See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
On-Premise vs. On-Demand (or SaaS) – A Quocirca Report
I was made aware of a pretty good report on Software as a Service Quocirca did in collaboration with Microsoft. It is not the kind of "new, what you never heard before"-thing but I personally think that it is a good investment of time to get an overview of Software as a Service and some additional views...
4 Jun 2008
Security Advisory on the recent Internet Explorer Vulnerability
I guess you might have seen it by now but if not, please make sure you read and understand the material available: This night we released a Security Advisory on a Vulnerability in Internet Explorer Could Allow Remote Code Execution . The reason for that is that our investigations have shown that this...
15 Jan 2010
Open Government Data Principles
In December about 30 government advocates assembled to decide on - what they called - Open Government Data Principles. Even though the group was very US focused (if you look at the list of participants ), the outcome is very interesting. I quote the main page of the working group : By embracing the eight...
27 Mar 2008
Some Thoughts on UAC
I blogged several times already on UAC as this has been (and partly still is) a very disputed security feature in Windows Vista (which I still support!). I just found today a not really new blog post on UAC, which I think is worth reading. It is from April this year and is called UAC: Desert Topping...
6 Oct 2008
Spotlight – The coolest online event platform
You know about Silverlight, don't you? We built a new Online Event platform on it. Sorry? You did NOT hear of Silverlight yet? Come on, don't tell me you missed this announcement? It is absolutely cool and if you really missed it, there you go: Sliverlight . But now let's really talk about Spotlight...
1 Nov 2007
Why Apple has to fix the Safari flaw
Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to responsible disclosure of vulnerabilities: And then, what does the vendor do with it? Does the company act on it? Now, we can debate on what a vulnerability is and what not. Personally I am convinced...
30 May 2008
We Need Solid and Strong Transparent Processes for the Cloud
This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
8 Jun 2010
Based on my post about IPSec, Steve Lamb posted about IPSec Interoperability and has an interesting follow-up link: How to implement IPSec between LINUX and Windows Vista: Why use IPSec network security? Roger
1 Jan 2008
Are you ready for Unified Communications?
Today, Bill Gates sent out a mail to roughly 300'000 subscribers of the Executive Mail . This time he does a recap of his Unified Messaging mail which he sent out in 2006 and gives an overview of the advances we had since then. To name just a few: Office Communicator 2007 and Office Communication Server...
17 Oct 2007
Securing My Infrastructure: Introduction
As you probably know, some time ago, I asked for feedback and themes you are interested in. Some of you replied to me privately, some with comments and I would like to thank you for the constructive feedback. One of the inputs I got several times is that you would like to get more information how to...
29 Jan 2008
Risks in Online Calendar Sharing
Do you know that scenario: My wife would like to fix a meeting and should have access to my calendar. I am not available, therefore she cannot just call me but - again - she should see my availability. Not uncommon, isn't it? A typical solution for this: I have to run two calendars, one for business...
25 Apr 2007
The “successful” attack on Cardspace
I guess you read it as it was pretty wide-spread in the press in the last few days: On the Insecurity of Microsoft's Identity Metasystem CardSpace . Well, is there any official Microsoft reaction to it? No, not yet and if you look a little bit more in depth into it, I doubt that there will be. Why...
2 Jun 2008
Insight into IPSec
I hope you enjoyed Christmas as much as I did (now working on losing weight again J ). Soon I will be in the mountains but before I leave, I found something pretty interesting to read: Tech Insight: Microsoft's IPSec Roger
27 Dec 2007
Microsoft Security Intelligence Report – What it means for EMEA
“Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a...
5 May 2010
Analysis of recent vulnerabilities
Michael Howard just wrote a post about recent vulnerabilities of third-party applications he looked into. This is pretty interesting as it shows certain challenges of current processes (e.g. what do you do with third-party software you rely on?): Recent Symantec and IBM vulnerabilities, giblets, banned...
5 Jan 2008
Want to check your Up- and Download-Speed
I just stumbled across a pretty cool website allowing you to measure your up- and download speed wherever you are. Additionally you can compare it with others: http://www.speedtest.net Roger
15 Nov 2007
Mandatory Keyloggers in Cyber Cafes
It is pretty well-known that there is a high risk of keystroke loggers in Cyber Cafés. That they are declared mandatory in a country however is pretty tough stuff: http://yro.slashdot.org/firehose.pl?id=281251&op=view Roger
11 Sep 2007
Microsoft Advisory for Safari Flaw
I posted yesterday on the Safari flaw ( Why Apple has to fix the Safari flaw ) as Apple did not acknowledge that this is a security vulnerability. Unfortunately we had now to release an advisory for this as we started to see that the bad guys could use this "feature" to attack machines – we are calling...
31 May 2008
Learnings on Publishing SharePoint on ISA Server
Here Blogging on MOSS 2007 (SharePoint) I talked about the way I use SharePoint and a Codeplex application to build a blog. Shoaib was so kind to let me know that the links of the RSS feed point to the internal server rather than the public URL. If you are interested in the findings, what happened and...
20 May 2008
Is a Copier Your Biggest Security Risk?
Probably not. However, it indefinitely is a security risk. We are talking about this since a looooooong time as such copiers are sold since 2002. I just recently heard that the criminals are looking into this heavily and now it is even discussed publically on BCS News: Copy Machines, a Security Risk...
26 Jun 2010
Why I do not like e-voting (part 3)
It goes on and on and on: Read this one Judge Suppresses Report on Voting Machine Security Roger
5 Oct 2008
Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy
As you know (at least I hope that you do) we introduced Network Access Protection with Windows Server 2008. Thomas Shinder now published an article on WindowsSecurity.com about how to implement NAP and IPSec and Domain Isolation via Group Policies. It is a first part of a very good step-by-step guide...
14 Oct 2008
Safari to crash XP
Not only that it is "forced" on the clients – it seems even to crash Windows XP machines: Safari 3.1 Crashes On Windows XP, Users Complain – and now I stop complaining Roger
26 Mar 2008
Hacking the Human Body
Years ago I was sitting in a healthcare event, when a researcher was talking (very excited) about the idea of having a pacemaker with Bluetooth access to fine-tune the system and read information from the sensors. Even though this might medically be a great idea, I would be fairly reluctant having such...
27 May 2010
How to do security in Development
Michael Howard just pointed us to a resource that could be interesting for you as well – it was new to me at least J We have a set of short videos (3-10 min.) on how to address some security challenges in development: "How Do I?" Videos for Security And this time you can even download them in the...
2 Apr 2008
© 2014 Microsoft Corporation.
Privacy & Cookies