Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

January, 2011

  • Real Physical Security

    I saw this this morning – have a great weekend: Roger
  • UNODC: Open Ended Expert Group on Cybercrime

    From tomorrow on, UNDOC invited for an Open Ended Expert Group on Cybercrime in Vienna. I am really interested in seeing hoe these discussions will go. If – by any chance – you are there as well, please ping me and we will have a chat. Otherwise, I will...
  • Phishing still very effective: 35 cards in 5 hours

    I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours . They analyzed a very poorly designed phishing attack and found that: The first access to the site was on January 20 at 10:01 pm (as seen in picture...
  • How to Build a CERT

    Often, when governments look into Critical Infrastructure Protection, they start to build a CERT (Computer Emergency Response Team) or a CSIRT (Computer Security and Incident Response Team). The questions then always comes up: How do you do that? ENISA...
  • Dilbert on Cloud Computing

    The worst thing is, that there is some truth in that: At least, this is what I see often, before I talk to customers Roger
  • Cybercrime as a Service–Our Future?

    It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud – like any other business. Some way back,...
  • Conclusion on UNODC: Open Ended Expert Group on Cybercrime

    I told you that I will attend the UNODC: Open Ended Expert Group on Cybercrime , which is now slowly coming to an end. Let me draw a few conclusions on the meeting. It was not the first UN meeting I attended and – depending on the audience – the discussion...
  • Moving Blogs

    Quite a while ago, I started a second blog outside our technet site. One of the reasons was that I realized that a lot of people who are interested in the policy, political, process dimension of security do not read a blog on technet as it is the environment...
  • Are You Focused On The Wrong Security Risks?

    There is an good article on CIO Central: Are You Focused On The Wrong Security Risks? An interesting discussion and I part agree that we have to challenge the way we look at the security risks. I would even broaden the questions he raises. When I talk...
  • Moving my blog!!

    Well, I will continue to announce this, until I see the hitrate decline At the moment, I am running two blogs. This one and the one on http://www.halbheer.info/security which both contain more or less the same content. I am still planning to move over...
  • From the Inside: Our CISO on Cloud Security

    You are worried about compliance and risks in the cloud? Well, listen to our CISO and see his views: The promise of cloud computing is great and yet this new computing paradigm presents new challenges in the area of information security. In this session...
  • Exciting News from the Consumer Electronics Show in Vegas

    After the launch of different products for the consumer, businesses and in the Cloud, Steve Ballmer opened CES today in Las Vegas. You should look at it. There are a few very cool announcements: Or directly from the CES webpage . Roger
  • Targeted Attacks: The Biggest Risk in 2011?

    Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night. BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears I think that this is a real issue and very hard to fight! Roger
  • Blocking Social Media–What is Your View?

    If you are reading my blog posts regularly, you might have seen that I am not a big friend of blocking social media at the edge. When I talk with customers about why they are blocking it, I usually get these type of answers: People are spending...
  • Attacks on Application Level

    That the attacks move up the stack is really nothing new. However, it increases the challenge to secure your environment as you have to take Patch Management all the way. I blogged on that several times already e.g.: Patch Management, a key step towards...