Browse by Tags

Related Posts

Blog Post: Attacks on your Reputation

rhalbheer

There is definitely some risk in reputation-based systems: The Threat of Reputation-Based Attacks on Securityfix from Washington Post Roger

on 19 Sep 2007
Blog Post: Vulnerability Auction

rhalbheer

I wrote several times already about responsible disclosure and irresponsible disclosure. My point on that is clear: Every vendor has to have transparent and clear processes to handle vulnerabilities. These processes ensure that there will be a timely reaction on responsible disclosed as well as on irresponsible...

on 7 Jul 2007
Blog Post: Schneier on US Customs Notebook Searches: Do not follow the rules

rhalbheer

I just read this article by Bruce Schneier on what to do about US Customs searches: Taking your laptop into the US? Be sure to hide all your data first So, if you look at part of his recommendations, they are: You're going to have to hide your data. Set a portion of your hard drive to be encrypted...

on 16 May 2008
Blog Post: Why Today’s End-User Education Fails!

rhalbheer

I was reading a paper recently, where I initially thought it is a joke (it looked scientifically, therefore I was not too scared). But as our research department did it, it is serious and really, really good – at least it definitely made me think. It is called So Long, And No Thanks for the Externalities...

on 27 Mar 2010
Blog Post: Should the Government be able to enforce security updates?

rhalbheer

This is actually an interesting question. A lot of governments enforce rules and regulations on how you have to run your car, how often you have to check it, in which condition you have to keep your tires etc. The same is true for a lot of other devices we are using. Now, it seems that the US just...

on 13 Jun 2010
Blog Post: Oracle’s answer with regards to Security Patches

rhalbheer

You probably remember my post regarding Oracle DBAs rarely install patches . It was about a study where Sentrigo claimed (after having asked 305 people) that more than 2/3 of Oracle DBAs do not install the patches provided by Oracle. Now Oracle recently published a blog post called To Patch of Not To...

on 4 Feb 2008
Blog Post: Technology to Circumvent Censorship (Part 2)

rhalbheer

Back in March I blogged on a Technology to Circumvent Censorship . I actually expected some dialogue on this but today somebody posted an interesting comment, I think is worth reading. Just click the link above and look at the second comment Roger

on 24 Apr 2008
Blog Post: Why it pays to be secure – Chapter 3 – But how do I?

rhalbheer

Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use. Security — you hear about it every day. Being responsible for information security can be...

on 18 Oct 2009
Blog Post: Open Source and Hackers

rhalbheer

The debate is probably as old as the Open Source software development model: Which one is more secure: Open Source or shared source as we at Microsoft run it? I know that we could now enter a religious debate about that, which I do not want to as I do not really believe in the value of such debate. ...

on 9 Jun 2010
Blog Post: File Classification Infrastructure in Windows Server 2008 R2

rhalbheer

We recently revealed the File Classification Infrastructure in Windows Server 2008 R2. This infrastructure can help you to classify files not only based on the location where it is stored but based on content as well. However, there is not too much value for me to blog more about that, let the experts...

on 14 May 2009
Blog Post: Legal Risks of the Cloud

rhalbheer

I just stumbled across an interesting blog post named Legal Implications of Cloud Computing . I am not a lawyer and therefore unable to judge the details but overall it gives a good view of the risks and challenges. Roger

on 20 Aug 2009
Blog Post: Why I do not like e-Voting

rhalbheer

As you know, I am Swiss. Switzerland is known as being one of the most direct democracies in the world. It is not uncommon for us having (or being allowed) to vote every other month as there are a lot of ways to influence what our politicians and/or our government does. This makes the system often pretty...

on 30 Aug 2008
Blog Post: How to Align Work Live and Private Live

rhalbheer

It is often talked about the “New World of Work” or sometimes it is about bringing virtual and physical organizations together – which is often called the Hybrid organization. The Hybrid organization has different aspects: People, Technology and Buildings. We are running different pilots in different...

on 2 May 2010
Blog Post: Making the Management of Security Compliance Easier!

rhalbheer

As you all know, I have two main pet themes: Risk Management and Compliance Management as I see very often that there is room for improvement when it comes to such processes within our customers. Internally, we often think about how we can make it easier for our customers to manage compliance in their...

on 18 Feb 2010
Blog Post: Banning Social Media – a good idea?

rhalbheer

I am really against banning social media – especially with the reasoning of the work performance. To me, this is a management job, not a technology job and by banning social media to make people more productive – I doubt that this is really successful. Now, I read this article: Why Banning Social Media...

on 14 Apr 2010
Blog Post: Digital Phishnet Conference 2007

rhalbheer

Last week the first Digital Phishnet Conference in Europe took place in Berlin. Basically Digital Phishnet is an initiative to help to exchange information about Phishing-Sites in order to help enforcement. This is the core mission: Supporting Law Enforcement with information. So the participants are...

on 17 Jun 2007
Blog Post: Data Retention for ISPs

rhalbheer

As you probably know, I am based in Switzerland. Since quite some time, Swiss ISPs are mandated to retain their IP-logs for a few months in order to support Law Enforcement. It seems that the US is now going down this road as well and it will be interesting to see, what kind of data have to be logged...

on 25 Jan 2007
Blog Post: Once More: Only the Easiest Way is the Secure Way

rhalbheer

Well, my credo is well known in the meantime: We have to make it easy for users to work in a secure way. Otherwise the business (say: the users) will find ways around all our security solutions. I customer of us recently said: "I rather accept a little bit of higher risks but I know them compared to...

on 12 Dec 2007
Blog Post: Notebook searches at a country border

rhalbheer

I guess you still know the discussions a while ago where it was made public that notebooks can be searched without suspicion when you cross the border to the US. Actually the truth is, that this can happen everywhere as far as I understand. To be clear: I am not a lawyer, I am an engineer. However, when...

on 14 Jun 2010
Blog Post: Security Policies – Confidentiality

rhalbheer

Hmm, think about it, when you write the next version of your policy: Roger

on 1 Sep 2009
Blog Post: Security through Collaboration

rhalbheer

If you ever heard me keynote an event you know that one of the key messages I have is, that partnerships are necessary in order to be able to protect against today's threats. At Black Hat USA we just announced a new program called Microsoft Active Protections Program. The program is designed to give...

on 6 Aug 2008