Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Tags

Browse by Tags

TechNet Blogs » Roger's Security Blog » All Tags » processes
Related Posts

  • Blog Post: You deployed MS09-008 – are you now protected?

    rhalbheer
    You might have seen several reports that MS09-008 does not protect you from the vulnerabilities. We reviewed these claims and customers who have deployed MS09-008 are protected from the four vulnerabilities. If you want to have the details, you should consult our Security Research & Defense Blog...
    on 14 Mar 2009

  • Blog Post: Cyber Security: The Road Ahead

    rhalbheer
    This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed...
    on 14 Apr 2011

  • Blog Post: Mozilla Patches Fastest. NOT!

    rhalbheer
    I only believe the statistics I forged myself So, once more, there is a debate on which browser is the most secure, who fixed which vulnerabilities how fast. The Secunia Report 2008 was just published and it seems that this injects once more the fire about browser security. Out Jeff Jones just posted...
    on 9 Mar 2009

  • Blog Post: The latest SQL Injection Attacks

    rhalbheer
    Well, there was quite some chatter over the last few weeks with regards to the massive defacements we saw based on SQL Injection Attacks. So, what was really new? Close to nothing. Well, this is not completely true. The new thing we have seen with these attacks is automation; however a lot of people...
    on 30 May 2008

  • Blog Post: How we do IT: Direct Access

    rhalbheer
    You might know that we have something we call the Microsoft IT Showcase , where our internal IT shows how they use our technology to run our environment. Now, we just published a new article, which might be interesting for you to read called Using DirectAccess to Provide Secure Access to Corporate Resources...
    on 25 May 2009

  • Blog Post: Are we talking about the right things?

    rhalbheer
    I am in Qatar at the moment at the Doha Information Security Conference. They actually have a very interesting setup as they only have very short presentations (about 5-10 minutes) of approx. 2 people and from there on they are working with a panel discussion on the topic during the rest of the hour...
    on 10 Jun 2008

  • Blog Post: Security Compliance Management – Beta Available

    rhalbheer
    Compliance is the theme of the day at the moment. We often even see the Security Officers starting to report to the head of compliance. So, if you are interested in this, we just launched the Security Compliance Management Beta for you to download. I quote from the website: The Security Compliance...
    on 4 Apr 2008

  • Blog Post: Would a properly managed IT have withstood Conficker?

    rhalbheer
    Before I start here: Let’s be clear that I will not say (and will never say) that if a customer was infected with Conficker he had a poorly managed network! I had a lot of discussions over the course of time about the reasons for customers being infected. We all know the attack vectors of Conficker but...
    on 4 Mar 2009

  • Blog Post: SAFECode released „Fundamental Practices for Secure Software Development”

    rhalbheer
    SAFECode just released a new paper called Fundamental Practices for Secure Software Development . This is a collaboration of different people from different companies (SAP, EMC, Symantec, Juniper, Nokia and Microsoft). As you probably know, SAFECode is a Forum to share good practices around development...
    on 8 Oct 2008

  • Blog Post: Windows Server 2008 Hyper-V Role EAL 4+ certified by BSI

    rhalbheer
    That’s new: We have Windows Server 2008 Hyper-V Common Criteria EAL 4+ certified. The new thing is that we certified it in Germany by the BSI (Bundesamt für Sicherheit in der Informationstechnik). You can find the report here: https://www.bsi.bund.de/cae/servlet/contentblob/612768/publicationFile/35487...
    on 15 Aug 2009

  • Blog Post: Security Development Lifecycle – Website!

    rhalbheer
    I often talk about how we learned to engineer security into the products and the results prove that we are on the right track. One of the challenges we always have is how to help the ecosystem to improve as well. One of the ways is to communicate through our website. Not, that this is really new news...
    on 8 Mar 2010

  • Blog Post: Children – A Threat For Corporate Security?

    rhalbheer
    I read this article this morning: Safer Internet Day: How children can undermine corporate security and it actually reminds me of all the PCs I looked at in my private environment. When I see a heavily infected PC, the parents always keep telling me that the Peer-to-Peer network software on the PC was...
    on 10 Feb 2010

  • Blog Post: Security Pros ignoring their own message

    rhalbheer
    As you probably know: I am Swiss. We have a saying in Switzerland (I do not know whether something like this exists in English as well) that the kids of the shoemaker always have the worst shoes… So, what about the security professionals? No, I am not talking about their shoes but what about the way...
    on 25 Apr 2008

  • Blog Post: There it is – the security Silver bullet

    rhalbheer
    I love that: There is finally software that is free of bugs and completely secure. Hmm, this kind of reminds me of the world-famous marketing campaign of a big software company which called itself "unbreakable". However, let's be fair: There is an article out there called 11 open-source projects certified...
    on 12 Jan 2008

  • Blog Post: Are You Focused On The Wrong Security Risks?

    rhalbheer
    There is an good article on CIO Central: Are You Focused On The Wrong Security Risks? An interesting discussion and I part agree that we have to challenge the way we look at the security risks. I would even broaden the questions he raises. When I talk about industry trends, which impact your risk landscape...
    on 28 Jan 2011

  • Blog Post: Is the “Managed Desktop” the ultimate solution?

    rhalbheer
    When I talk about the big trends, one of them is about the call of the younger generation for more flexibility. Flexibility in this context is about where you work, when you work and how you organize yourself. If you take this as a given, you have to wonder whether today’s IT is able to cope with that...
    on 1 Sep 2009

  • Blog Post: Security Updates and Exploits

    rhalbheer
    As you may know, we announced version four of the Microsoft Security Intelligence Report earlier this week. Amongst the many interesting findings is data which relates to software vulnerability exploits. I wanted to highlight these as Shoaib, one of my blog readers, contacted me recently to get my views...
    on 25 Apr 2008

  • Blog Post: Monitoring the Virtual Environment

    rhalbheer
    I recently blogged on how I monitor my environment: Monitoring - a Key Activity to a Trustworthy Infrastructure? In the meantime, I am doing more. I was just recently looking into System Center Virtual Machine Manager (VMM). So, I installed it on my monitoring server and started to manage my virtual...
    on 9 Sep 2009

  • Blog Post: The Race for the first Vista Vulnerability

    rhalbheer
    It is really interesting to see: At the moment there seems to be a big race to find the first real Windows Vista vulnerability and to go public with it. I know that there are some reports out there claiming that the found THE single biggest issue in Vista. Let's look at one of them: http://www2.csoonline...
    on 15 Mar 2007

  • Blog Post: Servers still not patched

    rhalbheer
    I just read an article this morning on Linux servers under the Phalanx gun: A problem with people, not code . There were quite some things which made me think when I read it: There was a statement in there, which I – obviously – did not like at all: Linux may be inherently more secure as a system...
    on 29 Aug 2008

  • Blog Post: Rent a Botnet on eBay (Part 2)

    rhalbheer
    You might have seen my recent blogpost on the botnet on eBay. They have seen it (we briefly touched base on that) and – now it's gone: Cool stuff! Roger
    on 13 Sep 2008

  • Blog Post: Why it pays to be secure – Chapter 5 – I need tools!

    rhalbheer
    Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use. So far, in the first 4 chapters, we have addressed the usual excuses for not Managing Your IT Environment...
    on 6 Mar 2010

  • Blog Post: Security Development Lifecycle Template – Your next step to “Secure Development”

    rhalbheer
    You might remember it: January 15th, 2002 Bill Gates wrote the famous memo on Trustworthy Computing to all the employees at Microsoft. This was probably one of the biggest initiatives at Microsoft and radically changed the way we develop software (and much, much more). I remember when I was the first...
    on 19 May 2009

  • Blog Post: Legal Challenges of International Business and the Cloud

    rhalbheer
    To start with: I am an engineer not a lawyer – and this might be part of the problem… When I started to think about the Cloud and security and thought about all the work I do with Law Enforcement and the challenges they face. Additionally, I started to think about the legal challenges we – as an industry...
    on 9 Mar 2010

  • Blog Post: Deploying PKI

    rhalbheer
    Recently I decided to spend some time to implement some new technologies in my environment at home. The environment itself is a mixture between test and production. If you are reading this post on www.halbheer.info/security , you are already accessing this environment. So, I host my web server, mail...
    on 12 Mar 2009