Well, we call it simply DaRT. You know the feeling: A machine does not boot anymore, crashed, has a virus you cannot clean with the OS in a running state or any of the other nightmare scenarios in daily operations of computers. Since quite some time there...

You might know Brian Komar. He wrote numerous books on PKI and Certificate Management and he is a well-known speaker at quite some events like TechEd and IT Forum. Now, nCipher organized a Webimar on Best Practices for Microsoft PKI & Certificate...

Compliance is the theme of the day at the moment. We often even see the Security Officers starting to report to the head of compliance. So, if you are interested in this, we just launched the Security Compliance Management Beta for you to download....

Last week we published – as you hopefully know – our "End to End Trust" whitepaper. If not, please read my blog post on it J Now, Eric Bidstrup just commented on End to End Trust in the light of the Security Development Lifecycle (or better: the other...

Since quite some time we are talking about the "Death of the DMZ". This seems a little bit provocative but I am convinced that it is coming very closer to the truth. Do not get me wrong: I do not think that you should replace your firewall with routers...

Does not solve any of the security problems (challenges?) but it sounds promising anyway Building A Faster Internet Roger

I start to get scared – more and more. Back in September I blogged on Critical Infrastructure Protection – Live which shows what would happen if somebody would be able to tamper with power generators. Now, during RSA there was a guy called Ira Winkler...

I was in Bratislava this week for an IDC Conference. During these kind of events I often talk to the press as well. Additionally I had this time the opportunity to talk to a pretty well-known blogger in Slovakia called Jozef Vyskoč . You may have a look...

As you probably know: I am Swiss. We have a saying in Switzerland (I do not know whether something like this exists in English as well) that the kids of the shoemaker always have the worst shoes… So, what about the security professionals? No, I am not...

As you probably realized, I stopped the series "How I secure my Infrastructure" as the hit rate on the corresponding posts have been pretty low. However, if I have something which I think is interesting and/or cool, I will still add a post. This one has...

You probably saw my blog post on End-To-End Trust last week. This week at RSA Craig Mundie, Microsoft's Chief Research and Strategy Officer, talked about our ideas and views on this topic. In parallel, we announced the availability of a Whitepaper on...

As you (hopefully) know, we publish a Security Intelligence Report every 6 month and today we just released version 4. Let me give you some key findings before you go and read it J Basically the intent of the report is, to provide a comprehensive overview...

As you may know, we announced version four of the Microsoft Security Intelligence Report earlier this week. Amongst the many interesting findings is data which relates to software vulnerability exploits. I wanted to highlight these as Shoaib, one of my...

Pretty often there is a discussion how far it is allowed to hack back. I was just reading an interesting post called Hackers Could Become The Hacked? which I wanted to share with you Roger

Internet Telephony Has Security Problems : This was an interesting read this morning for different reasons: First of all, it is not surprising (even if we would not have known the problems it would have to be expected). I liked the statement: The...

The Federal Institute of Technology in Zurich released a study at Blackhat, which is definitely worth looking into. Now, let's be serious: They looked at a metric they call 0-Day-Patch being the number of patches a vendor is able to release at the...

We are six years into Trustworthy Computing (TwC). When we launched it, we said a number of things: "It is a 10-year vision". Well, that's something we have had to update. As long as there are criminals out there using the Internet to steal, Trustworthy...

There is an interesting article on the value of the Malicious Software Removal Tool (MSRT – the tool we release monthly to clean PCs) and the fight against storm. It gives you some insight how our Malware Protection Center works and what they did against...

There has been a lot of discussions in different blogs on the attacks on IIS servers. Microsoft Security Response Center has publised a post on it: Questions about Web Server Attacks Roger

Cert.org published guidance on how to secure your browser. Here you would find them if you are interested: Securing Your Web Browser I am just not clear, how the browsing experience for my mom and dad would be… Roger

I had the opportunity to see the Beta of our next generation of Forefront environment the first time last week and I think that it rocks. Have a look yourself and/or download the beta: http://www.microsoft.com/forefront/stirling/en/us/default.aspx ...

I just wanted to make you aware that we put the Office Binary Formats on the web. We did this for interoperability reasons but often this can be very useful for forensics as well: Microsoft Office Binary (doc, xls, ppt) File Formats Roger

Back in March I blogged on a Technology to Circumvent Censorship . I actually expected some dialogue on this but today somebody posted an interesting comment, I think is worth reading. Just click the link above and look at the second comment Roger

:-) Roger

Ed Gibson, our CSA in the UK had an interview during Infosec with VNunet. He made some interesting statements: We have a good set of laws in place and they have teeth. But the police have priorities and budgets set by the Home Office and Any one...