Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

September, 2010

  • Most Popular Usernames and Passwords

    No clue what the source is but if they are right, it is scary: DRG SSH Username and Password Authentication Tag Clouds Roger
  • Advisory for the ASP.NET Vulnerability

    We are basically asking the industry to follow a Coordinated Vulnerability Disclosure and are therefore not in favor of public vulnerability disclosure as it puts the industry unnecessarily at risk. Recently there was a vulnerability in ASP.NET publically...
  • Is a “Zero-Trust” Model the Silver Bullet?

    I was reading an interesting article: Forrester Pushes 'Zero Trust' Model For Security , where they mainly claim that you should not trust your internal network – something I am asking for since a long time. However, the conclusions Forrester and me are...
  • What is More Important to You? Privacy or Safety?

    I want to start upfront: I do not want to take a position here. I have an opinion as a person in my cultural context but I understand that this opinion is by far not the only one which is right or wrong. This morning I read this article: FBI Drive for...
  • How to Detect a Hacker Attack

    This title immediately caught my attention and probably yours as well: How to detect a hacker attack – something I definitely want to know. And then I realized that the article a) is written from a techie and b) does not really cover the attacks I am...
  • Is There Any Value in Twitter? Yes? Think Again…

    I know that this is a very provocative question but it is one I looked into since a few months. If you follow my Twitter account , you will have realized that I dramatically reduced the number of Tweets. I currently only tweet, once I posted on my blog...
  • Data Governance in the Cloud

    If you look at current discussions between cloud providers and customers, I see it too often that the customer leaves with the impression that the Cloud fixes all their problems. In fact – it does not. Too often I see the Cloud provider telling the customer...
  • Customer Experience Study: Security Improves in the Cloud

    Last week, when I was in South Africa, a partner of us pointed me to a very interesting paper by KPMG called Cloud computing: Australian lessons and experiences . What I like is, that a lot of the items I was recently raising, where actually reflected...
  • The Community is Growing

    In Off to See the World I told you that we are growing the Chief Security Advisor Community and then I updated you on the UK and Sweden . Now it is time to update you again. Just before the summer vacation, we could hire the Chief Security Advisor in...
  • The Risks of Pirated Software

    Obviously I do not like people to steal software. Additionally, from at least two perspectives it adds security risks: People are less likely to patch and pirated software often comes wit pre-installed malware, which is then hard to detect. There is just...
  • Free Software for NGOs

    I would just like to forward you to a blog post by Brad Smith as of today: Anti-Piracy Enforcement and NGOs . There is one statement I would like to quote: To prevent non-government organizations from falling victim to nefarious actions taken in the guise...
  • The Risks of Unofficial Patches

    This is quite a normal scenario: A zero-day pops up on the Internet by a security researcher. Immediately afterwards we see the first exploits appearing and being integrated into the different attack tools. Now, the race started: The vendor has to develop...
  • The Future of Crime

    I was contacted by somebody who recently mailed with me on LinkedIn (the value of social networks ) and who just started a website called Future Crimes , where they try to anticipate crime. There is quite some interesting content in there, which is...
  • Real Men Don’t Buy Girls

    I want to make you aware of the “Real Men” campaign to raise awareness about the problem of child sex slavery. If you can cope with it, listen to the press conference here: Watch live streaming video from cgi_press at livestream.com This is a unique partnership...
  • Interpol’s Chief’s Facebook Identity Stolen

    This is one of the risks, not a lot of people look into: It is fairly easy for me to setup a Facebook account in another person’s name. This is what happened to Ronald K. Noble, head of Interpol: Interpol Chief Ronald K. Noble Has Facebook Identity Stolen...
  • Support and OpenSource

    I know that I am not an OpenSource expert and to be completely clear: I do not want to complain at all but I would definitely think whether I would bet my company’s business processes on it… Let me give you my story: March this year I migrated my blog...
  • Just Installed Internet Explorer 9 Beta

    I know – Beta versions are not for production but as I just run production, I installed it on my work machine – just now! The first good news is: My blog still works: What’s new? Well, the best is you download it from here and explore yourself. There...
  • The Pentagon’s Cybersecurity Strategy

    I often talk to governments about their Cybersecurity strategy and agenda. Sometimes I think it is extremely hard for a government official or high-ranking military person to really understand what is going on in the cyber space and what this means. It...
  • Emerging Malware Threat on Exchange

    If you have not seen it, you should probably have a brief look at it. We are seeing a new worm spreading on Exchange. This worm is not exploiting a vulnerability but uses social engineering to spread. Please read our MMPC blog at Emerging Malware Issue...
  • Windows Live Essentials 2011 available for download now

    I am using it since the Beta and it is really cool. I am using Messenger (with the integration to Facebook etc.) as well as the Windows Live Writer to blog. It rocks: Windows Live Essentials 2011 available for download now Download and install! Roger
  • Infosecurity Virtual Conference

    The cloud – and now I mean the volcano cloud – showed that there is not always a real need to travel far in to get the right information at an event of conference. I delivered a keynote via LiveMeeting ( Virtual Keynotes – Do we always...
  • Dilbert on Piracy

    Just before I leave to Johannesburg: Dilbert on Piracy… he is soooo right Roger
  • FTC Takes Action Against Employee Bloggers

    This is an interesting information: FTC Takes Action Against Employee Bloggers . I am often asked about the rules and guidelines we have internally for bloggers. One is to be transparent. Whenever I blog, tweet or comment on a blog, I am always transparent...
  • The Value of Twitter–Revisited

    Actually I had a few very interesting discussions lately as a reaction on my post Is There Any Value in Twitter? Yes? Think Again… and I think Thibaud brought it to the point: Mass-follow is the “problem” – in other words me . I had thought about getting...
  • Microsoft Security Essentials free for small businesses

    I know that this is “old news” but I wanted to make sure that everybody has seen that: We will make Microsoft Security Essentials available for small business for free. Small businesses are up to 10 PCs. This is great news as a lot of small businesses...