Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: Infrastructure Planning and Design Guide for Malware Response

    A new version of this guide went live – I think something, you should look at. There is a methodology and a process in detail: So, if you want to learn more: http://technet.microsoft.com/en-us/library/cc162838.aspx Roger
  • Blog Post: Ten Immutable Laws Of Security (Version 2.0)

    You might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom” of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important...
  • Blog Post: Microsoft Malware Protection Center on Facebook and Twitter

    I know, I have been fairly slow in blogging currently but I was fairly busy with a few cool projects (which I will disclose later) and – time flies if you are having fun Just a quick one: The MMPC on Facebook and Twitter The Microsoft Malware Protection Center (MMPC) officially launched its Facebook...
  • Blog Post: Behind the Curtain of Second Tuesdays: Challenges in Software Security Response

    You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of...
  • Blog Post: Fighting a Botnet

    Microsoft Malware Protection Center published a document on Battling the Zbot Threat , a special edition of the Security Intelligence Report . It is a very good document, worth looking at. This is the intro (to make you curious for more): This document provides an overview of the Win32/Zbot family of...
  • Blog Post: 10 Years of Trustworthy Computing at Microsoft

    Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
  • Blog Post: Security Updates and Exploit Code

    In our last update cycle we published the security bulletin MS12-020 Vulnerabilities in Remote Desktop Could Allow Remote Code Execution . Relatively soon after the release, there was a public exploit code available - we informed here: Proof-of-Concept Code available for MS12-020 . This would not necessarily...
  • Blog Post: Microsoft Security Update Guide, Second Edition

    A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand...
  • Blog Post: Cyber Security: The Road Ahead

    This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed...
  • Blog Post: Stuxnet talks – do we listen?

    Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out there about the source and...
  • Blog Post: Advisory for the ASP.NET Vulnerability

    We are basically asking the industry to follow a Coordinated Vulnerability Disclosure and are therefore not in favor of public vulnerability disclosure as it puts the industry unnecessarily at risk. Recently there was a vulnerability in ASP.NET publically disclosed. We released an advisory and you...
  • Blog Post: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response

    A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset . It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset...
  • Blog Post: Keep all your software updated and current

    I know that I keep going and going on that. When I talk to customers and mainly to providers of the critical infrastructure about security, one of the key things to me is to keep the software updated. It is about patching and it is about staying on the latest version of your software. To me, today Windows...
  • Blog Post: How to Detect a Hacker Attack

    This title immediately caught my attention and probably yours as well: How to detect a hacker attack – something I definitely want to know. And then I realized that the article a) is written from a techie and b) does not really cover the attacks I am worried of most. But I will address this toward the...
  • Blog Post: Six “New” Attack Vectors

    Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches: Fake Phone Networks : I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too worried about it. But still, for targeted espionage, it...
  • Blog Post: How to Deal With Vulnerabilities

    This is always a fairly emotional theme. What is better to protect the ecosystem? Public or private disclosure? Should somebody paying for vulnerabilities or not? Is a vulnerability auction ethical or not? I know that there are numerous views on that and I do not want to debate them here and now. What...