See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Is there a Botnet building on MS08-067 exploits?
There are a lot of reports on a Botnet building on the back of exploits targeting MS08-067: New Windows worm builds massive botnet MS08-067 Vulnerability: Botnets Reloaded Bots exploiting Microsoft's latest RPC flaw Exploit-MS08-067 Bundled in Commercial Malware Kit Time for forced updates? Conficker...
8 Dec 2008
SPAM moving to SMS?
Well, I do not hope and I do not expect it to. Why? Well, mobile text messages are not free – mails are (at least kind of). Nevertheless, if the "vulnerability" is within the mobile provider, all of a sudden, SMS could become a real SPAM channel. Recently happened in China: China to Probe Online Text...
26 Mar 2008
Results of Operation b49 (Botnet Takedown)
On February 24th we announced the work we did on taking down Waledac – read Tim Cranton’s blog post called Cracking Down on Botnets . Now it is time to look back and try to understand what we learned so far. sudosecure traces the Waledac infections and give a good view of new infections by the bot: But...
20 Mar 2010
Success against Cybercrime
I just read this article E-crime unit arrests suspected phishing gang , which shows that we are making progress in fighting cybercrime. Very good news Roger
7 Aug 2010
Security Advisory on the recent Internet Explorer Vulnerability
I guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution . The reason for that is that our investigations have shown that this...
15 Jan 2010
Analysis of the Estonian Attacks
I just read a paper on the political analysis of the Estonian Attack. If you are interested reading my post on my other blog (as the analysis is not really technical but interesting) there you go: Analysis of the Estonian Attacks Roger
21 May 2008
How critical are the Undersea Cables?
OK, I think I need to take this up a little bit as well. Let's look into what happened over the last few days. I think up to now we ended up with five cables cut in the Middle East. So, there are a lot of theories who was actually damaging those cables. The best one comes from WSJ J But there were...
8 Feb 2008
EISAS – European InformationSharing and Alert System – an ENISA Feasibility Study
ENISA just recently published a pretty interesting study with the title EISAS – European Information Sharing and Alert System . I think that it is definitely worth looking into Roger
8 Feb 2008
The Future of Cybercrime
If you do not know this blog, it is definitely worth looking at it from time to time: Paleo-Future . There I found a prediction on cybercrime dated 1981: It describes the impact of computers in the “future” – say today. If you click on the picture, you can see the original. There is a good quote in there...
11 Aug 2010
How to Hack Windows Vista
No, no. For sure. I am not going to give you advise how to hack – but look at this video: http://www.offensive-security.com/movies/vistahack/vistahack.html . I am always amazed about these kind of videos, which still surprise people. If look years back, we published the 10 Immutable Laws of Security...
27 May 2008
Spying on Smartphones
I was recently at an event for Law Enforcement where one of the discussion points was how critical it is to protect Smartphones – actually it was more about how easy to would be to claim that my Smartphone was hacked and how proof can be found. That you should run Anti-Malware software on phones, is...
26 Dec 2008
Selling Vulnerabilities and Ethics
Shoaib just blogged on Hacking & Security Community - Ethical or Unethical? . To start with: I do not claim that I know all about ethics and that there is only one view on ethics but I have a clear view on certain things. I blogged on this theme several times already and made my points pretty clear...
18 May 2008
Update on our Piracy Strategy - Important Changes to WGA
From time to time people ask me about piracy and security. Let's start with piracy first. If you look at the 2007 Global Piracy Study by BSA , the numbers are frightening. Looking at EMEA, it starts with Moldova on 94% pirated software to Denmark with 25% (which is still every fourth copy!) - the...
4 Dec 2007
Support for Law Enforcement and COFEE
Over the last few weeks there has been a lot of chatter about a tool we provide in a Beta version to Law Enforcement called COFEE: Computer Online Forensic Evidence Extractor. Let me give you some information on COFEE and put it into the proper context. I am personally convinced that every company...
14 May 2008
Storm coming back?
I just read first reports that Storm is coming back as we speak. This is frightening but shows the power and possibilities of the criminals as well. I have no information yet how bad it looks like, just read the following report: The Storm Worm would love to infect you Roger
20 May 2008
What is more important: Security or Privacy?
This is basically a very interesting and pretty fundamental question for the society. After 9/11 the US changed the way they work significantly. Just as an example: Airlines had to give the US government information about passengers flying to the US that actually violate the privacy laws in Europe. So...
17 Jan 2008
Security not only a Microsoft problem – iPhone finally rooted
It was to be expected – not because Apple built bad security in their iPhone, I am definitely not in the position to judge, but because it was going to happen. Any software product is going to have vulnerabilities as a matter of fact. The more attractive a device or a piece of software is, the more likely...
23 Jul 2007
How to Build a Bomb
Well, only partly. I commented several times already about WabiSabiLabi. I especially like their statement "closer to zero risk". At the moment there is an SAP vulnerability at stake. It is initially priced on €4'000. If you read their blog, Focus on: SAP MaxDB remote code execution , it seems to be...
12 Dec 2007
Targeted Attacks – the “Real” Problem
When I talk to customers, the different attacks are often something we discuss (obviously). I often mention that Virus and Worm attacks on a broad scale (like Conficker etc.) are a serious problem but at least one we see, one we understand and one we can fight (because we see and understand it). However...
5 Feb 2010
Technology in the Mumbai Attacks
One of the questions I often get is my position on Cyber-Terrorism. I doubt that there will be “isolated” technology-related terrorism. What we see much more is the use of high-tech during classical terrorism attacks. If you look at the recent terrorism events in Mumbai, there was some pretty interesting...
2 Dec 2008
How long does it take to hack a Power Plant?
I start to get scared – more and more. Back in September I blogged on Critical Infrastructure Protection – Live which shows what would happen if somebody would be able to tamper with power generators. Now, during RSA there was a guy called Ira Winkler telling the audience that they had the job to do...
14 Apr 2008
SANS Top 25 Most Dangerous Programming Errors – the same as very often…
I just worked my way through the list SANS published . Looking at the list it is not surprising but scary to see which errors made it to the top of the list: Cross-site Scripting SQL Injection Classic Buffer Overflow Cross-Site Request Forgery Improper Access Control It shows as we often say that the...
17 Feb 2010
ATM Skims – would you have figured them?
I was reading two BBC articles this morning. Wow, this is scary, isn’t it? Look at the pictures below: I do not think that I would have seen that… It even has an integrated camera which is switched on, when you move the card in. That’s the original article: Would You Have Spotted the Fraud? and there...
17 Mar 2010
The Economy of Cyber-Crime
Since quite some time as Chief Security Advisor, I am working to support Law Enforcement. We are supplying training, giving technical support as needed and are staying in close contact as well as soon as we decide to file a criminal complaint. This happens especially if we are phished (we being Hotmail...
23 Aug 2007
What can you do if you are a victim of e-crime?
I think that there is a very good example of how a platform could be offered for victims of cyber crime. There are often questions around: What are my rights? What can I do if something bad happens? Who is here to help?... www.e-victims-org offers answers to a lot of questions like those and offers...
21 Jan 2008
© 2014 Microsoft Corporation.
Privacy & Cookies