See all products »
Curah! curation service
Microsoft Tech Companion App
Microsoft Technical Communities
Microsoft Virtual Academy
Server and Tools Blogs
TechNet Flash Newsletter
Cloud and Datacenter
Windows Server 2012 R2
System Center 2012 R2
Microsoft SQL Server 2012 SP1
Windows 8.1 Enterprise
See all trials »
Microsoft Download Center
TechNet Evaluation Center
Compatability & Converters
Microsoft Virtual Academy
Free Windows Server 2012 courses
Free Windows 8 courses
SQL Server training
MCSA: Windows 8
Windows Server Certification (MCSE)
Private Cloud Certification (MCSE)
SQL Server Certification (MCSE)
Second shot for certification
Born To Learn blog
Find technical communities in your area
For small and midsize businesses
For IT professionals
For technical support
For home users
Microsoft Premier Online
Microsoft Fix It Center
Security Bulletins & Advisories
International support solutions
Log a support ticket
Not an IT pro?
Microsoft Customer Support
Microsoft Community Forums
Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Chief Security Advisor
Critical Infrastructure Protection
Freedom of Speech
Securing My Infrastructure
Security Intelligence Report
Browse by Tags
Roger's Security Blog
Announcing the Exploitability Index
At Blackhat we announced an important change to our Security Bulletins becoming effective during the October release. One of the requests we often heard talking to our customers is, that they would like to get better information on how hard it is to exploit a vulnerability. We will introduce an Exploitability...
6 Aug 2008
On-Premise vs. On-Demand (or SaaS) – A Quocirca Report
I was made aware of a pretty good report on Software as a Service Quocirca did in collaboration with Microsoft. It is not the kind of "new, what you never heard before"-thing but I personally think that it is a good investment of time to get an overview of Software as a Service and some additional views...
4 Jun 2008
HP confirms vulnerabilities on 82 Laptop models.
Remember this post OEMs: Join in to "Secure by Default" ? I wrote it in June… Now, HP just confirmed a vulnerability in their software delivered on 82 laptop models on all the different Windows versions: HP Quick Launch Buttons Critical Security Update What about the Security Development Lifecycle...
15 Dec 2007
Some Thoughts on UAC
I blogged several times already on UAC as this has been (and partly still is) a very disputed security feature in Windows Vista (which I still support!). I just found today a not really new blog post on UAC, which I think is worth reading. It is from April this year and is called UAC: Desert Topping...
6 Oct 2008
Strong Authentication and Privacy – A Contradiction in Terms?
You know that I am not a big fan of the requirement for having all Internet users authenticate strongly. There are people in the security arena who think that this is the only way to fight cybercrime – and in parallel accept that they would kill freedom of speech. I recently had a good discussion...
17 Mar 2010
Six predictions for CIOs
An interesting article by ISACA: Six predictions for CIOs . Here they are: Prediction 1: Cloud computing is here to stay and will become business as usual. Prediction 2: Virtualization will be a catalyst that drives IT modernization. Prediction 3: IT operations become service-centric and business value...
8 Apr 2011
We Need Solid and Strong Transparent Processes for the Cloud
This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
8 Jun 2010
CSI Report 2007 published
You surely know the CSI-FBI Security report. FBI now pulled off and CSI did the study themselves. If you are interested in it – it is free but you have to register: http://gocsi.com/forms/csi_survey.jhtml Roger
27 Sep 2007
“Creative Capitalism” by Bill Gates
In Wall Street Journal there is a preview on Bill's speech today at World Economic Forum (they are actually flying over my house going to Davos – I hear them all the time J ). It is a pretty interesting reading on new ways how capitalism could work not only for the rich but also for the poor. What I...
25 Jan 2008
How to manage “Bring your own device”
A few years back a customer’s CSO left the room when I said that this customer should start thinking about a scenario, where selected users bring their own devices – he called me “nuts”. Well, I think the smartphone area proofed me right. Basically the smartphones were the first Bring Your Own Device...
10 Nov 2011
Are you ready for Unified Communications?
Today, Bill Gates sent out a mail to roughly 300'000 subscribers of the Executive Mail . This time he does a recap of his Unified Messaging mail which he sent out in 2006 and gives an overview of the advances we had since then. To name just a few: Office Communicator 2007 and Office Communication Server...
17 Oct 2007
Support for Law Enforcement and COFEE
Over the last few weeks there has been a lot of chatter about a tool we provide in a Beta version to Law Enforcement called COFEE: Computer Online Forensic Evidence Extractor. Let me give you some information on COFEE and put it into the proper context. I am personally convinced that every company...
14 May 2008
Symantec clears Vista on malware
There is a nice article, where Symantec talks about Windows Vista: http://www.vnunet.com/vnunet/news/2184521/symantec-clears-vista-malware They quote the Symantec report and then talk to a person from Sophos. Let's look at a few quotes: Graham Cluley, senior technology consultant at Sophos ...
2 Mar 2007
US Cybersecurity Research!
The Department of Homeland Security published a report on A Roadmap for Cybersecurity Research , I was definitely impressed! All the themes, which are important to me are in their list : Scalable trustworthy systems (including system architectures and requisite development methodology) Enterprise-level...
15 Jul 2010
Common Criteria and answering the “real” questions
It seems that I am not yet gone J . Eric Bidstrup, a colleague of mine, wrote a great blog post about Common Criteria, where it does a pretty good job and where it fails. Basically he claims – and I could not agree more – that the customer "only" wants to know whether the operating system "is safe"....
28 Dec 2007
Estonia’s Cyber Security Strategy
Following the attacks on Estonia, they published a pretty interesting paper called Cyber Security Strategy by the Ministry of Defense in Estonia. One thing which I see again and again is that most of the people looking into such strategies conclude that strong collaboration is needed between the different...
8 Oct 2008
Microsoft Security Intelligence Report – What it means for EMEA
“Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a...
5 May 2010
Think about it: You found a way of breaking into my house (would not be too hard though but let's just use this as an example) and you are selling this knowledge to intruders. Is this legal? Is this ethical? I mean, my home has vulnerabilities and if you discover a easy way to get in. Are you really...
6 Feb 2007
RSA Europe: Are you ready for security and privacy?
Do you remember? In January 2002, Bill Gates sent a famous mail to all the Microsoft employees and announced Trustworthy Computing . Since then it became part of our DNA. The interesting thing to me is, that the four pillars of TwC remained the same (except for pillar four, which we had to re-name)....
23 Oct 2007
Bill Gates and the Gates Foundation
There is an interview on MSNBC with Bill where the readers could actually send the questions. It is all about their foundation and pretty impressive to read: http://www.msnbc.msn.com/id/21212128/site/newsweek/ Roger
11 Oct 2007
Microsoft has the shortest Security Update Development cycle
Have you had a look at Symantec's latest Threat Report? It can be found here: http://www.symantec.com/content/de/de/about/downloads/PressCenter/ISTRXII_Main.pdf I briefly read through it and one statement caught my eye: Page 54: Of the five operating systems tracked in the first six months of 2007...
26 Oct 2007
Fraud via Phone on the Raise
FTC released their Consumer Sentinel Network Data Book for January – December 2010 . The interesting and scary thing is that fraud via phone is on the raise. We get more and more complaints by customers as well, telling us that they got a call from “Microsoft” with the ask for getting access to the PC...
10 Mar 2011
Renting a Botnet on eBay
It is getting better over time: Now you can rent a Botnet on eBay to increase your hitrate on YouTube (By the way: Free shipping is included): http://cgi.ebay.com/Guaranteed-100-000-views-for-your-YouTube-video_W0QQitemZ220279609299QQcmdZViewItem?hash=item220279609299&_trkparms=72%3A1163|39%3A1...
11 Sep 2008
More of a third of software is stolen
BSA just released today a new piracy study and there are some remarkable facts in there: The worldwide weighted average of piracy rate is 38% The median piracy rate in 2007 is 61% Think about the second point for a second: This means that in half of the countries they studied, the piracy rate is...
14 May 2008
“The Security Business has no Future” (Quote by IBM)
This is actually an interesting statement. If you had ever to deal with the press you know how these headlines are composed. It might be that the person actually made the sentence in this way – the question is whether he meant it so absolute. Nevertheless, if you read the corresponding article on darkReading...
14 Apr 2008
© 2014 Microsoft Corporation.
Privacy & Cookies