Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Tags

Browse by Tags

TechNet Blogs » Roger's Security Blog » All Tags » technology
Related Posts

  • Blog Post: Is a Copier Your Biggest Security Risk?

    rhalbheer
    Probably not. However, it indefinitely is a security risk. We are talking about this since a looooooong time as such copiers are sold since 2002. I just recently heard that the criminals are looking into this heavily and now it is even discussed publically on BCS News: Copy Machines, a Security Risk...
    on 26 Jun 2010

  • Blog Post: We Need Solid and Strong Transparent Processes for the Cloud

    rhalbheer
    This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
    on 8 Jun 2010

  • Blog Post: Hacking the Human Body

    rhalbheer
    Years ago I was sitting in a healthcare event, when a researcher was talking (very excited) about the idea of having a pacemaker with Bluetooth access to fine-tune the system and read information from the sensors. Even though this might medically be a great idea, I would be fairly reluctant having such...
    on 27 May 2010

  • Blog Post: Microsoft Security Intelligence Report – What it means for EMEA

    rhalbheer
    “Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a...
    on 5 May 2010

  • Blog Post: Security Advisory on the recent Internet Explorer Vulnerability

    rhalbheer
    I guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution . The reason for that is that our investigations have shown that this...
    on 15 Jan 2010

  • Blog Post: Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy

    rhalbheer
    As you know (at least I hope that you do) we introduced Network Access Protection with Windows Server 2008. Thomas Shinder now published an article on WindowsSecurity.com about how to implement NAP and IPSec and Domain Isolation via Group Policies. It is a first part of a very good step-by-step guide...
    on 14 Oct 2008

  • Blog Post: Some Thoughts on UAC

    rhalbheer
    I blogged several times already on UAC as this has been (and partly still is) a very disputed security feature in Windows Vista (which I still support!). I just found today a not really new blog post on UAC, which I think is worth reading. It is from April this year and is called UAC: Desert Topping...
    on 6 Oct 2008

  • Blog Post: Why I do not like e-voting (part 3)

    rhalbheer
    It goes on and on and on: Read this one Judge Suppresses Report on Voting Machine Security Roger
    on 5 Oct 2008

  • Blog Post: On-Premise vs. On-Demand (or SaaS) – A Quocirca Report

    rhalbheer
    I was made aware of a pretty good report on Software as a Service Quocirca did in collaboration with Microsoft. It is not the kind of "new, what you never heard before"-thing but I personally think that it is a good investment of time to get an overview of Software as a Service and some additional views...
    on 4 Jun 2008

  • Blog Post: The “successful” attack on Cardspace

    rhalbheer
    I guess you read it as it was pretty wide-spread in the press in the last few days: On the Insecurity of Microsoft's Identity Metasystem CardSpace . Well, is there any official Microsoft reaction to it? No, not yet and if you look a little bit more in depth into it, I doubt that there will be. Why...
    on 2 Jun 2008

  • Blog Post: Microsoft Advisory for Safari Flaw

    rhalbheer
    I posted yesterday on the Safari flaw ( Why Apple has to fix the Safari flaw ) as Apple did not acknowledge that this is a security vulnerability. Unfortunately we had now to release an advisory for this as we started to see that the bad guys could use this "feature" to attack machines – we are calling...
    on 31 May 2008

  • Blog Post: Why Apple has to fix the Safari flaw

    rhalbheer
    Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to responsible disclosure of vulnerabilities: And then, what does the vendor do with it? Does the company act on it? Now, we can debate on what a vulnerability is and what not. Personally I am convinced...
    on 30 May 2008

  • Blog Post: Learnings on Publishing SharePoint on ISA Server

    rhalbheer
    Here Blogging on MOSS 2007 (SharePoint) I talked about the way I use SharePoint and a Codeplex application to build a blog. Shoaib was so kind to let me know that the links of the RSS feed point to the internal server rather than the public URL. If you are interested in the findings, what happened and...
    on 20 May 2008

  • Blog Post: How to do security in Development

    rhalbheer
    Michael Howard just pointed us to a resource that could be interesting for you as well – it was new to me at least J We have a set of short videos (3-10 min.) on how to address some security challenges in development: "How Do I?" Videos for Security And this time you can even download them in the...
    on 2 Apr 2008

  • Blog Post: Open Government Data Principles

    rhalbheer
    In December about 30 government advocates assembled to decide on - what they called - Open Government Data Principles. Even though the group was very US focused (if you look at the list of participants ), the outcome is very interesting. I quote the main page of the working group : By embracing the eight...
    on 27 Mar 2008

  • Blog Post: Safari to crash XP

    rhalbheer
    Not only that it is "forced" on the clients – it seems even to crash Windows XP machines: Safari 3.1 Crashes On Windows XP, Users Complain – and now I stop complaining Roger
    on 26 Mar 2008

  • Blog Post: Securing My Infrastructure: Introduction

    rhalbheer
    As you probably know, some time ago, I asked for feedback and themes you are interested in. Some of you replied to me privately, some with comments and I would like to thank you for the constructive feedback. One of the inputs I got several times is that you would like to get more information how to...
    on 29 Jan 2008

  • Blog Post: Analysis of recent vulnerabilities

    rhalbheer
    Michael Howard just wrote a post about recent vulnerabilities of third-party applications he looked into. This is pretty interesting as it shows certain challenges of current processes (e.g. what do you do with third-party software you rely on?): Recent Symantec and IBM vulnerabilities, giblets, banned...
    on 5 Jan 2008

  • Blog Post: IPSec Interop

    rhalbheer
    Based on my post about IPSec, Steve Lamb posted about IPSec Interoperability and has an interesting follow-up link: How to implement IPSec between LINUX and Windows Vista: Why use IPSec network security? Roger
    on 1 Jan 2008

  • Blog Post: Insight into IPSec

    rhalbheer
    I hope you enjoyed Christmas as much as I did (now working on losing weight again J ). Soon I will be in the mountains but before I leave, I found something pretty interesting to read: Tech Insight: Microsoft's IPSec Roger
    on 27 Dec 2007

  • Blog Post: Want to check your Up- and Download-Speed

    rhalbheer
    I just stumbled across a pretty cool website allowing you to measure your up- and download speed wherever you are. Additionally you can compare it with others: http://www.speedtest.net Roger
    on 15 Nov 2007

  • Blog Post: Spotlight – The coolest online event platform

    rhalbheer
    You know about Silverlight, don't you? We built a new Online Event platform on it. Sorry? You did NOT hear of Silverlight yet? Come on, don't tell me you missed this announcement? It is absolutely cool and if you really missed it, there you go: Sliverlight . But now let's really talk about Spotlight...
    on 1 Nov 2007

  • Blog Post: Are you ready for Unified Communications?

    rhalbheer
    Today, Bill Gates sent out a mail to roughly 300'000 subscribers of the Executive Mail . This time he does a recap of his Unified Messaging mail which he sent out in 2006 and gives an overview of the advances we had since then. To name just a few: Office Communicator 2007 and Office Communication Server...
    on 17 Oct 2007

  • Blog Post: Mandatory Keyloggers in Cyber Cafes

    rhalbheer
    It is pretty well-known that there is a high risk of keystroke loggers in Cyber Cafés. That they are declared mandatory in a country however is pretty tough stuff: http://yro.slashdot.org/firehose.pl?id=281251&op=view Roger
    on 11 Sep 2007

  • Blog Post: Risks in Online Calendar Sharing

    rhalbheer
    Do you know that scenario: My wife would like to fix a meeting and should have access to my calendar. I am not available, therefore she cannot just call me but - again - she should see my availability. Not uncommon, isn't it? A typical solution for this: I have to run two calendars, one for business...
    on 25 Apr 2007
© 2013 Microsoft
|