Browse by Tags

Related Posts

Blog Post: Selling Vulnerabilities?

rhalbheer

Think about it: You found a way of breaking into my house (would not be too hard though but let's just use this as an example) and you are selling this knowledge to intruders. Is this legal? Is this ethical? I mean, my home has vulnerabilities and if you discover a easy way to get in. Are you really...

on 6 Feb 2007
Blog Post: Bitlocker To Go – Cool Stuff

rhalbheer

I guess you know my view to protection of USB-ports. I get often asked how you can protect your user’s from using USB-sticks. There are ways – especially in Vista – but don’t do it. Your users most probably have a good business reason, why they would want to use USB-sticks and by not letting them, they...

on 1 Jul 2009
Blog Post: RSA Europe: Are you ready for security and privacy?

rhalbheer

Do you remember? In January 2002, Bill Gates sent a famous mail to all the Microsoft employees and announced Trustworthy Computing . Since then it became part of our DNA. The interesting thing to me is, that the four pillars of TwC remained the same (except for pillar four, which we had to re-name)....

on 23 Oct 2007
Blog Post: SAFECode: Writing Secure Code – learning from each other

rhalbheer

During RSA Europe an industry forum called SAFECode ( S oftware A ssurance F orum for E xcellence in C ode) was announced " to identify and share software assurance best practices, promote broader adoption of such practices into the cyber ecosystem, and work with governments and critical infrastructure...

on 2 Nov 2007
Blog Post: It’s All the User’s Fault

rhalbheer

Isn't it true? Don't we always say that there is a PICNIC problem (Problem in Chair, not in Computer)? When we talk about security we often talk about the user – and this is right so. But do we always give the user what he needs to protect their information? Look at this story: Sensitive military files...

on 17 Jul 2007
Blog Post: SQL Injection – again?

rhalbheer

This week I had – again – a longer mail thread on SQL Injection attacks. Probably it caught me at the wrong moment, as it was a very long week preparing for the IE Out of Band making sure everybody knows what they have to do. And then… I was actually pinged by our office in Ireland as a blogger who...

on 22 Dec 2008
Blog Post: Microsoft has the shortest Security Update Development cycle

rhalbheer

Have you had a look at Symantec's latest Threat Report? It can be found here: http://www.symantec.com/content/de/de/about/downloads/PressCenter/ISTRXII_Main.pdf I briefly read through it and one statement caught my eye: Page 54: Of the five operating systems tracked in the first six months of 2007...

on 26 Oct 2007
Blog Post: OEMs: Join in to "Secure by Default"

rhalbheer

I recently purchased a PC for my parents and then started to install it – well actually used the OEM installation to get it up and running with Windows Vista Home Premium. I was pretty surprised how easy it was to actually have a running system (I usually re-format the disk if I have to install a PC...

on 21 Jun 2007
Blog Post: WabiSabiLabi and their view on ethics

rhalbheer

I commented on that already twice and I stated that WabiSabiLabi seems to have a different view on ethics than me. For those of you who do not know WabiSabiLabi, it is an online auction for vulnerabilities . We met the founder of this platform during Blue Hat in Redmond and had some discussions on ethics...

on 8 Nov 2007
Blog Post: Windows 7 XP Mode - Sophos error: facts not found

rhalbheer

Well, the title is not completely from me – I just quoted another blog post. I wrote recently on Why Windows 7 XP Mode makes sense from a security perspective and was even quoted on the register. The “funny” thing was the history of that blog: I was readying some Tweets and blogs where XP Mode was just...

on 27 Aug 2009
Blog Post: Windows Live OneCare 2.0 Beta available

rhalbheer

Looking at my father's PC I always faced the same problem: I wanted to give him a solution that actually took care of his PC without having me too often involved J . Some time ago, we had some particular solutions: Backup (use the backup in Windows) Anti-Virus (use a third-party product which often...

on 12 Jul 2007
Blog Post: Analysis of recent vulnerabilities

rhalbheer

Michael Howard just wrote a post about recent vulnerabilities of third-party applications he looked into. This is pretty interesting as it shows certain challenges of current processes (e.g. what do you do with third-party software you rely on?): Recent Symantec and IBM vulnerabilities, giblets, banned...

on 5 Jan 2008
Blog Post: Both Sides of the Windows 7 UAC Problem

rhalbheer

I have to come back to the UAC problem again. I just read a good article from Larry Seltzer on eWeek.com: Both Sides of the Win7 UAC Problem I think it is one of the first one I read, which takes the emotions out of the discussion and tries to understand the real problem. He made actually an interesting...

on 5 Feb 2009
Blog Post: Renting a Botnet on eBay

rhalbheer

It is getting better over time: Now you can rent a Botnet on eBay to increase your hitrate on YouTube (By the way: Free shipping is included): http://cgi.ebay.com/Guaranteed-100-000-views-for-your-YouTube-video_W0QQitemZ220279609299QQcmdZViewItem?hash=item220279609299&_trkparms=72%3A1163|39%3A1...

on 11 Sep 2008
Blog Post: Securing your Router Part II

rhalbheer

In my last post, I wrote about the risk of not changing the router passwords. Well, if you need one, Bruce Schneier just posted a link to an extensive list of default passwords: http://www.schneier.com/blog/ I think that it would be time that router and access point manufacturers think about "secure...

on 26 Feb 2007
Blog Post: “The Security Business has no Future” (Quote by IBM)

rhalbheer

This is actually an interesting statement. If you had ever to deal with the press you know how these headlines are composed. It might be that the person actually made the sentence in this way – the question is whether he meant it so absolute. Nevertheless, if you read the corresponding article on darkReading...

on 14 Apr 2008
Blog Post: Nigeria: I told you they are serious

rhalbheer

Remember my blog post where I told you not to forget countries like Nigeria ( I was visiting Nigeria – watch out! )? They really seem to be serious. In the last few weeks we had some troubles getting hold of the head of EFCC (I will tell you more in a week) and now, we have at least some suspicion why...

on 13 Dec 2007
Blog Post: Information Accountability

rhalbheer

I just read a pretty interesting paper; you should have a look at. The interesting thing is – from my point of view – the paper is close to your End to End Trust paper we published in March. What I want to say with that is, that it seems that several forces in the security ecosystem are moving in the...

on 24 Sep 2008
Blog Post: Why it pays to be secure – Chapter 2 – Vulnerabilities

rhalbheer

Our EMEA Security Program Manager, Henk van Roest, started this series internally and with his consent I am publishing it here in my blog as I think it contains a lot of great information for you to use. The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the...

on 4 Sep 2009
Blog Post: Out of Band Security Update to be Released

rhalbheer

I guess you have seen this already but wanted to make sure that we are reaching you: We are planning to release an Out of Band Security Update today 10am Pacific Time (which is 18pm GMT). This update will affect all currently supported versions of Windows. Please read the official Advanced Notification...

on 23 Oct 2008
Blog Post: Why Windows 7 XP Mode makes sense from a security perspective

rhalbheer

I have to admit: When I first learned about Windows 7 XP Mode I was quite surprised. How can we actually ship an XP Virtual Machine with Windows 7? Well, then I started to think (no, it did not hurt too much)… But before I share my findings with you, let me tell you a story: A few months back, a friend...

on 17 Aug 2009
Blog Post: Protecting your disk with biometric devices?

rhalbheer

As you (hopefully) know, Windows Vista ships with a component we call Bitlocker - at least some of the Windows Vista versions do. Now, Bitlocker can be run with different way of protecting your keys: a TPM chip (basically a smartcard on your motherboard), a normal USB-stick, the TPM chip with a password...

on 23 Apr 2007
Blog Post: Teach a Man to Fish

rhalbheer

I just read a pretty good article that goes definitely into the direction I am trying to work with the different communities we are in touch. Even though technology is a key part of any security solution, the user is key and explaining the user the "why" is even more important. Read yourself: Teach...

on 26 Nov 2007
Blog Post: The Impact of the Security Development Lifecycle

rhalbheer

Jeff Jones just started a blog series to show the impact of our Security Development Lifecycle on the updates to be deployed. It is a pretty interesting read: Here is the February version: Feb09 Security Bulletin SDL Benefit Summary Roger

on 18 Feb 2009
Blog Post: Cloud Security Paper: Looking for Feedback

rhalbheer

As most of you as well, I was looking for information and opinions on Cloud Security over the last year. I found a lot of papers but when I talk to our customers I realize that they think about the Cloud but Cloud Security is mainly something for the specialists – which it is not for me. Therefore I...

on 30 Jan 2010