Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Tags

Browse by Tags

TechNet Blogs » Roger's Security Blog » All Tags » microsoft
Related Posts

  • Blog Post: Is there a Botnet building on MS08-067 exploits?

    rhalbheer
    There are a lot of reports on a Botnet building on the back of exploits targeting MS08-067: New Windows worm builds massive botnet MS08-067 Vulnerability: Botnets Reloaded Bots exploiting Microsoft's latest RPC flaw Exploit-MS08-067 Bundled in Commercial Malware Kit Time for forced updates? Conficker...
    on 8 Dec 2008

  • Blog Post: Ethisphere Institute: Microsoft amongst the world’s most ethical companies

    rhalbheer
    Forbes posted: The World's Most Ethical Companies . I quote: The Ethisphere Institute, a New York City think tank, has just announced its fifth annual list of the World's Most Ethical Companies. The selection, open to every company in every industry around the globe, gives its winners an opportunity...
    on 23 Mar 2011

  • Blog Post: Announcing the Exploitability Index

    rhalbheer
    At Blackhat we announced an important change to our Security Bulletins becoming effective during the October release. One of the requests we often heard talking to our customers is, that they would like to get better information on how hard it is to exploit a vulnerability. We will introduce an Exploitability...
    on 6 Aug 2008

  • Blog Post: Results of Operation b49 (Botnet Takedown)

    rhalbheer
    On February 24th we announced the work we did on taking down Waledac – read Tim Cranton’s blog post called Cracking Down on Botnets . Now it is time to look back and try to understand what we learned so far. sudosecure traces the Waledac infections and give a good view of new infections by the bot: But...
    on 20 Mar 2010

  • Blog Post: File Classification Infrastructure: More content

    rhalbheer
    At the Analyst Event last week I was asked more than once about the File Classification Infrastructure. As it was something I never looked into the details, I started from the blog post I wrote mid May File Classification Infrastructure in Windows Server 2008 R2 and just wanted to collect some information...
    on 29 Jun 2009

  • Blog Post: SDL and End to End Trust

    rhalbheer
    Last week we published – as you hopefully know – our "End to End Trust" whitepaper. If not, please read my blog post on it J Now, Eric Bidstrup just commented on End to End Trust in the light of the Security Development Lifecycle (or better: the other way around). It might be interesting for you to...
    on 17 Apr 2008

  • Blog Post: Look at the Enhanced Mitigation Evaluation Toolkit

    rhalbheer
    Recently we announced the availability of the Enhanced Mitigation Evaluation Toolkit. This is a toolkit which makes it easier to defend your application on different levels – free of charge. Read the post done by our Security Research and Defense guys: Announcing the release of the Enhanced Mitigation...
    on 29 Oct 2009

  • Blog Post: Google Chrome and Silent Patching

    rhalbheer
    This morning I opened one of the Swiss Sunday newspapers and Google Chrome made it to the front-page with a “best practice approach” for deploying security updates. In the article itself it was claimed that Chrome is one of the best browsers with regards to security as the deploy patches silently, without...
    on 11 May 2009

  • Blog Post: Identity in the Cloud

    rhalbheer
    Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...
    on 25 May 2010

  • Blog Post: Microsoft Security Compliance Manager 2 ready for download

    rhalbheer
    If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ). Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator...
    on 25 Oct 2011

  • Blog Post: Want to introduce the Security Development Lifecycle? Play a Game

    rhalbheer
    I was recently pinged by a customer asking for the “real” version of this game. It was distributed at RSA in the US and I do not have any anymore – but you can still print it yourself. So, if you want to introduce SDL or if you introduced it already and want to re-enforce the message, look at that Elevation...
    on 22 Mar 2010

  • Blog Post: Spotlight – The coolest online event platform

    rhalbheer
    You know about Silverlight, don't you? We built a new Online Event platform on it. Sorry? You did NOT hear of Silverlight yet? Come on, don't tell me you missed this announcement? It is absolutely cool and if you really missed it, there you go: Sliverlight . But now let's really talk about Spotlight...
    on 1 Nov 2007

  • Blog Post: One year free anti-malware and what we learned

    rhalbheer
    An year ago we launched Microsoft Security Essentials . I remember the day as I was looking at the Twitter stream to see the overall reactions and they were simply great! Further on, when I travelled, the main complaint I heard in some countries was: “Why do we not have it?” and it is a fair question...
    on 1 Oct 2010

  • Blog Post: Update on our Piracy Strategy - Important Changes to WGA

    rhalbheer
    From time to time people ask me about piracy and security. Let's start with piracy first. If you look at the 2007 Global Piracy Study by BSA , the numbers are frightening. Looking at EMEA, it starts with Moldova on 94% pirated software to Denmark with 25% (which is still every fourth copy!) - the...
    on 4 Dec 2007

  • Blog Post: Security and Usability

    rhalbheer
    It is not a new concept: The secure way is only secure if it is the easiest way. I have seen a lot of solutions which are extremely secure – in the eyes of the security people. However, the users find a lot of ways to circumvent the security measures because they are too complex to fulfill the business...
    on 26 Nov 2009

  • Blog Post: Support for Law Enforcement and COFEE

    rhalbheer
    Over the last few weeks there has been a lot of chatter about a tool we provide in a Beta version to Law Enforcement called COFEE: Computer Online Forensic Evidence Extractor. Let me give you some information on COFEE and put it into the proper context. I am personally convinced that every company...
    on 14 May 2008

  • Blog Post: Insight into IPSec

    rhalbheer
    I hope you enjoyed Christmas as much as I did (now working on losing weight again J ). Soon I will be in the mountains but before I leave, I found something pretty interesting to read: Tech Insight: Microsoft's IPSec Roger
    on 27 Dec 2007

  • Blog Post: Worldwide Chief Security Advisor Meeting

    rhalbheer
    I know that I have been very, very quiet over the last two weeks. The reason was, that the worldwide Chief Security Advisors met at our HQ in Redmond for four days to discuss community related questions as well as the future of certain selected products and share the worldwide experience with our product...
    on 1 Nov 2010

  • Blog Post: Video on Microsoft’s Datacenter

    rhalbheer
    A very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of...
    on 29 Jul 2011

  • Blog Post: Behind the Curtain of Second Tuesdays: Challenges in Software Security Response

    rhalbheer
    You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of...
    on 2 Dec 2010

  • Blog Post: The Debate on Security Metrics

    rhalbheer
    Recently I was sitting on a panel which was pretty heterogeneous: There was a representative from IBM (actually from former ISS), customers, a representative from the Open Source community (who actually, during his presentation always said how bad our security is) – well, and me. In order to have some...
    on 9 May 2008

  • Blog Post: Join the Windows 7 and Internet Explorer 8 Security Baselines Beta

    rhalbheer
    The day before yesterday we opened the Windows 7 and Internet Explorer 8 Security Baselines Beta and would look forward to getting your feedback and comment. So, sign up for it if you are interested: Sign-Up Now for the New Windows 7 and Internet Explorer 8 Security Baselines Beta Opening July 13th!...
    on 14 Jul 2009

  • Blog Post: Windows Live Essentials 2011 available for download now

    rhalbheer
    I am using it since the Beta and it is really cool. I am using Messenger (with the integration to Facebook etc.) as well as the Windows Live Writer to blog. It rocks: Windows Live Essentials 2011 available for download now Download and install! Roger
    on 30 Sep 2010

  • Blog Post: The “KHOBE – 8.0 earthquake” – What’s behind it

    rhalbheer
    On different social media this article actually gets tremendous coverage: KHOBE – 8.0 earthquake for Windows desktop security software . Now, before you read the rest here, I am not an AV-specialist nor do I have very deep, deep knowledge on the details of our file system drivers and the Windows kernel...
    on 12 May 2010

  • Blog Post: Why it pays to be secure - Introduction

    rhalbheer
    Henk van Roest, our EMEA Security Program Manager is running a pretty successful internal blog. Before summer vacation he started a series called “Why it pays to be secure” which I think has some great information in it. I asked him then to go public with it but he told me that he is not doing this kind...
    on 22 Aug 2009