This is basically a very interesting and pretty fundamental question for the society. After 9/11 the US changed the way they work significantly. Just as an example: Airlines had to give the US government information about passengers flying to the US that...

At the moment we are tracking a Trojan that is spreading through Messenger and AIM. It is called Win32/Pushbot.BD and you can find additional information on our Malware Protection Center . This just give me the opportunity to remind you that you definitely...

I am one of the security guys saying that the likelihood for us seeing events like Blaster or Slammer again is very, very low (this shall not be a "call to action" for the criminals…). I think that the measures the whole industry took as well as the increased...

Well, this is not new: Government agencies with insecure websites. Actually I did not want to blog on this (you find the article about an insecure TSA-website here ) but then I drilled into the comments and there is one that actually shocked me (well...

You remember my post on The Economy of Cyber-Crime ? One of my claims was, that you need to work with Law Enforcement in order to increase the cost for the criminals – and here we have one of the outcomes: Norcross hacker sent to prison I quote: ...

Watch this: http://video.msn.com/video.aspx?mkt=en-us&vid=be9075bb-df0a-41c9-8d86-7ded46627e26 If you want to see the whole CES keynote: http://istream.edgeboss.net/wmedia-live/istream/30743/750_istream-ces2008_080102.asx Roger

Jeff released another report: He is looking back into one year of Windows Vista. We had the discussion about the value of vulnerability comparison and I do not want to open another discussion thread about that. But as long as we hear that our products...

Looking at Jacks comment to my initial post this morning ( Securing My Infrastructure: Introduction ) it seems that I have to give you some additional information: So let me start with the goal of this network: Basically I started to build it on...

A guy in the UK wanted to prove that the loss of two CDs is not really serious and published his bank account details – and lost £500 to a charity J Clarkson stung after bank prank Roger

A friend of mine (Ole Tom Seierstad, the Norwegian CSA) just published a very interesting article on Microsoft Windows CardSpace and the Identity Metasystem . So, have a look. Happy reading Roger

We just started the Beta program for the Windows Server 2008 Security Guide. So, if you plan to roll out Windows Server 2008 soon, participate and have a look at it: Here is the Technet Executive overview. To join the Beta program, click here . ...

As you probably know, some time ago, I asked for feedback and themes you are interested in. Some of you replied to me privately, some with comments and I would like to thank you for the constructive feedback. One of the inputs I got several times is that...

It seems that the new dreamliner has a serious security vulnerability: FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack Roger

Based on my post about IPSec, Steve Lamb posted about IPSec Interoperability and has an interesting follow-up link: How to implement IPSec between LINUX and Windows Vista: Why use IPSec network security? Roger

Wow, this is scary: A company called Sentrigo just published a study about how DBAs patch Oracle databases . Even though you could challenge their findings (they asked only 305 people) and therefore only shows half the truth, it is really scary (I quote...

If Al Qaida really has these capabilities, I am starting to get scared when I have to fly (which happens to me pretty often): There are reports that the plan crash last week could be caused by hackers attacking the plane before take-off in Beijing…. Al...

Michael Howard just wrote a post about recent vulnerabilities of third-party applications he looked into. This is pretty interesting as it shows certain challenges of current processes (e.g. what do you do with third-party software you rely on?): Recent...

I love that: There is finally software that is free of bugs and completely secure. Hmm, this kind of reminds me of the world-famous marketing campaign of a big software company which called itself "unbreakable". However, let's be fair: There is an article...

Working together within different organizations and companies is always a big challenge. How can you work within different workspaces and share documents etc.? Usually you use E-Mail is the core infrastructure to share information. We just released a...

Microsoft Customer Service Calls Back 10 Years Later Roger

In Wall Street Journal there is a preview on Bill's speech today at World Economic Forum (they are actually flying over my house going to Davos – I hear them all the time J ). It is a pretty interesting reading on new ways how capitalism could work not...

Something that might be worth looking at: Carnegie Mellon's CERT just published two Secure Coding Standards: One for C++ and one for C . I had no chance to look into this and understand how this compares to our Writing Secure Code but it is definitely...

I think that there is a very good example of how a platform could be offered for victims of cyber crime. There are often questions around: What are my rights? What can I do if something bad happens? Who is here to help?... www.e-victims-org offers answers...

No comment: FBI wiretaps dropped due to unpaid bills Roger

I guess, you have seen this but I just want to make sure: Vulnerability in Microsoft Excel Could Allow Remote Code Execution . I would like to quote two things: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel...