Skype for Business
See all products »
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2014 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
Microsoft Official Courses On-Demand
MCSA: Windows 10
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Fighting Crime and Protecting Privacy–a Contradiction?
I was reading an article today called Does Your ISP Care About Protecting Your Privacy? . An interesting question. The ISPs in the article are even thinking of VPNing all the traffic to avoid the necessity for keeping the logs (or probably better, NATing the whole network). So it seems that the ISPs...
2 Feb 2011
Phishing still very effective: 35 cards in 5 hours
I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours . They analyzed a very poorly designed phishing attack and found that: The first access to the site was on January 20 at 10:01 pm (as seen in picture). The latest registered access was on the same date...
27 Jan 2011
Conclusion on UNODC: Open Ended Expert Group on Cybercrime
I told you that I will attend the UNODC: Open Ended Expert Group on Cybercrime , which is now slowly coming to an end. Let me draw a few conclusions on the meeting. It was not the first UN meeting I attended and – depending on the audience – the discussion can easily result an long political debates...
20 Jan 2011
Interpol’s Chief’s Facebook Identity Stolen
This is one of the risks, not a lot of people look into: It is fairly easy for me to setup a Facebook account in another person’s name. This is what happened to Ronald K. Noble, head of Interpol: Interpol Chief Ronald K. Noble Has Facebook Identity Stolen . Roger
20 Sep 2010
Cybercrime: A Recession-Proof Growth Industry
That’s obvious as people probably tend to want to trust more, the worse their situation is. Nevertheless it is even more disgusting going after the desperate! Cybercrime: A Recession-Proof Growth Industry Roger
9 Feb 2011
Hackers using QR Codes to Push Malware
Always something new… As these kinds of codes are mainly used on mobile phones (or only used on mobile phones) the malware actually addresses smartphones “only” – in this case Android: Hackers using QR codes to push Android malware . If you use a code such as this (source: ZDnet Article referenced):...
3 Oct 2011
Publishing Secret or Sensitive Information
With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not...
30 Nov 2010
Mutual Authentication in Real Life–Launching a Nuclear Missile…
A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university, which we wanted to use as observers was, whether...
30 Mar 2011
The Future of Crime
I was contacted by somebody who recently mailed with me on LinkedIn (the value of social networks ) and who just started a website called Future Crimes , where they try to anticipate crime. There is quite some interesting content in there, which is definitely worth reading. However, to me it is not...
14 Sep 2010
Are We Losing the Fight Against Cybercrime?
It is an interesting and difficult question. What can we do to really be able to stay on top? Or shall we give up? Well, clearly, I do not think so. I read this article today, which really made me think: Black Hats are Winning, Symantec Says – wow! A fairly clear statement. We lost (at least...
17 Aug 2010
Attacks on Application Level
That the attacks move up the stack is really nothing new. However, it increases the challenge to secure your environment as you have to take Patch Management all the way. I blogged on that several times already e.g.: Patch Management, a key step towards compliance! Patch Management – Cover the whole...
18 Jan 2011
The Risk of Blogging
Steve Ballmer was once asked by a journalist whether and why he allows blogging by Microsoft employees, without any approval process. His answer was that he lets Microsoft employees talk to customers without approval process as well (at least that’s the story which was told ). You know that I am a big...
24 Aug 2010
What it takes to shut down a botnet
It hits the press from time to time that somebody was successful taking down a botnet. We had some success as well with the Waledac Botnet Takedown . There is actually a good article on What it takes to shut down a botnet . When I was doing some bing-search on the botnet takedowns, I found good work...
2 Sep 2010
Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885)
I blogged about the vulnerability which was publically disclosed by a researcher working for Google earlier this month . In the meantime the attacks started to increase. I think that it would be important for you to look at what is going on. There is a good blog post by our malware protection center...
2 Jul 2010
Six “New” Attack Vectors
Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches: Fake Phone Networks : I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too worried about it. But still, for targeted espionage, it...
18 Feb 2011
Targeted Attacks: The Biggest Risk in 2011?
Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night. BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears I think that this is a real issue and very hard to fight! Roger
3 Jan 2011
Less Spam? Another Successful Botnet Takedown!
Our Digital Crimes Unit just took down another one: After Rustock and Waladec, now comes Kelihos. This is another great success in fighting criminals. If you want to read more: Microsoft Neutralizes Kelihos Botnet, Names Defendant in Case Roger
28 Sep 2011
Libya Violence Exploited by Scammers
It is a repeating pattern but not the less disgusting. Whenever bad things happens on the globe, the criminals are not far. This happened during hurricane Katrina, the tsunami in Indonesia, the earthquake in Haiti and now, not surprisingly in Libya as you can read in this blog post by Sophos: Violence...
28 Feb 2011
The Wild West on the Internet… A Crime Story
A fairly interesting thriller on the Internet. It just shows that we need better ways to collaborate between private and public sector and to hunt criminals: How one man tracked down Anonymous—and paid a heavy price Scary… Roger
10 Feb 2011
© 2016 Microsoft Corporation.
Privacy & Cookies