this shall not be a "call to action" for the criminals…). I think that the measures the whole industry took as well as the increased...
  • 2-year old terrorist

    Well, this is not new: Government agencies with insecure websites. Actually I did not want to blog on this (you find the article about an insecure TSA-website here ) but then I drilled into the comments and there is one that actually shocked me (well...
  • “Creative Capitalism” by Bill Gates

    In Wall Street Journal there is a preview on Bill's speech today at World Economic Forum (they are actually flying over my house going to Davos – I hear them all the time J ). It is a pretty interesting reading on new ways how capitalism could work not...
  • Was the plain crash caused by hackers?

    If Al Qaida really has these capabilities, I am starting to get scared when I have to fly (which happens to me pretty often): There are reports that the plan crash last week could be caused by hackers attacking the plane before take-off in Beijing…. Al...
  • Video about the future: Bill Gates’ last day at Microsoft

    Watch this: http://video.msn.com/video.aspx?mkt=en-us&vid=be9075bb-df0a-41c9-8d86-7ded46627e26 If you want to see the whole CES keynote: http://istream.edgeboss.net/wmedia-live/istream/30743/750_istream-ces2008_080102.asx Roger
  • Oracle DBAs rarely install Patches

    Wow, this is scary: A company called Sentrigo just published a study about how DBAs patch Oracle databases . Even though you could challenge their findings (they asked only 305 people) and therefore only shows half the truth, it is really scary (I quote...
  • Hacking a Boeing 787

    It seems that the new dreamliner has a serious security vulnerability: FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack Roger
  • How to Phish yourself :-)

    A guy in the UK wanted to prove that the loss of two CDs is not really serious and published his bank account details – and lost £500 to a charity J Clarkson stung after bank prank Roger
  • I could not resist...

    ... on the one hand to wish you all a Happy New Year - but on the other hand: This is the view I had this morning during breakfast - immediately before I got ready to get on the skis :-) Have a good time Roger
  • CERT’s Secure Coding Standards

    Something that might be worth looking at: Carnegie Mellon's CERT just published two Secure Coding Standards: One for C++ and one for C . I had no chance to look into this and understand how this compares to our Writing Secure Code but it is definitely...
  • IPSec Interop

    Based on my post about IPSec, Steve Lamb posted about IPSec Interoperability and has an interesting follow-up link: How to implement IPSec between LINUX and Windows Vista: Why use IPSec network security? Roger
  • Analysis of recent vulnerabilities

    Michael Howard just wrote a post about recent vulnerabilities of third-party applications he looked into. This is pretty interesting as it shows certain challenges of current processes (e.g. what do you do with third-party software you rely on?): Recent...
  • Investigating new public reports of Excel vulnerability

    I guess, you have seen this but I just want to make sure: Vulnerability in Microsoft Excel Could Allow Remote Code Execution . I would like to quote two things: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel...
  • Jeff’s Vista One-Year Vulnerability Report

    Jeff released another report: He is looking back into one year of Windows Vista. We had the discussion about the value of vulnerability comparison and I do not want to open another discussion thread about that. But as long as we hear that our products...
  • Usually our customer support is not THAT bad (taking 10 years to call back :-))

    Microsoft Customer Service Calls Back 10 Years Later Roger
  • Securing My Infrastructure: Introduction (part 2)

    Looking at Jacks comment to my initial post this morning ( Securing My Infrastructure: Introduction ) it seems that I have to give you some additional information: So let me start with the goal of this network: Basically I started to build it on...
  • Microsoft Windows CardSpace and the Identity Metasystem

    A friend of mine (Ole Tom Seierstad, the Norwegian CSA) just published a very interesting article on Microsoft Windows CardSpace and the Identity Metasystem . So, have a look. Happy reading Roger
  • Participate in the Windows Server 2008 Security Guide Beta program!

    We just started the Beta program for the Windows Server 2008 Security Guide. So, if you plan to roll out Windows Server 2008 soon, participate and have a look at it: Here is the Technet Executive overview. To join the Beta program, click here . ...
  • Extranet Collaboration Toolkit for SharePoint - Beta

    Working together within different organizations and companies is always a big challenge. How can you work within different workspaces and share documents etc.? Usually you use E-Mail is the core infrastructure to share information. We just released a...