Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: Is there a Botnet building on MS08-067 exploits?

    There are a lot of reports on a Botnet building on the back of exploits targeting MS08-067: New Windows worm builds massive botnet MS08-067 Vulnerability: Botnets Reloaded Bots exploiting Microsoft's latest RPC flaw Exploit-MS08-067 Bundled in Commercial Malware Kit Time for forced updates? Conficker...
  • Blog Post: Announcing the Exploitability Index

    At Blackhat we announced an important change to our Security Bulletins becoming effective during the October release. One of the requests we often heard talking to our customers is, that they would like to get better information on how hard it is to exploit a vulnerability. We will introduce an Exploitability...
  • Blog Post: Conficker and Microsoft Anti-Malware Software

    I want to add a few things as it is still not over: More and more enterprises are still hit. My last blog post showed you what you can do but I wanted to add two resources and a comment. The comment first: There were some discussions about our Anti-Malware solution. We had protections in all our products...
  • Blog Post: HP confirms vulnerabilities on 82 Laptop models.

    Remember this post OEMs: Join in to "Secure by Default" ? I wrote it in June… Now, HP just confirmed a vulnerability in their software delivered on 82 laptop models on all the different Windows versions: HP Quick Launch Buttons Critical Security Update What about the Security Development Lifecycle...
  • Blog Post: Security Advisory on the recent Internet Explorer Vulnerability

    I guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution . The reason for that is that our investigations have shown that this...
  • Blog Post: How critical are the Undersea Cables?

    OK, I think I need to take this up a little bit as well. Let's look into what happened over the last few days. I think up to now we ended up with five cables cut in the Middle East. So, there are a lot of theories who was actually damaging those cables. The best one comes from WSJ J But there were...
  • Blog Post: How to Hack Windows Vista

    No, no. For sure. I am not going to give you advise how to hack – but look at this video: http://www.offensive-security.com/movies/vistahack/vistahack.html . I am always amazed about these kind of videos, which still surprise people. If look years back, we published the 10 Immutable Laws of Security...
  • Blog Post: Why Apple has to fix the Safari flaw

    Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to responsible disclosure of vulnerabilities: And then, what does the vendor do with it? Does the company act on it? Now, we can debate on what a vulnerability is and what not. Personally I am convinced...
  • Blog Post: Infrastructure Planning and Design Guide for Malware Response

    A new version of this guide went live – I think something, you should look at. There is a methodology and a process in detail: So, if you want to learn more: http://technet.microsoft.com/en-us/library/cc162838.aspx Roger
  • Blog Post: Ten Immutable Laws Of Security (Version 2.0)

    You might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom” of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important...
  • Blog Post: Armored truck robber uses Craigslist to make getaway

    This is really clever (sounds like Hollywood but it seems to be real): In a move that could be right out of a Hollywood movie, a brazen crook apparently used a Craigslist ad to hire a dozen unsuspecting decoys to help him make his getaway following a robbery outside a bank on Tuesday. He then made...
  • Blog Post: Storm coming back?

    I just read first reports that Storm is coming back as we speak. This is frightening but shows the power and possibilities of the criminals as well. I have no information yet how bad it looks like, just read the following report: The Storm Worm would love to infect you Roger
  • Blog Post: Security not only a Microsoft problem – iPhone finally rooted

    It was to be expected – not because Apple built bad security in their iPhone, I am definitely not in the position to judge, but because it was going to happen. Any software product is going to have vulnerabilities as a matter of fact. The more attractive a device or a piece of software is, the more likely...
  • Blog Post: The “successful” attack on Cardspace

    I guess you read it as it was pretty wide-spread in the press in the last few days: On the Insecurity of Microsoft's Identity Metasystem CardSpace . Well, is there any official Microsoft reaction to it? No, not yet and if you look a little bit more in depth into it, I doubt that there will be. Why...
  • Blog Post: The Potential of Misinformation on the Web

    I am blogging, I am on Twitter , I have a Facebook-Account and many others. I am not always completely clear what the real business model and value of all the tools are but basically there is a lot of fun in it. Additionally information flows much faster and everybody has the possibility to express himself...
  • Blog Post: Targeted Attacks – the “Real” Problem

    When I talk to customers, the different attacks are often something we discuss (obviously). I often mention that Virus and Worm attacks on a broad scale (like Conficker etc.) are a serious problem but at least one we see, one we understand and one we can fight (because we see and understand it). However...
  • Blog Post: The Windows 7 UAC “Vulnerability”

    It is always interesting how some things spin off. The claimed UAC vulnerability in Windows 7 in one of those events. There are numerous blogs which claim that they found a huge vulnerability in Windows 7. The reason for that is that you can change the settings for UAC without getting a UAC prompt. ...
  • Blog Post: Microsoft Malware Protection Center on Facebook and Twitter

    I know, I have been fairly slow in blogging currently but I was fairly busy with a few cool projects (which I will disclose later) and – time flies if you are having fun Just a quick one: The MMPC on Facebook and Twitter The Microsoft Malware Protection Center (MMPC) officially launched its Facebook...
  • Blog Post: Behind the Curtain of Second Tuesdays: Challenges in Software Security Response

    You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of...
  • Blog Post: SANS Top 25 Most Dangerous Programming Errors – the same as very often…

    I just worked my way through the list SANS published . Looking at the list it is not surprising but scary to see which errors made it to the top of the list: Cross-site Scripting SQL Injection Classic Buffer Overflow Cross-Site Request Forgery Improper Access Control It shows as we often say that the...
  • Blog Post: The “KHOBE – 8.0 earthquake” – What’s behind it

    On different social media this article actually gets tremendous coverage: KHOBE – 8.0 earthquake for Windows desktop security software . Now, before you read the rest here, I am not an AV-specialist nor do I have very deep, deep knowledge on the details of our file system drivers and the Windows kernel...
  • Blog Post: The recent IIS Attacks

    There has been a lot of discussions in different blogs on the attacks on IIS servers. Microsoft Security Response Center has publised a post on it: Questions about Web Server Attacks Roger
  • Blog Post: New Information on SQL Injection Attacks

    I just wanted to make sure that you have seen the Advisory ( Rise in SQL Injection Attacks Exploiting Unverified User Data Input ) where we added some additional information. This is especially important as we did not "only" publish guidance but tools as well: Detection – HP Scrawlr (a free scanner...
  • Blog Post: Security Risks in the Supply Chain?

    At the moment I am travelling through the Gulf in order to launch the Security Intelligence Report v5 with local data. During one of the discussions today, a question was raised which I was thinking about quite some while (but – honestly - do not have an answer yet): How do you manage the risks in your...
  • Blog Post: Microsoft Security Intelligence Report – What it means for EMEA

    “Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a...