Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Tagged Content List
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
12 Jan 2012
Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response
A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset . It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset...
19 Oct 2011
Hackers using QR Codes to Push Malware
Always something new… As these kinds of codes are mainly used on mobile phones (or only used on mobile phones) the malware actually addresses smartphones “only” – in this case Android: Hackers using QR codes to push Android malware . If you use a code such as this (source: ZDnet Article referenced):...
2 Oct 2011
Update on DigiNotar
And interesting development tonight: Based on what happened with DigiNotar recently (especially with the false certificates for *.google.com), the Dutch government decided to have an official statement and in there to take over operations of the CA. The official statement (in Dutch) can be found here...
4 Sep 2011
The DigiNor Story–So Far
I just read an article on SANS: DigiNotar breach - the story so far . To be clear: This is not a Microsoft analysis nor any official statement from us. What we have to say is in the advisory: Microsoft Security Advisory (2607712) - Fraudulent Digital Certificates Could Allow Spoofing . It just gives...
2 Sep 2011
Microsoft Malware Protection Center on Facebook and Twitter
I know, I have been fairly slow in blogging currently but I was fairly busy with a few cool projects (which I will disclose later) and – time flies if you are having fun Just a quick one: The MMPC on Facebook and Twitter The Microsoft Malware Protection Center (MMPC) officially launched its Facebook...
28 Jul 2011
Ten Immutable Laws Of Security (Version 2.0)
You might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom” of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important...
16 Jun 2011
Effectiveness of SecureID reduced?
It seems that RSA got attacked and might have lost some information. They actually took a really courageous step and went public and the Executive Chairman wrote an open letter . To quote: While at this time we are confident that the information extracted does not enable a successful direct attack on...
18 Mar 2011
Infrastructure Planning and Design Guide for Malware Response
A new version of this guide went live – I think something, you should look at. There is a methodology and a process in detail: So, if you want to learn more: http://technet.microsoft.com/en-us/library/cc162838.aspx Roger
20 Feb 2011
Six “New” Attack Vectors
Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches: Fake Phone Networks : I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too worried about it. But still, for targeted espionage, it...
18 Feb 2011
Fighting a Botnet
Microsoft Malware Protection Center published a document on Battling the Zbot Threat , a special edition of the Security Intelligence Report . It is a very good document, worth looking at. This is the intro (to make you curious for more): This document provides an overview of the Win32/Zbot family of...
17 Feb 2011
Behind the Curtain of Second Tuesdays: Challenges in Software Security Response
You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of...
2 Dec 2010
Stuxnet talks – do we listen?
Stuxnet is a severe threat – that’s something we know for sure. But if we look at it – what do we really know? What can we learn? Let’s start from the beginning. As soon as Stuxnet hit the news, it was interesting to see, what was happening. There was a ton of speculation out there about the source and...
12 Oct 2010
How to Detect a Hacker Attack
This title immediately caught my attention and probably yours as well: How to detect a hacker attack – something I definitely want to know. And then I realized that the article a) is written from a techie and b) does not really cover the attacks I am worried of most. But I will address this toward the...
30 Sep 2010
Advisory for the ASP.NET Vulnerability
We are basically asking the industry to follow a Coordinated Vulnerability Disclosure and are therefore not in favor of public vulnerability disclosure as it puts the industry unnecessarily at risk. Recently there was a vulnerability in ASP.NET publically disclosed. We released an advisory and you...
19 Sep 2010
Emerging Malware Threat on Exchange
If you have not seen it, you should probably have a brief look at it. We are seeing a new worm spreading on Exchange. This worm is not exploiting a vulnerability but uses social engineering to spread. Please read our MMPC blog at Emerging Malware Issue: Visal.B or look it up in our malware encyclopedia...
10 Sep 2010
Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885)
I blogged about the vulnerability which was publically disclosed by a researcher working for Google earlier this month . In the meantime the attacks started to increase. I think that it would be important for you to look at what is going on. There is a good blog post by our malware protection center...
2 Jul 2010
10 of the Top Data Breaches of the Decade
You might have read that I ranted a little bit about the iPad data breach: Who needs a (vulnerable) iPad if you can get an nPad? and some people pushed back – which I can understand. So, to put it into perspective, I read this article this morning on the worst data breaches of the decade. An interesting...
17 Jun 2010
Vulnerability Disclosure to Compete?
As you know (I stress that fairly often ), I am Swiss. The reason why I am stressing this today is that I want to give you an example on security from the Swiss market: The banks here on place compete with each other – obviously. However, I have never seen the banks competing on security. They...
11 Jun 2010
The “KHOBE – 8.0 earthquake” – What’s behind it
On different social media this article actually gets tremendous coverage: KHOBE – 8.0 earthquake for Windows desktop security software . Now, before you read the rest here, I am not an AV-specialist nor do I have very deep, deep knowledge on the details of our file system drivers and the Windows kernel...
12 May 2010
Microsoft Security Intelligence Report – What it means for EMEA
“Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a...
5 May 2010
A Detailed Analysis of an Attack – Do We Need an International Incident Sharing Database?
I recently came across a paper called Shadows in the Cloud , which is actually a follow-up report of Tracking GhostNet: Investigating a Cyber Espionage Network , an investigation of the attacks on the office of the Dalai Lama and some governmental bodies. The report is written by two bodies who had the...
21 Apr 2010
Hacking Incidents 2009 – Interesting Data
There is a project called the web hacking incident database (WHID), which collects data and statistics on web-application related security incidents. I was just looking into their report called The Web Hacking Incident Database 2009 which has some pretty interesting statistics in. In order to judge...
12 Mar 2010
When Security Essentials are not Microsoft Security Essentials
It is so old: Software telling you that you are infected and that you have to install this latest security software immediately. You can bet that this then installs malware on your PC instead of cleaning it. We mentioned this problem already in the first chapters of our Security Intelligence Report v7...
1 Mar 2010
The Latest Internet Explorer 0Day
As it happens: I have been skiing last week (the weather was gorgeous) and now I am back (unfortunately) and confronted with the next Internet Explorer 0Day vulnerability, which already causes noise – in my opinion too much for the real technical problem. If you read the blog post of the Microsoft Security...
1 Mar 2010
Page 1 of 5 (116 items)
© 2013 Microsoft Corporation.
Privacy & Cookies