See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Compatability & Converters
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Apple Recommends Running Multiple AV Engines
This is an interesting thing: I just read this post on ZDNet . The blamed us for being the key target for viruses and they always told me that they do not have a security problem. I am convinced that there is no software product having no security vulnerabilities and Apple proved over time that they...
3 Dec 2008
Fight against Terror and how it can be abused
I am not completely clear how much a lot of the measures we see (like the fluid restrictions on planes, the forced violation of privacy laws by airlines by having to transmit PII to the US, ...) really bring. On the other hand we definitely see some pretty weird things happening as any suspicion seems...
6 Nov 2007
Google Chrome and Silent Patching
This morning I opened one of the Swiss Sunday newspapers and Google Chrome made it to the front-page with a “best practice approach” for deploying security updates. In the article itself it was claimed that Chrome is one of the best browsers with regards to security as the deploy patches silently, without...
11 May 2009
Open Government Data Principles
In December about 30 government advocates assembled to decide on - what they called - Open Government Data Principles. Even though the group was very US focused (if you look at the list of participants ), the outcome is very interesting. I quote the main page of the working group : By embracing the eight...
27 Mar 2008
EISAS – European InformationSharing and Alert System – an ENISA Feasibility Study
ENISA just recently published a pretty interesting study with the title EISAS – European Information Sharing and Alert System . I think that it is definitely worth looking into Roger
8 Feb 2008
The Importance of International Collaboration–Even in Exercises
One of the biggest challenges in Critical Infrastructure Protection or Incident Response is collaboration. Collaboration between the public and the private sector as the private sector is most often running the critical infrastructure; collaboration between different governments as well as incidents...
16 Jun 2010
We Need Solid and Strong Transparent Processes for the Cloud
This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
8 Jun 2010
“Creative Capitalism” by Bill Gates
In Wall Street Journal there is a preview on Bill's speech today at World Economic Forum (they are actually flying over my house going to Davos – I hear them all the time J ). It is a pretty interesting reading on new ways how capitalism could work not only for the rich but also for the poor. What I...
25 Jan 2008
What is more important: Security or Privacy?
This is basically a very interesting and pretty fundamental question for the society. After 9/11 the US changed the way they work significantly. Just as an example: Airlines had to give the US government information about passengers flying to the US that actually violate the privacy laws in Europe. So...
17 Jan 2008
The Windows 7 UAC “Vulnerability”
It is always interesting how some things spin off. The claimed UAC vulnerability in Windows 7 in one of those events. There are numerous blogs which claim that they found a huge vulnerability in Windows 7. The reason for that is that you can change the settings for UAC without getting a UAC prompt. ...
3 Feb 2009
Stealing the Empire State Building in 90 Minutes
You do not trust e-Business? Why do you trust “normal” business then? Read this: Newspaper 'Steals' Empire State Building in Just 90 Minutes Roger
18 Dec 2008
What can you do if you are a victim of e-crime?
I think that there is a very good example of how a platform could be offered for victims of cyber crime. There are often questions around: What are my rights? What can I do if something bad happens? Who is here to help?... www.e-victims-org offers answers to a lot of questions like those and offers...
21 Jan 2008
Why it pays to be secure - Introduction
Henk van Roest, our EMEA Security Program Manager is running a pretty successful internal blog. Before summer vacation he started a series called “Why it pays to be secure” which I think has some great information in it. I asked him then to go public with it but he told me that he is not doing this kind...
22 Aug 2009
Estonia’s Cyber Security Strategy
Following the attacks on Estonia, they published a pretty interesting paper called Cyber Security Strategy by the Ministry of Defense in Estonia. One thing which I see again and again is that most of the people looking into such strategies conclude that strong collaboration is needed between the different...
8 Oct 2008
SAFECode: Writing Secure Code – learning from each other
During RSA Europe an industry forum called SAFECode ( S oftware A ssurance F orum for E xcellence in C ode) was announced " to identify and share software assurance best practices, promote broader adoption of such practices into the cyber ecosystem, and work with governments and critical infrastructure...
2 Nov 2007
Bill Gates and the Gates Foundation
There is an interview on MSNBC with Bill where the readers could actually send the questions. It is all about their foundation and pretty impressive to read: http://www.msnbc.msn.com/id/21212128/site/newsweek/ Roger
11 Oct 2007
WabiSabiLabi and their view on ethics
I commented on that already twice and I stated that WabiSabiLabi seems to have a different view on ethics than me. For those of you who do not know WabiSabiLabi, it is an online auction for vulnerabilities . We met the founder of this platform during Blue Hat in Redmond and had some discussions on ethics...
8 Nov 2007
Windows 7 XP Mode - Sophos error: facts not found
Well, the title is not completely from me – I just quoted another blog post. I wrote recently on Why Windows 7 XP Mode makes sense from a security perspective and was even quoted on the register. The “funny” thing was the history of that blog: I was readying some Tweets and blogs where XP Mode was just...
27 Aug 2009
Protecting your disk with biometric devices?
As you (hopefully) know, Windows Vista ships with a component we call Bitlocker - at least some of the Windows Vista versions do. Now, Bitlocker can be run with different way of protecting your keys: a TPM chip (basically a smartcard on your motherboard), a normal USB-stick, the TPM chip with a password...
23 Apr 2007
Risk of Outsourcing (and Security Outsourcing)
I am often asked about the risks of outsourcing (we often talk about processes, legal risks (e.g. Data Protection), etc.) – the list is very long. Today I read an article which touches a completely different issue: It is all about the security processes and the turnover within the outsourcing company...
30 Oct 2008
Teach a Man to Fish
I just read a pretty good article that goes definitely into the direction I am trying to work with the different communities we are in touch. Even though technology is a key part of any security solution, the user is key and explaining the user the "why" is even more important. Read yourself: Teach...
26 Nov 2007
Hacking Incidents 2009 – Interesting Data
There is a project called the web hacking incident database (WHID), which collects data and statistics on web-application related security incidents. I was just looking into their report called The Web Hacking Incident Database 2009 which has some pretty interesting statistics in. In order to judge...
12 Mar 2010
Article was Bogus: Do Mac Users not need Anti-Virus Protection?
Today I was having a discussion with a religious Mac fan claiming that the only problem with security on the Internet is Windows and then I read this article on ZDNet: Despite what blogs (and Apple) say, Macs will eventually have malware In there it is referenced that the article I was quoting yesterday...
4 Dec 2008
Sun and Apple Updates – A Sheer Nuisance!!
As you all know: I rarely blog on competitors and – even rarer – blog about them negatively. But this time I definitely had to: As most of us I have QuickTime on my PC as well as a Java VM. I know that there are alternatives for this software and the same is true for RealPlayer, which is – for me ...
20 Mar 2008
I was visiting Nigeria – watch out!
You know that I rarely did trip reports in the past. I am personally convinced that you do not want to read, what I had for breakfast in Barcelona. But this trip was different. When I told the people around me that I will be travelling to Nigeria I got a lot of different reactions J . I guess that...
23 Nov 2007
© 2014 Microsoft Corporation.
Privacy & Cookies