Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Browse by Tags

Related Posts
  • Blog Post: Announcing the Exploitability Index

    At Blackhat we announced an important change to our Security Bulletins becoming effective during the October release. One of the requests we often heard talking to our customers is, that they would like to get better information on how hard it is to exploit a vulnerability. We will introduce an Exploitability...
  • Blog Post: On-Premise vs. On-Demand (or SaaS) – A Quocirca Report

    I was made aware of a pretty good report on Software as a Service Quocirca did in collaboration with Microsoft. It is not the kind of "new, what you never heard before"-thing but I personally think that it is a good investment of time to get an overview of Software as a Service and some additional views...
  • Blog Post: HP confirms vulnerabilities on 82 Laptop models.

    Remember this post OEMs: Join in to "Secure by Default" ? I wrote it in June… Now, HP just confirmed a vulnerability in their software delivered on 82 laptop models on all the different Windows versions: HP Quick Launch Buttons Critical Security Update What about the Security Development Lifecycle...
  • Blog Post: Some Thoughts on UAC

    I blogged several times already on UAC as this has been (and partly still is) a very disputed security feature in Windows Vista (which I still support!). I just found today a not really new blog post on UAC, which I think is worth reading. It is from April this year and is called UAC: Desert Topping...
  • Blog Post: Strong Authentication and Privacy – A Contradiction in Terms?

    You know that I am not a big fan of the requirement for having all Internet users authenticate strongly. There are people in the security arena who think that this is the only way to fight cybercrime – and in parallel accept that they would kill freedom of speech. I recently had a good discussion...
  • Blog Post: Six predictions for CIOs

    An interesting article by ISACA: Six predictions for CIOs . Here they are: Prediction 1: Cloud computing is here to stay and will become business as usual. Prediction 2: Virtualization will be a catalyst that drives IT modernization. Prediction 3: IT operations become service-centric and business value...
  • Blog Post: We Need Solid and Strong Transparent Processes for the Cloud

    This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products...
  • Blog Post: CSI Report 2007 published

    You surely know the CSI-FBI Security report. FBI now pulled off and CSI did the study themselves. If you are interested in it – it is free but you have to register: http://gocsi.com/forms/csi_survey.jhtml Roger
  • Blog Post: “Creative Capitalism” by Bill Gates

    In Wall Street Journal there is a preview on Bill's speech today at World Economic Forum (they are actually flying over my house going to Davos – I hear them all the time J ). It is a pretty interesting reading on new ways how capitalism could work not only for the rich but also for the poor. What I...
  • Blog Post: How to manage “Bring your own device”

    A few years back a customer’s CSO left the room when I said that this customer should start thinking about a scenario, where selected users bring their own devices – he called me “nuts”. Well, I think the smartphone area proofed me right. Basically the smartphones were the first Bring Your Own Device...
  • Blog Post: Are you ready for Unified Communications?

    Today, Bill Gates sent out a mail to roughly 300'000 subscribers of the Executive Mail . This time he does a recap of his Unified Messaging mail which he sent out in 2006 and gives an overview of the advances we had since then. To name just a few: Office Communicator 2007 and Office Communication Server...
  • Blog Post: Support for Law Enforcement and COFEE

    Over the last few weeks there has been a lot of chatter about a tool we provide in a Beta version to Law Enforcement called COFEE: Computer Online Forensic Evidence Extractor. Let me give you some information on COFEE and put it into the proper context. I am personally convinced that every company...
  • Blog Post: Symantec clears Vista on malware

    There is a nice article, where Symantec talks about Windows Vista: http://www.vnunet.com/vnunet/news/2184521/symantec-clears-vista-malware They quote the Symantec report and then talk to a person from Sophos. Let's look at a few quotes: Graham Cluley, senior technology consultant at Sophos ...
  • Blog Post: US Cybersecurity Research!

    The Department of Homeland Security published a report on A Roadmap for Cybersecurity Research , I was definitely impressed! All the themes, which are important to me are in their list : Scalable trustworthy systems (including system architectures and requisite development methodology) Enterprise-level...
  • Blog Post: Common Criteria and answering the “real” questions

    It seems that I am not yet gone J . Eric Bidstrup, a colleague of mine, wrote a great blog post about Common Criteria, where it does a pretty good job and where it fails. Basically he claims – and I could not agree more – that the customer "only" wants to know whether the operating system "is safe"....
  • Blog Post: Estonia’s Cyber Security Strategy

    Following the attacks on Estonia, they published a pretty interesting paper called Cyber Security Strategy by the Ministry of Defense in Estonia. One thing which I see again and again is that most of the people looking into such strategies conclude that strong collaboration is needed between the different...
  • Blog Post: Microsoft Security Intelligence Report – What it means for EMEA

    “Unfortunately” I have been on vacation when we released the Security Intelligence Report last week. Nevertheless I would like to take the opportunity and look at it more from a EMEA perspective. One of the interesting data points we always publish is the Malware Infection Rate. Remember, there is a...
  • Blog Post: Selling Vulnerabilities?

    Think about it: You found a way of breaking into my house (would not be too hard though but let's just use this as an example) and you are selling this knowledge to intruders. Is this legal? Is this ethical? I mean, my home has vulnerabilities and if you discover a easy way to get in. Are you really...
  • Blog Post: RSA Europe: Are you ready for security and privacy?

    Do you remember? In January 2002, Bill Gates sent a famous mail to all the Microsoft employees and announced Trustworthy Computing . Since then it became part of our DNA. The interesting thing to me is, that the four pillars of TwC remained the same (except for pillar four, which we had to re-name)....
  • Blog Post: Bill Gates and the Gates Foundation

    There is an interview on MSNBC with Bill where the readers could actually send the questions. It is all about their foundation and pretty impressive to read: http://www.msnbc.msn.com/id/21212128/site/newsweek/ Roger
  • Blog Post: Microsoft has the shortest Security Update Development cycle

    Have you had a look at Symantec's latest Threat Report? It can be found here: http://www.symantec.com/content/de/de/about/downloads/PressCenter/ISTRXII_Main.pdf I briefly read through it and one statement caught my eye: Page 54: Of the five operating systems tracked in the first six months of 2007...
  • Blog Post: Fraud via Phone on the Raise

    FTC released their Consumer Sentinel Network Data Book for January – December 2010 . The interesting and scary thing is that fraud via phone is on the raise. We get more and more complaints by customers as well, telling us that they got a call from “Microsoft” with the ask for getting access to the PC...
  • Blog Post: Renting a Botnet on eBay

    It is getting better over time: Now you can rent a Botnet on eBay to increase your hitrate on YouTube (By the way: Free shipping is included): http://cgi.ebay.com/Guaranteed-100-000-views-for-your-YouTube-video_W0QQitemZ220279609299QQcmdZViewItem?hash=item220279609299&_trkparms=72%3A1163|39%3A1...
  • Blog Post: More of a third of software is stolen

    BSA just released today a new piracy study and there are some remarkable facts in there: The worldwide weighted average of piracy rate is 38% The median piracy rate in 2007 is 61% Think about the second point for a second: This means that in half of the countries they studied, the piracy rate is...
  • Blog Post: “The Security Business has no Future” (Quote by IBM)

    This is actually an interesting statement. If you had ever to deal with the press you know how these headlines are composed. It might be that the person actually made the sentence in this way – the question is whether he meant it so absolute. Nevertheless, if you read the corresponding article on darkReading...