Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: On-Premise vs. On-Demand (or SaaS) – A Quocirca Report

    I was made aware of a pretty good report on Software as a Service Quocirca did in collaboration with Microsoft. It is not the kind of "new, what you never heard before"-thing but I personally think that it is a good investment of time to get an overview of Software as a Service and some additional views...
  • Blog Post: Security Advisory on the recent Internet Explorer Vulnerability

    I guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution . The reason for that is that our investigations have shown that this...
  • Blog Post: Open Government Data Principles

    In December about 30 government advocates assembled to decide on - what they called - Open Government Data Principles. Even though the group was very US focused (if you look at the list of participants ), the outcome is very interesting. I quote the main page of the working group : By embracing the eight...
  • Blog Post: Some Thoughts on UAC

    I blogged several times already on UAC as this has been (and partly still is) a very disputed security feature in Windows Vista (which I still support!). I just found today a not really new blog post on UAC, which I think is worth reading. It is from April this year and is called UAC: Desert Topping...
  • Blog Post: Spotlight – The coolest online event platform

    You know about Silverlight, don't you? We built a new Online Event platform on it. Sorry? You did NOT hear of Silverlight yet? Come on, don't tell me you missed this announcement? It is absolutely cool and if you really missed it, there you go: Sliverlight . But now let's really talk about Spotlight...
  • Blog Post: Why Apple has to fix the Safari flaw

    Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to responsible disclosure of vulnerabilities: And then, what does the vendor do with it? Does the company act on it? Now, we can debate on what a vulnerability is and what not. Personally I am convinced...
  • Blog Post: We Need Solid and Strong Transparent Processes for the Cloud

    This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
  • Blog Post: IPSec Interop

    Based on my post about IPSec, Steve Lamb posted about IPSec Interoperability and has an interesting follow-up link: How to implement IPSec between LINUX and Windows Vista: Why use IPSec network security? Roger
  • Blog Post: Are you ready for Unified Communications?

    Today, Bill Gates sent out a mail to roughly 300'000 subscribers of the Executive Mail . This time he does a recap of his Unified Messaging mail which he sent out in 2006 and gives an overview of the advances we had since then. To name just a few: Office Communicator 2007 and Office Communication Server...
  • Blog Post: Securing My Infrastructure: Introduction

    As you probably know, some time ago, I asked for feedback and themes you are interested in. Some of you replied to me privately, some with comments and I would like to thank you for the constructive feedback. One of the inputs I got several times is that you would like to get more information how to...
  • Blog Post: Risks in Online Calendar Sharing

    Do you know that scenario: My wife would like to fix a meeting and should have access to my calendar. I am not available, therefore she cannot just call me but - again - she should see my availability. Not uncommon, isn't it? A typical solution for this: I have to run two calendars, one for business...
  • Blog Post: The “successful” attack on Cardspace

    I guess you read it as it was pretty wide-spread in the press in the last few days: On the Insecurity of Microsoft's Identity Metasystem CardSpace . Well, is there any official Microsoft reaction to it? No, not yet and if you look a little bit more in depth into it, I doubt that there will be. Why...
  • Blog Post: Insight into IPSec

    I hope you enjoyed Christmas as much as I did (now working on losing weight again J ). Soon I will be in the mountains but before I leave, I found something pretty interesting to read: Tech Insight: Microsoft's IPSec Roger
  • Blog Post: Microsoft Security Intelligence Report – What it means for EMEA

    “Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a...
  • Blog Post: Analysis of recent vulnerabilities

    Michael Howard just wrote a post about recent vulnerabilities of third-party applications he looked into. This is pretty interesting as it shows certain challenges of current processes (e.g. what do you do with third-party software you rely on?): Recent Symantec and IBM vulnerabilities, giblets, banned...
  • Blog Post: Want to check your Up- and Download-Speed

    I just stumbled across a pretty cool website allowing you to measure your up- and download speed wherever you are. Additionally you can compare it with others: http://www.speedtest.net Roger
  • Blog Post: Mandatory Keyloggers in Cyber Cafes

    It is pretty well-known that there is a high risk of keystroke loggers in Cyber Cafés. That they are declared mandatory in a country however is pretty tough stuff: http://yro.slashdot.org/firehose.pl?id=281251&op=view Roger
  • Blog Post: Microsoft Advisory for Safari Flaw

    I posted yesterday on the Safari flaw ( Why Apple has to fix the Safari flaw ) as Apple did not acknowledge that this is a security vulnerability. Unfortunately we had now to release an advisory for this as we started to see that the bad guys could use this "feature" to attack machines – we are calling...
  • Blog Post: Learnings on Publishing SharePoint on ISA Server

    Here Blogging on MOSS 2007 (SharePoint) I talked about the way I use SharePoint and a Codeplex application to build a blog. Shoaib was so kind to let me know that the links of the RSS feed point to the internal server rather than the public URL. If you are interested in the findings, what happened and...
  • Blog Post: Is a Copier Your Biggest Security Risk?

    Probably not. However, it indefinitely is a security risk. We are talking about this since a looooooong time as such copiers are sold since 2002. I just recently heard that the criminals are looking into this heavily and now it is even discussed publically on BCS News: Copy Machines, a Security Risk...
  • Blog Post: Why I do not like e-voting (part 3)

    It goes on and on and on: Read this one Judge Suppresses Report on Voting Machine Security Roger
  • Blog Post: Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy

    As you know (at least I hope that you do) we introduced Network Access Protection with Windows Server 2008. Thomas Shinder now published an article on WindowsSecurity.com about how to implement NAP and IPSec and Domain Isolation via Group Policies. It is a first part of a very good step-by-step guide...
  • Blog Post: Safari to crash XP

    Not only that it is "forced" on the clients – it seems even to crash Windows XP machines: Safari 3.1 Crashes On Windows XP, Users Complain – and now I stop complaining Roger
  • Blog Post: Hacking the Human Body

    Years ago I was sitting in a healthcare event, when a researcher was talking (very excited) about the idea of having a pacemaker with Bluetooth access to fine-tune the system and read information from the sensors. Even though this might medically be a great idea, I would be fairly reluctant having such...
  • Blog Post: How to do security in Development

    Michael Howard just pointed us to a resource that could be interesting for you as well – it was new to me at least J We have a set of short videos (3-10 min.) on how to address some security challenges in development: "How Do I?" Videos for Security And this time you can even download them in the...