Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Tags

Browse by Tags

TechNet Blogs » Roger's Security Blog » All Tags » processes
Related Posts

  • Blog Post: Ten Immutable Laws Of Security (Version 2.0)

    rhalbheer
    You might have known the 10 Immutable Laws Of Security since quite a while. It is kind of the “collected non-technical wisdom” of what we see in security respeonse being it in Microsoft Security Response Center or in our Security Product Support. There is now a version 2, which is still as important...
    on 16 Jun 2011

  • Blog Post: Cloud computing providers: Clueless about security?

    rhalbheer
    To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being significantly compromised. This is definitely not...
    on 4 May 2011

  • Blog Post: Behind the Curtain of Second Tuesdays: Challenges in Software Security Response

    rhalbheer
    You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of...
    on 2 Dec 2010

  • Blog Post: We Need Solid and Strong Transparent Processes for the Cloud

    rhalbheer
    This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
    on 8 Jun 2010

  • Blog Post: Identity in the Cloud

    rhalbheer
    Kim Cameron, one of our key identity architects had an interesting presentation on identity in the cloud and a corresponding interview. Both are worth looking at if you are planning to move into the direction of the cloud. Especially as it is definitely one of the key challenges: This is Kim's presentation...
    on 25 May 2010

  • Blog Post: Microsoft Security Intelligence Report – What it means for EMEA

    rhalbheer
    “Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a...
    on 5 May 2010

  • Blog Post: Want to introduce the Security Development Lifecycle? Play a Game

    rhalbheer
    I was recently pinged by a customer asking for the “real” version of this game. It was distributed at RSA in the US and I do not have any anymore – but you can still print it yourself. So, if you want to introduce SDL or if you introduced it already and want to re-enforce the message, look at that Elevation...
    on 22 Mar 2010

  • Blog Post: Security Advisory on the recent Internet Explorer Vulnerability

    rhalbheer
    I guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution . The reason for that is that our investigations have shown that this...
    on 15 Jan 2010

  • Blog Post: Look at the Enhanced Mitigation Evaluation Toolkit

    rhalbheer
    Recently we announced the availability of the Enhanced Mitigation Evaluation Toolkit. This is a toolkit which makes it easier to defend your application on different levels – free of charge. Read the post done by our Security Research and Defense guys: Announcing the release of the Enhanced Mitigation...
    on 29 Oct 2009

  • Blog Post: The Impact of the Downturn (part 2)

    rhalbheer
    Just a brief one: I wrote an article for Infosecurity which was just published in the latest version covering the economic downturn as well. It is called Time to Step Up and can be found on page 45 of the latest edition . Roger
    on 23 Apr 2009

  • Blog Post: Conficker and Microsoft Anti-Malware Software

    rhalbheer
    I want to add a few things as it is still not over: More and more enterprises are still hit. My last blog post showed you what you can do but I wanted to add two resources and a comment. The comment first: There were some discussions about our Anti-Malware solution. We had protections in all our products...
    on 14 Jan 2009

  • Blog Post: Spying on Smartphones

    rhalbheer
    I was recently at an event for Law Enforcement where one of the discussion points was how critical it is to protect Smartphones – actually it was more about how easy to would be to claim that my Smartphone was hacked and how proof can be found. That you should run Anti-Malware software on phones, is...
    on 26 Dec 2008

  • Blog Post: Stealing the Empire State Building in 90 Minutes

    rhalbheer
    You do not trust e-Business? Why do you trust “normal” business then? Read this: Newspaper 'Steals' Empire State Building in Just 90 Minutes Roger
    on 18 Dec 2008

  • Blog Post: Security Risks in the Supply Chain?

    rhalbheer
    At the moment I am travelling through the Gulf in order to launch the Security Intelligence Report v5 with local data. During one of the discussions today, a question was raised which I was thinking about quite some while (but – honestly - do not have an answer yet): How do you manage the risks in your...
    on 24 Nov 2008

  • Blog Post: This is about processes: Google Chrome Vulnerable to Carpet Bombing

    rhalbheer
    This is the kind of stuff I hate to see – definitely within Microsoft but to a similar extent within competitors. I think we have a joint mission: Make the Internet a safer (and more trustworthy) place. There was quite some noise yesterday around Google Chrome. And a lot of noise about "safer browsing...
    on 3 Sep 2008

  • Blog Post: Secure Development: More than „just“ code!

    rhalbheer
    I just read an interesting post by Michael Howard ( Security is bigger than finding and fixing bugs ). He refers to a statement Google seem to have made on its development practices ( Google shares its security secrets ): In order to keep its products safe, Google has adopted a philosophy of 'security...
    on 18 Aug 2008

  • Blog Post: New Information on SQL Injection Attacks

    rhalbheer
    I just wanted to make sure that you have seen the Advisory ( Rise in SQL Injection Attacks Exploiting Unverified User Data Input ) where we added some additional information. This is especially important as we did not "only" publish guidance but tools as well: Detection – HP Scrawlr (a free scanner...
    on 24 Jun 2008

  • Blog Post: Selling Vulnerabilities and Ethics

    rhalbheer
    Shoaib just blogged on Hacking & Security Community - Ethical or Unethical? . To start with: I do not claim that I know all about ethics and that there is only one view on ethics but I have a clear view on certain things. I blogged on this theme several times already and made my points pretty clear...
    on 18 May 2008

  • Blog Post: Support for Law Enforcement and COFEE

    rhalbheer
    Over the last few weeks there has been a lot of chatter about a tool we provide in a Beta version to Law Enforcement called COFEE: Computer Online Forensic Evidence Extractor. Let me give you some information on COFEE and put it into the proper context. I am personally convinced that every company...
    on 14 May 2008

  • Blog Post: The Debate on Security Metrics

    rhalbheer
    Recently I was sitting on a panel which was pretty heterogeneous: There was a representative from IBM (actually from former ISS), customers, a representative from the Open Source community (who actually, during his presentation always said how bad our security is) – well, and me. In order to have some...
    on 9 May 2008

  • Blog Post: SDL and End to End Trust

    rhalbheer
    Last week we published – as you hopefully know – our "End to End Trust" whitepaper. If not, please read my blog post on it J Now, Eric Bidstrup just commented on End to End Trust in the light of the Security Development Lifecycle (or better: the other way around). It might be interesting for you to...
    on 17 Apr 2008

  • Blog Post: What can you do if you are a victim of e-crime?

    rhalbheer
    I think that there is a very good example of how a platform could be offered for victims of cyber crime. There are often questions around: What are my rights? What can I do if something bad happens? Who is here to help?... www.e-victims-org offers answers to a lot of questions like those and offers...
    on 21 Jan 2008

  • Blog Post: Oracle DBAs rarely install Patches

    rhalbheer
    Wow, this is scary: A company called Sentrigo just published a study about how DBAs patch Oracle databases . Even though you could challenge their findings (they asked only 305 people) and therefore only shows half the truth, it is really scary (I quote): When asked: "Have you installed the latest...
    on 15 Jan 2008

  • Blog Post: Common Criteria and answering the “real” questions

    rhalbheer
    It seems that I am not yet gone J . Eric Bidstrup, a colleague of mine, wrote a great blog post about Common Criteria, where it does a pretty good job and where it fails. Basically he claims – and I could not agree more – that the customer "only" wants to know whether the operating system "is safe"....
    on 28 Dec 2007

  • Blog Post: The Value of Operating System Comparisons

    rhalbheer
    Since Blaster/Slammer, namely since the start of Trustworthy Computing I am working at Microsoft in a publically facing security role. I went through all the blaming and had to take all the heat of what we did wrong and how bad we are – and I admitted there and still do today that security was not a...
    on 17 Nov 2007
© 2013 Microsoft
|