Well, we call it simply DaRT. You know the feeling: A machine does not boot anymore, crashed, has a virus you cannot clean with the OS in a running state or any of the other nightmare scenarios in daily operations of computers. Since quite some time there...

As you may know, we announced version four of the Microsoft Security Intelligence Report earlier this week. Amongst the many interesting findings is data which relates to software vulnerability exploits. I wanted to highlight these as Shoaib, one of my...

Are you working on Office System 2007? Ever looked for a command, you knew in 2003 exactly where it is but you were unable to locate it? Well, do not get me wrong: Since I am used to the Ribbon, I love it – really. And my wife is all of a sudden able...

You probably saw my blog post on End-To-End Trust last week. This week at RSA Craig Mundie, Microsoft's Chief Research and Strategy Officer, talked about our ideas and views on this topic. In parallel, we announced the availability of a Whitepaper on...

I was in Bratislava this week for an IDC Conference. During these kind of events I often talk to the press as well. Additionally I had this time the opportunity to talk to a pretty well-known blogger in Slovakia called Jozef Vyskoč . You may have a look...

The Federal Institute of Technology in Zurich released a study at Blackhat, which is definitely worth looking into. Now, let's be serious: They looked at a metric they call 0-Day-Patch being the number of patches a vendor is able to release at the...

As you (hopefully) know, we publish a Security Intelligence Report every 6 month and today we just released version 4. Let me give you some key findings before you go and read it J Basically the intent of the report is, to provide a comprehensive overview...

This is actually an interesting statement. If you had ever to deal with the press you know how these headlines are composed. It might be that the person actually made the sentence in this way – the question is whether he meant it so absolute. Nevertheless...

I start to get scared – more and more. Back in September I blogged on Critical Infrastructure Protection – Live which shows what would happen if somebody would be able to tamper with power generators. Now, during RSA there was a guy called Ira Winkler...

Compliance is the theme of the day at the moment. We often even see the Security Officers starting to report to the head of compliance. So, if you are interested in this, we just launched the Security Compliance Management Beta for you to download....

Last week we published – as you hopefully know – our "End to End Trust" whitepaper. If not, please read my blog post on it J Now, Eric Bidstrup just commented on End to End Trust in the light of the Security Development Lifecycle (or better: the other...

As you probably realized, I stopped the series "How I secure my Infrastructure" as the hit rate on the corresponding posts have been pretty low. However, if I have something which I think is interesting and/or cool, I will still add a post. This one has...

You might know Brian Komar. He wrote numerous books on PKI and Certificate Management and he is a well-known speaker at quite some events like TechEd and IT Forum. Now, nCipher organized a Webimar on Best Practices for Microsoft PKI & Certificate...

Cert.org published guidance on how to secure your browser. Here you would find them if you are interested: Securing Your Web Browser I am just not clear, how the browsing experience for my mom and dad would be… Roger

There has been a lot of discussions in different blogs on the attacks on IIS servers. Microsoft Security Response Center has publised a post on it: Questions about Web Server Attacks Roger

Since quite some time we are talking about the "Death of the DMZ". This seems a little bit provocative but I am convinced that it is coming very closer to the truth. Do not get me wrong: I do not think that you should replace your firewall with routers...

:-) Roger

Does not solve any of the security problems (challenges?) but it sounds promising anyway Building A Faster Internet Roger

I had the opportunity to see the Beta of our next generation of Forefront environment the first time last week and I think that it rocks. Have a look yourself and/or download the beta: http://www.microsoft.com/forefront/stirling/en/us/default.aspx ...

I just found this blog post: In Japan there is toilet paper with all the Vista SP1 features on it…. At least, there you have time to read Windows Vista SP1 Toilet Paper - It's really available now Roger

Michael Howard just pointed us to a resource that could be interesting for you as well – it was new to me at least J We have a set of short videos (3-10 min.) on how to address some security challenges in development: "How Do I?" Videos for Security...

Internet Telephony Has Security Problems : This was an interesting read this morning for different reasons: First of all, it is not surprising (even if we would not have known the problems it would have to be expected). I liked the statement: The...

We are six years into Trustworthy Computing (TwC). When we launched it, we said a number of things: "It is a 10-year vision". Well, that's something we have had to update. As long as there are criminals out there using the Internet to steal, Trustworthy...

I just wanted to make you aware that we put the Office Binary Formats on the web. We did this for interoperability reasons but often this can be very useful for forensics as well: Microsoft Office Binary (doc, xls, ppt) File Formats Roger

Pretty often there is a discussion how far it is allowed to hack back. I was just reading an interesting post called Hackers Could Become The Hacked? which I wanted to share with you Roger