Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

March, 2010

  • Hacking Incidents 2009 – Interesting Data

    There is a project called the web hacking incident database (WHID), which collects data and statistics on web-application related security incidents. I was just looking into their report called The Web Hacking Incident Database 2009 which has some pretty...
  • Why Today’s End-User Education Fails!

    I was reading a paper recently, where I initially thought it is a joke (it looked scientifically, therefore I was not too scared). But as our research department did it, it is serious and really, really good – at least it definitely made me think. It...
  • Council of Europe – Octopus Conference (Cooperation against Cybercrime) Day 2

    And the second day starts. I just met with Jeremy Kirk from IDG and it is great to see that the press is actually interested in such a conference as well. The day today started with a long session on different initiatives against cybercrime. A lot of...
  • Data Protection Heat Map

    I was looking at some research done by Forrester which could be interesting for you as well. They try to lay out the landscape with regards to data protection for you and it looks fairly compelling. So if you are interested in the situation of the different...
  • Azure Showcase: The Eye on Earth

    Well, you know, fairly often when I look at showcases I am a little bit disappointed I have to admit. Mainly because the technology which is shown is really cool and I would love to leverage it – just it works in the US only. Or better, it works across...
  • Raise Money for Cancer Research

    This is a private post – and does not really have a lot to do with my job at Microsoft. Well, a little… A friend of mine – actually the EMEA Security PR guy at Microsoft – is an addicted dart player and participates often in dart tournaments. Which has...
  • Council of Europe – Octopus Conference (Cooperation against Cybercrime) Day 1

    A few years ago, the Budapest Convention on Cybercrime was signed within the Council of Europe. Since then it was ratified all across the globe by a lot of countries or at least used as the base for legislation. Since a few years as well, the Council...
  • Insider Threat of Cloud Computing

    Tonight I got this article forwarded to me: Afraid of outside cloud attacks? You're missing the real threat . David Linthicum (the author) claimed that if you are looking at the hackers attacking “your” cloud from the outside, you are missing the real...
  • Council of Europe: We need ONE Cybercrime Convention

    As you saw from previous posts, I am at the Octopus Conference on Cooperation against Cybercrime at the moment. We had yesterday the Deputy Secretary General of the Council of Europe and one of her key statements was that different bodies (like the Council...
  • Strong Authentication and Privacy – A Contradiction in Terms?

    You know that I am not a big fan of the requirement for having all Internet users authenticate strongly. There are people in the security arena who think that this is the only way to fight cybercrime – and in parallel accept that they would kill freedom...
  • Legal Challenges of International Business and the Cloud

    To start with: I am an engineer not a lawyer – and this might be part of the problem… When I started to think about the Cloud and security and thought about all the work I do with Law Enforcement and the challenges they face. Additionally, I started...
  • The Latest Internet Explorer 0Day

    As it happens: I have been skiing last week (the weather was gorgeous) and now I am back (unfortunately) and confronted with the next Internet Explorer 0Day vulnerability, which already causes noise – in my opinion too much for the real technical problem...
  • Monitoring the Blog Hits – Live in Silverlight!

    If you are running a blog, you might most probably use one of the websites which show where your user come from – no? Like Clustrmaps , which I used for a few years. Then I found a new one, which I like much more as it gives me more information. If is...
  • Council of Europe – Octopus Conference (Cooperation against Cybercrime) – Key Messages

    I blogged on Day 1 and Day 2 but as I expected, I was unable to blog yesterday on the conference. However, let me just briefly give you my impression of the final day: The core part of this last day was a whole block on Cloud Computing. There were different...
  • ATM Skims – would you have figured them?

    I was reading two BBC articles this morning. Wow, this is scary, isn’t it? Look at the pictures below: I do not think that I would have seen that… It even has an integrated camera which is switched on, when you move the card in. That’s the original article...
  • Results of Operation b49 (Botnet Takedown)

    On February 24th we announced the work we did on taking down Waledac – read Tim Cranton’s blog post called Cracking Down on Botnets . Now it is time to look back and try to understand what we learned so far. sudosecure traces the Waledac infections and...
  • Why it pays to be secure – Chapter 5 – I need tools!

    Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use. So far, in the first 4 chapters, we have addressed...
  • This cannot be Microsoft Technology :-)

  • Want to introduce the Security Development Lifecycle? Play a Game

    I was recently pinged by a customer asking for the “real” version of this game. It was distributed at RSA in the US and I do not have any anymore – but you can still print it yourself. So, if you want to introduce SDL or if you introduced it already and...
  • Run Windows 7 XP Mode on CPU’s without virtualization

    I once wanted to text Windows 7 XP Mode on my notebook or my home PC but unfortunately I failed as both CPUs do not support Hardware Assisted Virtualization (HAV). Now, we released an update for Windows 7 64bit systems to remove this requirement: Update...
  • When Security Essentials are not Microsoft Security Essentials

    It is so old: Software telling you that you are infected and that you have to install this latest security software immediately. You can bet that this then installs malware on your PC instead of cleaning it. We mentioned this problem already in the first...
  • Security Development Lifecycle – Website!

    I often talk about how we learned to engineer security into the products and the results prove that we are on the right track. One of the challenges we always have is how to help the ecosystem to improve as well. One of the ways is to communicate through...