Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Tagged Content List
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
12 Jan 2012
Council of Europe Octopus Conference- Some Thoughts
l am still sitting in the parliament room of the Council of Europe at the celebration event for the Budapest Convention. It was another very good event advancing the challenges fighting Cybercrime. Let me try to summarize a few thoughts: The Budapest Convention is probably the best convention out there...
23 Nov 2011
VeriSign to Take Down Malware Sites?
This is actually an interesting approach: VeriSign Proposes Takedown Procedures and Malware Scanning for .Com . This leads to the discussion I have so often: What is more important? The single website or the greater good? Now, do not get me wrong: I see the risks of VeriSign taking down microsoft.com...
12 Oct 2011
German’s Government-Created Trojan Vulnerable
It is not that rare for Law Enforcement that they use software to spy in the case of severe accusations like terrorism. What is kind of surprising is the level of sophistication some of these Trojans seem to have – and not necessarily to the good side. The German Chaos Computer Club analyzed the Trojan...
11 Oct 2011
Hackers using QR Codes to Push Malware
Always something new… As these kinds of codes are mainly used on mobile phones (or only used on mobile phones) the malware actually addresses smartphones “only” – in this case Android: Hackers using QR codes to push Android malware . If you use a code such as this (source: ZDnet Article referenced):...
2 Oct 2011
Less Spam? Another Successful Botnet Takedown!
Our Digital Crimes Unit just took down another one: After Rustock and Waladec, now comes Kelihos. This is another great success in fighting criminals. If you want to read more: Microsoft Neutralizes Kelihos Botnet, Names Defendant in Case Roger
28 Sep 2011
Lessons from Some of the Least Malware Infected Countries in the World
Over the course of the last few years we have seen some countries having constantly low infection rates. So, our team in Trustworthy Computing started to ask the question why this is the case. The countries are Austria, Finland, Germany and Japan. I think it is worth y look at them: Part 1: Introduction...
15 Sep 2011
Special Intelligence Report on the Rustock Takedown
As you might remember, on Match 16th Microsoft together with other industry players was successfully able to take down the Rustock botnet and thus significantly reducing the spam level. We now just published a special Intelligence Report on this botnet: Read an overview of the Win32/Rustock family of...
6 Jul 2011
Facebook Implements Microsoft’s PhotoDNA Technology
This is actually a great development to fight Child Porn: Facebook adopts PhotoDNA and joins Microsoft and The National Center for Missing & Exploited Children to disrupt the proliferation of online child exploitation. You find the information here . Roger
20 May 2011
Cyber Security: The Road Ahead
This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed...
14 Apr 2011
Effectiveness of SecureID reduced?
It seems that RSA got attacked and might have lost some information. They actually took a really courageous step and went public and the Executive Chairman wrote an open letter . To quote: While at this time we are confident that the information extracted does not enable a successful direct attack on...
18 Mar 2011
Fraud via Phone on the Raise
FTC released their Consumer Sentinel Network Data Book for January – December 2010 . The interesting and scary thing is that fraud via phone is on the raise. We get more and more complaints by customers as well, telling us that they got a call from “Microsoft” with the ask for getting access to the PC...
10 Mar 2011
10 Tough Botnet Questions
Botnets are one of the toughest problems in the world of Cybercrime today. At least, this is what we think… ENISA just published an interesting paper called Botnets: 10 Tough Questions , which raise questions about e.g. the size of botnets or better the way the size is estimated etc. Basically the 10...
8 Mar 2011
Libya Violence Exploited by Scammers
It is a repeating pattern but not the less disgusting. Whenever bad things happens on the globe, the criminals are not far. This happened during hurricane Katrina, the tsunami in Indonesia, the earthquake in Haiti and now, not surprisingly in Libya as you can read in this blog post by Sophos: Violence...
28 Feb 2011
Six “New” Attack Vectors
Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches: Fake Phone Networks : I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too worried about it. But still, for targeted espionage, it...
18 Feb 2011
The Wild West on the Internet… A Crime Story
A fairly interesting thriller on the Internet. It just shows that we need better ways to collaborate between private and public sector and to hunt criminals: How one man tracked down Anonymous—and paid a heavy price Scary… Roger
10 Feb 2011
How much it takes to get on the No-Fly List
I questioned the value of No-Fly lists since quite a while as I read all these story about how people get on the list but this is kind of the strangest story I ever heard. A UK Immigration officer put his own wife on the No-Fly list as he wanted her to stay in the US – their marriage was kind of challenged...
6 Feb 2011
Phishing still very effective: 35 cards in 5 hours
I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours . They analyzed a very poorly designed phishing attack and found that: The first access to the site was on January 20 at 10:01 pm (as seen in picture). The latest registered access was on the same date...
27 Jan 2011
Conclusion on UNODC: Open Ended Expert Group on Cybercrime
I told you that I will attend the UNODC: Open Ended Expert Group on Cybercrime , which is now slowly coming to an end. Let me draw a few conclusions on the meeting. It was not the first UN meeting I attended and – depending on the audience – the discussion can easily result an long political debates...
20 Jan 2011
Attacks on Application Level
That the attacks move up the stack is really nothing new. However, it increases the challenge to secure your environment as you have to take Patch Management all the way. I blogged on that several times already e.g.: Patch Management, a key step towards compliance! Patch Management – Cover the whole...
18 Jan 2011
Targeted Attacks: The Biggest Risk in 2011?
Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night. BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears I think that this is a real issue and very hard to fight! Roger
3 Jan 2011
Publishing Secret or Sensitive Information
With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not...
30 Nov 2010
Turkey signed Cybercrime Convention
We are huge supporter of the Convention on Cybercrime by the Council of Europe . The reason for this is that we are convinced that there is a need of a certain level of harmonization across the Globe regarding cybercrime laws. Today I learned, that Turkey signed the convention yesterday. This is a great...
11 Nov 2010
Stuxnet talks – do we listen?
Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out there about the source and...
12 Oct 2010
Responsibility of ISPs for the ecosystem?
If you like Scott Chaney's suggestion he made at ISSE this week called Collective Defense - Applying Public Health Models to the Internet he raised very good points about the different roles the participants in the Internet Health Ecosystem have to play. Into that, the following article fits in fairly...
6 Oct 2010
Page 1 of 6 (129 items)
© 2013 Microsoft Corporation.
Privacy & Cookies