Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: Fight against Terror and how it can be abused

    I am not completely clear how much a lot of the measures we see (like the fluid restrictions on planes, the forced violation of privacy laws by airlines by having to transmit PII to the US, ...) really bring. On the other hand we definitely see some pretty weird things happening as any suspicion seems...
  • Blog Post: Analysis of the Estonian Attacks

    I just read a paper on the political analysis of the Estonian Attack. If you are interested reading my post on my other blog (as the analysis is not really technical but interesting) there you go: Analysis of the Estonian Attacks Roger
  • Blog Post: How critical are the Undersea Cables?

    OK, I think I need to take this up a little bit as well. Let's look into what happened over the last few days. I think up to now we ended up with five cables cut in the Middle East. So, there are a lot of theories who was actually damaging those cables. The best one comes from WSJ J But there were...
  • Blog Post: Rumors about Cyber-Terror Attack, November 11th

    This is an interesting phenomenon on the Internet: There is one source publishing the statement that they picked up an Internet announcement by Al Qaeda that they will start a cyber attack on November 11 th : DEBKAfile Exclusive: Al Qaeda declares Cyber Jihad on the West . From there on the blogsphere...
  • Blog Post: What is more important: Security or Privacy?

    This is basically a very interesting and pretty fundamental question for the society. After 9/11 the US changed the way they work significantly. Just as an example: Airlines had to give the US government information about passengers flying to the US that actually violate the privacy laws in Europe. So...
  • Blog Post: How long does it take to hack a Power Plant?

    I start to get scared – more and more. Back in September I blogged on Critical Infrastructure Protection – Live which shows what would happen if somebody would be able to tamper with power generators. Now, during RSA there was a guy called Ira Winkler telling the audience that they had the job to do...
  • Blog Post: DHS Security Level on your Webpage

    A blog reader sent me a mail informing me that he wrote a small application that links the DHS security level to your webpage. I added it to my news section and it looks pretty interesting. If you want to do that as well, here is the link: http://www.milestactical.com/hlsa.html Thanks to Justin Hofer...
  • Blog Post: Was the plain crash caused by hackers?

    If Al Qaida really has these capabilities, I am starting to get scared when I have to fly (which happens to me pretty often): There are reports that the plan crash last week could be caused by hackers attacking the plane before take-off in Beijing…. Al-Qaida ties to British crash probed Roger
  • Blog Post: How likely is “Cyberterrorism”?

    If I am honest: I am probably the wrong one to answer this question. I am a security guy and not a terror specialist and the last thing I want to do is add just another useless blog post saying that it is extremely likely that the terrorist will soon bring down the Internet. However, there are good sources...
  • Blog Post: Cyber Security: The Road Ahead

    This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different sections: Governments Legislative Bodies The Armed...
  • Blog Post: How to circumvent Privacy Laws

    As you all know, most jurisdictions allow individuals to ask for data collected by an organization (being it a company or a governmental organization). A lot of countries have Data Protection Commissioners that look into what companies and more often governments do with regards to PII (Personal Identifiable...
  • Blog Post: Analysis of the cyber-capabilities of AlQaeda

    I blogged already several times about Cyber-Terrorism. I think it is important to try to keep the pulse of these developments and to understand what the terrorists are capable of doing. There is an article about a recent event, where somebody tried to gain information about certain devices that ware...
  • Blog Post: Publishing Secret or Sensitive Information

    With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A discussion I do not want to comment here, as I am not...
  • Blog Post: SANS Commits $1 Million to Fight Cybercrime in Developing Countries

    You know that I criticize SANS from time to time. Especially when it come to their handlers, I am convinced that they are creating the problem rather than solving it. This time I have to say that I am impressed as they are helping developing countries to help to fight Cybercrime. This is as "we are...
  • Blog Post: After Estonia now Kyrgyzstan

    There is definitely proof that during war times, armies add a virtual component to the “real life” war. Additionally we have seen the attacks to Estonia, where nobody really knew where they originated from (I do not mean the country but whether a government was behind them of just a group of hackers...
  • Blog Post: Analysis of Cyber-Terror

    The US Military just released a pretty interesting in-depth article on Cyber-Terrorism and the different aspects of it. Even though it has a little bit more than 40 pages, it is worth reading: Cyber Operations and Cyber Terrorism Roger
  • Blog Post: Paper on Information Warfare

    I often see a lot of discussions on Information Warfare. Today I just stumbled across a paper published by RAND called Strategic Information Warfare – A New Face of War – from my first impression definitely worth reading Roger
  • Blog Post: Is this the Cyberwar?

    This is a pretty difficult question to answer, isn't it? Let's just think of a few events that happened in the last few months, according to the press: December, 2006: China suspected to hack Navy site ( fcw.com ) May 2007: Denial of Service Attacks on Estonia ( News.com , Computerworld , …) June...
  • Blog Post: 2-year old terrorist

    Well, this is not new: Government agencies with insecure websites. Actually I did not want to blog on this (you find the article about an insecure TSA-website here ) but then I drilled into the comments and there is one that actually shocked me (well, no, this is wrong it did not even surprise me but...
  • Blog Post: How much it takes to get on the No-Fly List

    I questioned the value of No-Fly lists since quite a while as I read all these story about how people get on the list but this is kind of the strangest story I ever heard. A UK Immigration officer put his own wife on the No-Fly list as he wanted her to stay in the US – their marriage was kind of challenged...
  • Blog Post: Terrorism and the Internet

    Since a long time (at least 9/11) there is a lot of discussion about the way terrorists use/will use the Internet, It is clear that the Internet is used for publicity and communication. There are experts saying that the Internet itself will not be a target for an attack for terrorists because of this...
  • Blog Post: Critical Infrastructure Protection - Live

    Department of Homeland Security did a simulation what could happen if a hacker gains access to crucial parts of an electrical grid. The video was marked "Official Use Only" but seems to have leaked to The Associated Press. They then made themselves a small video. See some articles: The Raw Video...