See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Compatability & Converters
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Scam Awareness Month in the UK
I guess you know Get Safe Online in the meantime. They are publishing a lot of good and insightful information. Now, they collaborate with the Office of Fair Trading in the UK for a Scam Awareness Month. Again, there is a log of excellent information on the web for you to look at: Get Safe Online Blog...
16 Feb 2009
The Value of Operating System Comparisons
Since Blaster/Slammer, namely since the start of Trustworthy Computing I am working at Microsoft in a publically facing security role. I went through all the blaming and had to take all the heat of what we did wrong and how bad we are – and I admitted there and still do today that security was not a...
17 Nov 2007
Common Criteria and answering the “real” questions
It seems that I am not yet gone J . Eric Bidstrup, a colleague of mine, wrote a great blog post about Common Criteria, where it does a pretty good job and where it fails. Basically he claims – and I could not agree more – that the customer "only" wants to know whether the operating system "is safe"....
28 Dec 2007
SAFECode: Writing Secure Code – learning from each other
During RSA Europe an industry forum called SAFECode ( S oftware A ssurance F orum for E xcellence in C ode) was announced " to identify and share software assurance best practices, promote broader adoption of such practices into the cyber ecosystem, and work with governments and critical infrastructure...
2 Nov 2007
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this...
12 Jan 2012
Cyber Security: The Road Ahead
This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed...
14 Apr 2011
A Detailed Analysis of an Attack – Do We Need an International Incident Sharing Database?
I recently came across a paper called Shadows in the Cloud , which is actually a follow-up report of Tracking GhostNet: Investigating a Cyber Espionage Network , an investigation of the attacks on the office of the Dalai Lama and some governmental bodies. The report is written by two bodies who had the...
21 Apr 2010
Get Safe Online: Don’t be a Money Mule
You know, there are people who blog late, there are people who blog very late and then there is me… I actually missed that one even though I was triggered: Mid November there was the Get Safe Online Week 2009 in the UK. Usually they do really good stuff and this is the reason I usually blog on it. As...
4 Dec 2009
Open Source and Hackers
The debate is probably as old as the Open Source software development model: Which one is more secure: Open Source or shared source as we at Microsoft run it? I know that we could now enter a religious debate about that, which I do not want to as I do not really believe in the value of such debate. ...
9 Jun 2010
Cloud Security in Office365
You heard about the launch of Office365 recently and I hope you read the blog post on the application of the Cloud Computing Security Considerations to the private. cloud. If not, here it is: Security Considerations in a Private Cloud To complete the series now, we released an additional paper on how...
15 Jul 2011
Digital Phishnet Conference 2007
Last week the first Digital Phishnet Conference in Europe took place in Berlin. Basically Digital Phishnet is an initiative to help to exchange information about Phishing-Sites in order to help enforcement. This is the core mission: Supporting Law Enforcement with information. So the participants are...
17 Jun 2007
Cooperation against Cybercrime- Octopus Conference
lt is time again! The Council of Europe Octopus Conference on Cooperation against Cybercrime is taking place this week. This year it is even the 10th anniversary of the Budapest Convention. Therefore a broad country of legal, law enforcement and private sector organizations are discussing the current...
21 Nov 2011
© 2014 Microsoft Corporation.
Privacy & Cookies