Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Tagged Content List
Security of Car Software
We have seen some of the attacks recently, where people started to attack either the locks or the technology/software in the car itself controlling the chassis etc. On DarkReading I was just reading this article: Car Systems Reminiscent of Early PCs One of the things I do not get with cars is the way...
9 Sep 2011
Cloud computing providers: Clueless about security?
To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being significantly compromised. This is definitely not...
4 May 2011
Rediscover Microsoft Security Guides
Fairly often I am asked whether the Security Guides for our products still exist. The good news is: They do. The bad news is: They are called differently The previously stand-alone Microsoft product-specific security guides are now included within the Microsoft Security Compliance Manager (SCM) tool...
2 May 2011
On the effectiveness of DEP and ASLR
Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR . There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and...
9 Dec 2010
Hotmail now with full-session SSL
If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS encryption Roger
11 Nov 2010
Open Source and Hackers
The debate is probably as old as the Open Source software development model: Which one is more secure: Open Source or shared source as we at Microsoft run it? I know that we could now enter a religious debate about that, which I do not want to as I do not really believe in the value of such debate. ...
9 Jun 2010
We Need Solid and Strong Transparent Processes for the Cloud
This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
8 Jun 2010
How to Align Work Live and Private Live
It is often talked about the “New World of Work” or sometimes it is about bringing virtual and physical organizations together – which is often called the Hybrid organization. The Hybrid organization has different aspects: People, Technology and Buildings. We are running different pilots in different...
2 May 2010
Hacking Incidents 2009 – Interesting Data
There is a project called the web hacking incident database (WHID), which collects data and statistics on web-application related security incidents. I was just looking into their report called The Web Hacking Incident Database 2009 which has some pretty interesting statistics in. In order to judge...
12 Mar 2010
Insider Threat of Cloud Computing
Tonight I got this article forwarded to me: Afraid of outside cloud attacks? You're missing the real threat . David Linthicum (the author) claimed that if you are looking at the hackers attacking “your” cloud from the outside, you are missing the real problem as the insider threat is still bigger. When...
11 Mar 2010
Making the Management of Security Compliance Easier!
As you all know, I have two main pet themes: Risk Management and Compliance Management as I see very often that there is room for improvement when it comes to such processes within our customers. Internally, we often think about how we can make it easier for our customers to manage compliance in their...
18 Feb 2010
Children – A Threat For Corporate Security?
I read this article this morning: Safer Internet Day: How children can undermine corporate security and it actually reminds me of all the PCs I looked at in my private environment. When I see a heavily infected PC, the parents always keep telling me that the Peer-to-Peer network software on the PC was...
10 Feb 2010
Cloud Security Paper: Looking for Feedback
As most of you as well, I was looking for information and opinions on Cloud Security over the last year. I found a lot of papers but when I talk to our customers I realize that they think about the Cloud but Cloud Security is mainly something for the specialists – which it is not for me. Therefore I...
30 Jan 2010
IE Vulnerability: Going Out of Band
Just to make sure you have seen that: We just released a blog Security Advisory 979352 – Going out of Band Quoting the blog: Based on our comprehensive monitoring of the threat landscape we continue to see very limited, and in some cases, targeted attacks. To date, the only successful attacks that...
19 Jan 2010
Security Advisory on the recent Internet Explorer Vulnerability
I guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution . The reason for that is that our investigations have shown that this...
15 Jan 2010
Leveraging Data Execution Prevention (DEP)
The recent IE attacks have show again that the current technology built in Windows Vista and Windows 7 could at least help to mitigate the attacks. One of these technologies which could be used more broadly is Data Execution Prevention (DEP). Here is how to switch DEP on (it is fairly well hidden). First...
15 Jan 2010
Microsoft Security Essentials – Coming even closer to you
Today we were adding 17 additional markets to our Microsoft Security Essentials offering. I am really excited about that as all these markets are in EMEA: Algeria, Bahrain, Egypt, India, Jordan, Kuwait, Lebanon, Morocco, Oman, Pakistan, Qatar, Romania, Russia, Saudi Arabia, South Africa, Tunisia, and...
15 Dec 2009
Summary of Bitlocker Discussions
Last week there was quite some discussion about “successful attacks” on Bitlocker. Those discussions are often quite interesting for me as they show sometimes that people are looking for one technical solution for all the problems. Bitlocker has a clear threat model it wants to protect you from. This...
11 Dec 2009
Get Safe Online: Don’t be a Money Mule
You know, there are people who blog late, there are people who blog very late and then there is me… I actually missed that one even though I was triggered: Mid November there was the Get Safe Online Week 2009 in the UK. Usually they do really good stuff and this is the reason I usually blog on it. As...
4 Dec 2009
Questions to Ask your (Security) Vendor
You know that I am a big fan of Security Development Lifecycles as we run it internally to build code which is more resilient against attacks. And I recently blogged on Security - A Feature Discussion? Some Thoughts on Google's Chrome OS as I am convinced that it is much more important to look into the...
1 Dec 2009
Security and Usability
It is not a new concept: The secure way is only secure if it is the easiest way. I have seen a lot of solutions which are extremely secure – in the eyes of the security people. However, the users find a lot of ways to circumvent the security measures because they are too complex to fulfill the business...
26 Nov 2009
Security – A Feature Discussion? Some Thoughts on Google’s Chrome OS
To be clear upfront: This is not a “Microsoft versus Google” post. I cannot even judge how far Google pushed security with the Chrome OS. But the following article raised quite some questions how we look at security: Inside the Google Chrome OS security model . This article, like so many when security...
19 Nov 2009
Power of Knowledge: Security Intelligence Report v7
It is a good tradition since quite a while that we make the intelligence we have available accessible to the broad public. This will help out customers to protect themselves much better. The Security Intelligence Report (SIR) is built on a unparalleled set of sensors out there in the Internet: Malicious...
2 Nov 2009
Security Compliance Management Toolkit Series for IE 8 and Windows 7
Just a brief one: the Security Compliance Management Toolkit Series has been updated to incorporate Internet Explorer 8 and Windows 7. So, to help you to manage security and compliance in your environment, you should have a look at it: http://technet.microsoft.com/en-us/solutionaccelerators/cc835245...
30 Oct 2009
Look at the Enhanced Mitigation Evaluation Toolkit
Recently we announced the availability of the Enhanced Mitigation Evaluation Toolkit. This is a toolkit which makes it easier to defend your application on different levels – free of charge. Read the post done by our Security Research and Defense guys: Announcing the release of the Enhanced Mitigation...
29 Oct 2009
Page 1 of 10 (241 items)
© 2013 Microsoft Corporation.
Privacy & Cookies