TechNet
Products
IT Resources
Downloads
Training
Support
Products
Windows
Windows Server
System Center
Internet Explorer
Office
Office 365
Exchange Server
SQL Server
SharePoint Products
Lync
See all products »
Resources
Curah! curation service
Evaluation Center
Learning Resources
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Script Center
Server and Tools Blogs
TechNet Blogs
TechNet Flash Newsletter
TechNet Gallery
TechNet Library
TechNet Magazine
TechNet Subscriptions
TechNet Video
TechNet Wiki
Windows Sysinternals
Virtual Labs
Solutions
Networking
Cloud and Datacenter
Security
Virtualization
Updates
Service Packs
Security Bulletins
Microsoft Update
Trials
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Related Sites
Microsoft Download Center
TechNet Evaluation Center
Drivers
Compatability & Converters
Windows Sysinternals
TechNet Gallery
Training
Training Catalog
Class Locator
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
e-Learning overview
Certifications
Certification overview
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Other resources
TechNet Events
Second shot for certification
Born To Learn blog
Find technical communities in your area
Support by product
Exchange Server
Forefront Server
Forefront Edge Security
Forefront Server Security
Internet Explorer
Office
SharePoint
SQL Server
System Center
Windows Server
Windows XP
Windows Vista
Windows 7
Windows 8
Other support links
Microsoft Premier Online
Microsoft Fix It Center
TechNet Forums
MSDN Forums
Security Bulletins & Advisories
International support solutions
Log a support ticket
Look up event IDs and error codes
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Sign in
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Options
About
Email Blog Author
RSS for posts
Atom
RSS for comments
OK
Search Blogs
Tags
Cloud
Cloud Computing
Competition
Consumer
Crime
Critical Infrastructure Protection
cybercrime
Events/Training
Fun
Incident Response
Incidents
Industry Associations
Law Enforcement
Microsoft
Microsoft products
patch management
Policies
Policy
politics
Privacy
Processes
Security
Technology
Terrorism
trends
Archive
Archives
August 2013
(3)
June 2013
(4)
May 2013
(3)
April 2013
(2)
March 2013
(1)
February 2013
(2)
January 2013
(5)
December 2012
(1)
November 2012
(1)
October 2012
(4)
September 2012
(4)
August 2012
(4)
July 2012
(1)
June 2012
(3)
May 2012
(2)
April 2012
(9)
March 2012
(2)
February 2012
(2)
January 2012
(1)
December 2011
(3)
November 2011
(6)
October 2011
(11)
September 2011
(8)
August 2011
(3)
July 2011
(4)
June 2011
(8)
May 2011
(7)
April 2011
(7)
March 2011
(13)
February 2011
(18)
January 2011
(15)
December 2010
(6)
November 2010
(15)
October 2010
(15)
September 2010
(32)
August 2010
(10)
July 2010
(14)
June 2010
(18)
May 2010
(8)
April 2010
(6)
March 2010
(22)
February 2010
(5)
January 2010
(12)
December 2009
(8)
November 2009
(7)
October 2009
(11)
September 2009
(17)
August 2009
(12)
July 2009
(12)
June 2009
(13)
May 2009
(14)
April 2009
(16)
March 2009
(11)
February 2009
(12)
January 2009
(14)
December 2008
(22)
November 2008
(13)
October 2008
(22)
September 2008
(8)
August 2008
(14)
July 2008
(4)
June 2008
(16)
May 2008
(30)
April 2008
(29)
March 2008
(19)
February 2008
(16)
January 2008
(26)
December 2007
(18)
November 2007
(23)
October 2007
(11)
September 2007
(10)
August 2007
(7)
July 2007
(11)
June 2007
(11)
May 2007
(4)
April 2007
(9)
March 2007
(8)
February 2007
(8)
January 2007
(6)
April, 2008
TechNet Blogs
»
Roger's Security Blog
»
April, 2008
Sort by:
Most Recent
|
Most Views
|
Most Comments
Excerpt View
|
Full Post View
Public Testing for Office
Posted
over 5 years ago
by
rhalbheer
2
Comments
Are you working on Office System 2007? Ever looked for a command, you knew in 2003 exactly where it is but you were unable to locate it? Well, do not get me wrong: Since I am used to the Ribbon, I love it – really. And my wife is all of a sudden able...
The recent IIS Attacks
Posted
over 5 years ago
by
rhalbheer
There has been a lot of discussions in different blogs on the attacks on IIS servers. Microsoft Security Response Center has publised a post on it: Questions about Web Server Attacks Roger
Securing your Web Browser
Posted
over 5 years ago
by
rhalbheer
Cert.org published guidance on how to secure your browser. Here you would find them if you are interested: Securing Your Web Browser I am just not clear, how the browsing experience for my mom and dad would be… Roger
Best Practices for Microsoft PKI & Certificate Management
Posted
over 5 years ago
by
rhalbheer
1
Comment
You might know Brian Komar. He wrote numerous books on PKI and Certificate Management and he is a well-known speaker at quite some events like TechEd and IT Forum. Now, nCipher organized a Webimar on Best Practices for Microsoft PKI & Certificate...
Blogging on MOSS 2007 (SharePoint)
Posted
over 5 years ago
by
rhalbheer
1
Comment
As you probably realized, I stopped the series "How I secure my Infrastructure" as the hit rate on the corresponding posts have been pretty low. However, if I have something which I think is interesting and/or cool, I will still add a post. This one has...
How to use a Cellphone
Posted
over 5 years ago
by
rhalbheer
:-) Roger
Security Updates and Exploits
Posted
over 5 years ago
by
rhalbheer
5
Comments
As you may know, we announced version four of the Microsoft Security Intelligence Report earlier this week. Amongst the many interesting findings is data which relates to software vulnerability exploits. I wanted to highlight these as Shoaib, one of my...
Security Pros ignoring their own message
Posted
over 5 years ago
by
rhalbheer
As you probably know: I am Swiss. We have a saying in Switzerland (I do not know whether something like this exists in English as well) that the kids of the shoemaker always have the worst shoes… So, what about the security professionals? No, I am not...
Our Malicious Software Removal Tool and Storm
Posted
over 5 years ago
by
rhalbheer
There is an interesting article on the value of the Malicious Software Removal Tool (MSRT – the tool we release monthly to clean PCs) and the fight against storm. It gives you some insight how our Malware Protection Center works and what they did against...
Infosec: Security community must work together
Posted
over 5 years ago
by
rhalbheer
Ed Gibson, our CSA in the UK had an interview during Infosec with VNunet. He made some interesting statements: We have a good set of laws in place and they have teeth. But the police have priorities and budgets set by the Home Office and Any one...
Technology to Circumvent Censorship (Part 2)
Posted
over 5 years ago
by
rhalbheer
Back in March I blogged on a Technology to Circumvent Censorship . I actually expected some dialogue on this but today somebody posted an interesting comment, I think is worth reading. Just click the link above and look at the second comment Roger
Security Intelligence Report v4 – Live and Ready to be Read
Posted
over 5 years ago
by
rhalbheer
1
Comment
As you (hopefully) know, we publish a Security Intelligence Report every 6 month and today we just released version 4. Let me give you some key findings before you go and read it J Basically the intent of the report is, to provide a comprehensive overview...
0-Day-Patch – An new Metric for Security?
Posted
over 5 years ago
by
rhalbheer
2
Comments
The Federal Institute of Technology in Zurich released a study at Blackhat, which is definitely worth looking into. Now, let's be serious: They looked at a metric they call 0-Day-Patch being the number of patches a vendor is able to release at the...
The ideal profile of a CSO
Posted
over 5 years ago
by
rhalbheer
2
Comments
I was in Bratislava this week for an IDC Conference. During these kind of events I often talk to the press as well. Additionally I had this time the opportunity to talk to a pretty well-known blogger in Slovakia called Jozef Vyskoč . You may have a look...
SDL and End to End Trust
Posted
over 5 years ago
by
rhalbheer
1
Comment
Last week we published – as you hopefully know – our "End to End Trust" whitepaper. If not, please read my blog post on it J Now, Eric Bidstrup just commented on End to End Trust in the light of the Security Development Lifecycle (or better: the other...
Hacking Back?
Posted
over 5 years ago
by
rhalbheer
Pretty often there is a discussion how far it is allowed to hack back. I was just reading an interesting post called Hackers Could Become The Hacked? which I wanted to share with you Roger
Office Binary Formats on the Web
Posted
over 5 years ago
by
rhalbheer
I just wanted to make you aware that we put the Office Binary Formats on the web. We did this for interoperability reasons but often this can be very useful for forensics as well: Microsoft Office Binary (doc, xls, ppt) File Formats Roger
How long does it take to hack a Power Plant?
Posted
over 5 years ago
by
rhalbheer
1
Comment
I start to get scared – more and more. Back in September I blogged on Critical Infrastructure Protection – Live which shows what would happen if somebody would be able to tamper with power generators. Now, during RSA there was a guy called Ira Winkler...
“The Security Business has no Future” (Quote by IBM)
Posted
over 5 years ago
by
rhalbheer
1
Comment
This is actually an interesting statement. If you had ever to deal with the press you know how these headlines are composed. It might be that the person actually made the sentence in this way – the question is whether he meant it so absolute. Nevertheless...
Forefront Codename “Stirling” Beta ready for Download
Posted
over 5 years ago
by
rhalbheer
I had the opportunity to see the Beta of our next generation of Forefront environment the first time last week and I think that it rocks. Have a look yourself and/or download the beta: http://www.microsoft.com/forefront/stirling/en/us/default.aspx ...
End-To-End Trust: We want your Feedback
Posted
over 5 years ago
by
rhalbheer
2
Comments
You probably saw my blog post on End-To-End Trust last week. This week at RSA Craig Mundie, Microsoft's Chief Research and Strategy Officer, talked about our ideas and views on this topic. In parallel, we announced the availability of a Whitepaper on...
Building a faster Internet
Posted
over 5 years ago
by
rhalbheer
Does not solve any of the security problems (challenges?) but it sounds promising anyway Building A Faster Internet Roger
Security Compliance Management – Beta Available
Posted
over 5 years ago
by
rhalbheer
1
Comment
Compliance is the theme of the day at the moment. We often even see the Security Officers starting to report to the head of compliance. So, if you are interested in this, we just launched the Security Compliance Management Beta for you to download....
Where next? – Watch out for RSA
Posted
over 5 years ago
by
rhalbheer
We are six years into Trustworthy Computing (TwC). When we launched it, we said a number of things: "It is a 10-year vision". Well, that's something we have had to update. As long as there are criminals out there using the Internet to steal, Trustworthy...
Security Risks of VoIP
Posted
over 5 years ago
by
rhalbheer
Internet Telephony Has Security Problems : This was an interesting read this morning for different reasons: First of all, it is not surprising (even if we would not have known the problems it would have to be expected). I liked the statement: The...
>