Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Tagged Content List
Internet Explorer aces security test as Google faces accusations
I mean, I obviously like this article: Internet Explorer aces security test as Google faces accusations as it has a nice quote to start with: Internet Explorer 9 should be the go-to browser for organizations concerned about protecting machines from malicious downloads, according to a new study from NSS...
10 Feb 2012
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very...
22 Dec 2011
Implementing the Top 4 Defense Strategies
The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies...
13 Dec 2011
Microsoft Security Compliance Manager 2 ready for download
If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator...
25 Oct 2011
EMET–Protection Against Zero-Days
The Enhanced Mitigation Experience Toolkit is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going...
23 Oct 2011
Moving from Linux to Windows
I know, that’s the second time now I am doing this comparison thingy and I promise that I will stop again and deliver you a cool tool as the next post but I read this article: Why I’ve finally had it with my Linux server and I’m moving back to Windows – be sure that you read the comments. To me they...
21 Oct 2011
Comparing Windows Phone 7 and iPhone
Well, I have to admit – I am biased. I never used an iPhone in my life and based on my experience with my iPod, I hope I never have to, but who knows. I really do not like the UI which – to me – is everything but user friendly and the worst thing with iPhone is iTunes. Whenever iTunes starts to download...
20 Oct 2011
Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response
A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset . It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset...
19 Oct 2011
Cloud Security in Office365
You heard about the launch of Office365 recently and I hope you read the blog post on the application of the Cloud Computing Security Considerations to the private. cloud. If not, here it is: Security Considerations in a Private Cloud To complete the series now, we released an additional paper on how...
15 Jul 2011
How Microsoft Uses File Classification Infrastructure
Quite a while ago, I blogged about the File Classification Infrastructure in Windows Server 2008 R2: File Classification Infrastructure in Windows Server 2008 R2 File Classification Infrastructure:More content In my opinion, this is an interesting tool, built in to your server platform. Now, we just...
8 Jun 2011
A Security Comparison: Microsoft Office vs. Oracle Openoffice
Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only...
19 Apr 2011
Windows 7 and Windows Server 2008 R2 CC EAL4+ Certified
On March 24th, we got the certificate for the Common Criteria certification for Windows 7 and Windows Server 2008 on EAL 4+. Here are the certified products: http://www.commoncriteriaportal.org/products/ and here you find the certificate . A great job by the team – congratulations! Roger
1 Apr 2011
Kinect Sensor For Autonomous Flight
That’s really interesting: Impressive! Roger
31 Mar 2011
Security in IE9
You know that we are trying to get rid of outdated versions of IE like IE6: IE6 Countdown–Migrate to IE8 (or IE9) – as we released IE9 to the web, it is not about moving to IE8 or IE9 but moving to Internet Explorer 9. If you want to know more about IE9 security, here you go: Security in Internet Explorer...
23 Mar 2011
IE6 Countdown–Migrate to IE8 (or IE9)
10 years ago a browser was born. Its name was Internet Explorer 6. Now that we’re in 2011, in an era of modern web standards, it’s time to say goodbye. We all know that Internet Explorer 6 is outdated and that you should move away from it to a newer browser immediately. For security...
8 Mar 2011
Internet Explorer 9, Release Candidate available
You might have seen it: IE9 RC is now ready for download. I am using IE9 since quite a while and it really, really rocks. Install it from here . Roger
10 Feb 2011
On the effectiveness of DEP and ASLR
Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR . There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and...
9 Dec 2010
Mitigating the use of Local Admin
We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a guest blog. General Goals of Strategic Desktop Deployment...
5 Dec 2010
Information Security Management System for Microsoft Cloud Infrastructure
Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Information Security Management System program for Microsoft's Cloud Infrastructure...
19 Nov 2010
Basic Malware Protection for Free?
It is kind of strange, whenever I talk to governments and customers, everybody seems to agree that basic malware protection should be for free or even integrated into the OS. I am talking about malware, which is “installed” by the user as well… However, it seems that not everybody is happy… Security...
15 Nov 2010
Hotmail now with full-session SSL
If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS encryption Roger
11 Nov 2010
Who needs a (vulnerable) iPad if you can get an nPad?
I actually wanted to show nPad to you as I loved it – it is a new hardware factor to what we did since years on the tablet. I like this new hardware (see below) and then read this article, showing that Apple got hit fairly hard this week by a vulnerability in iPad: Apple's Worst Security Breach...
11 Jun 2010
Identity in the Cloud
Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...
25 May 2010
Update on the Khobe “vulnerability”
Just an update on my recent post on The “KHOBE – 8.0 earthquake” – What’s behind it . In the meantime we worked with Matousec and confirmed that neither Microsoft Security Essentials nor Forefront Client Security are affected by this “vulnerability”. So, to me it is as I stated above: Make noise...
13 May 2010
Virtual Keynotes – Do we always have to travel?
The week before the last one, it happened to me – like it happened to thousand of other travelers all across the globe: I got stranded. Luckily for me I should have been flying out from home rather than flying home and being “stuck” home is much easier to handle :-) At least for me. I was actually to...
4 May 2010
Page 1 of 8 (176 items)
© 2013 Microsoft Corporation.
Privacy & Cookies