Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: Is there a Botnet building on MS08-067 exploits?

    There are a lot of reports on a Botnet building on the back of exploits targeting MS08-067: New Windows worm builds massive botnet MS08-067 Vulnerability: Botnets Reloaded Bots exploiting Microsoft's latest RPC flaw Exploit-MS08-067 Bundled in Commercial Malware Kit Time for forced updates? Conficker...
  • Blog Post: Ethisphere Institute: Microsoft amongst the world’s most ethical companies

    Forbes posted: The World's Most Ethical Companies . I quote: The Ethisphere Institute, a New York City think tank, has just announced its fifth annual list of the World's Most Ethical Companies. The selection, open to every company in every industry around the globe, gives its winners an opportunity...
  • Blog Post: Announcing the Exploitability Index

    At Blackhat we announced an important change to our Security Bulletins becoming effective during the October release. One of the requests we often heard talking to our customers is, that they would like to get better information on how hard it is to exploit a vulnerability. We will introduce an Exploitability...
  • Blog Post: Results of Operation b49 (Botnet Takedown)

    On February 24th we announced the work we did on taking down Waledac – read Tim Cranton’s blog post called Cracking Down on Botnets . Now it is time to look back and try to understand what we learned so far. sudosecure traces the Waledac infections and give a good view of new infections by the bot: But...
  • Blog Post: File Classification Infrastructure: More content

    At the Analyst Event last week I was asked more than once about the File Classification Infrastructure. As it was something I never looked into the details, I started from the blog post I wrote mid May File Classification Infrastructure in Windows Server 2008 R2 and just wanted to collect some information...
  • Blog Post: SDL and End to End Trust

    Last week we published – as you hopefully know – our "End to End Trust" whitepaper. If not, please read my blog post on it J Now, Eric Bidstrup just commented on End to End Trust in the light of the Security Development Lifecycle (or better: the other way around). It might be interesting for you to...
  • Blog Post: Look at the Enhanced Mitigation Evaluation Toolkit

    Recently we announced the availability of the Enhanced Mitigation Evaluation Toolkit. This is a toolkit which makes it easier to defend your application on different levels – free of charge. Read the post done by our Security Research and Defense guys: Announcing the release of the Enhanced Mitigation...
  • Blog Post: Google Chrome and Silent Patching

    This morning I opened one of the Swiss Sunday newspapers and Google Chrome made it to the front-page with a “best practice approach” for deploying security updates. In the article itself it was claimed that Chrome is one of the best browsers with regards to security as the deploy patches silently, without...
  • Blog Post: Identity in the Cloud

    Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...
  • Blog Post: Microsoft Security Compliance Manager 2 ready for download

    If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator...
  • Blog Post: Want to introduce the Security Development Lifecycle? Play a Game

    I was recently pinged by a customer asking for the “real” version of this game. It was distributed at RSA in the US and I do not have any anymore – but you can still print it yourself. So, if you want to introduce SDL or if you introduced it already and want to re-enforce the message, look at that Elevation...
  • Blog Post: Spotlight – The coolest online event platform

    You know about Silverlight, don't you? We built a new Online Event platform on it. Sorry? You did NOT hear of Silverlight yet? Come on, don't tell me you missed this announcement? It is absolutely cool and if you really missed it, there you go: Sliverlight . But now let's really talk about Spotlight...
  • Blog Post: One year free anti-malware and what we learned

    An year ago we launched Microsoft Security Essentials . I remember the day as I was looking at the Twitter stream to see the overall reactions and they were simply great! Further on, when I travelled, the main complaint I heard in some countries was: “Why do we not have it?” and it is a fair question...
  • Blog Post: Update on our Piracy Strategy - Important Changes to WGA

    From time to time people ask me about piracy and security. Let's start with piracy first. If you look at the 2007 Global Piracy Study by BSA , the numbers are frightening. Looking at EMEA, it starts with Moldova on 94% pirated software to Denmark with 25% (which is still every fourth copy!) - the...
  • Blog Post: Security and Usability

    It is not a new concept: The secure way is only secure if it is the easiest way. I have seen a lot of solutions which are extremely secure – in the eyes of the security people. However, the users find a lot of ways to circumvent the security measures because they are too complex to fulfill the business...
  • Blog Post: Support for Law Enforcement and COFEE

    Over the last few weeks there has been a lot of chatter about a tool we provide in a Beta version to Law Enforcement called COFEE: Computer Online Forensic Evidence Extractor. Let me give you some information on COFEE and put it into the proper context. I am personally convinced that every company...
  • Blog Post: Insight into IPSec

    I hope you enjoyed Christmas as much as I did (now working on losing weight again J ). Soon I will be in the mountains but before I leave, I found something pretty interesting to read: Tech Insight: Microsoft's IPSec Roger
  • Blog Post: Worldwide Chief Security Advisor Meeting

    I know that I have been very, very quiet over the last two weeks. The reason was, that the worldwide Chief Security Advisors met at our HQ in Redmond for four days to discuss community related questions as well as the future of certain selected products and share the worldwide experience with our product...
  • Blog Post: Video on Microsoft’s Datacenter

    A very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of...
  • Blog Post: Behind the Curtain of Second Tuesdays: Challenges in Software Security Response

    You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of...
  • Blog Post: The Debate on Security Metrics

    Recently I was sitting on a panel which was pretty heterogeneous: There was a representative from IBM (actually from former ISS), customers, a representative from the Open Source community (who actually, during his presentation always said how bad our security is) – well, and me. In order to have some...
  • Blog Post: Join the Windows 7 and Internet Explorer 8 Security Baselines Beta

    The day before yesterday we opened the Windows 7 and Internet Explorer 8 Security Baselines Beta and would look forward to getting your feedback and comment. So, sign up for it if you are interested: Sign-Up Now for the New Windows 7 and Internet Explorer 8 Security Baselines Beta Opening July 13th!...
  • Blog Post: Windows Live Essentials 2011 available for download now

    I am using it since the Beta and it is really cool. I am using Messenger (with the integration to Facebook etc.) as well as the Windows Live Writer to blog. It rocks: Windows Live Essentials 2011 available for download now Download and install! Roger
  • Blog Post: The “KHOBE – 8.0 earthquake” – What’s behind it

    On different social media this article actually gets tremendous coverage: KHOBE – 8.0 earthquake for Windows desktop security software . Now, before you read the rest here, I am not an AV-specialist nor do I have very deep, deep knowledge on the details of our file system drivers and the Windows kernel...
  • Blog Post: Why it pays to be secure - Introduction

    Henk van Roest, our EMEA Security Program Manager is running a pretty successful internal blog. Before summer vacation he started a series called “Why it pays to be secure” which I think has some great information in it. I asked him then to go public with it but he told me that he is not doing this kind...