Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Roger's Security Blog

  • Real Physical Security

    I saw this this morning – have a great weekend: Roger
  • The Windows 7 UAC “Vulnerability”

    It is always interesting how some things spin off. The claimed UAC vulnerability in Windows 7 in one of those events. There are numerous blogs which claim that they found a huge vulnerability in Windows 7. The reason for that is that you can change the...
  • Google Chrome and Silent Patching

    This morning I opened one of the Swiss Sunday newspapers and Google Chrome made it to the front-page with a “best practice approach” for deploying security updates. In the article itself it was claimed that Chrome is one of the best browsers with regards...
  • Russian Roulette with your Network

    First of all, before I really start, I hope that you all had a great start in 2009. Mine was actually pretty mixed. The good side was, how my year really started and what I saw when I looked out the window at January 1st (yes, I was on vacation skiing...
  • 10 Reasons to migrate off Windows XP

    I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized...
  • Additional Information on Conficker – MSRT removing Conficker

    Over the last few days I blogged several times about Conficker and some of the posts caught quite some press attention. Especially when I talked about the Russian Roulette. Today I have very, very good news: The Malicious Software Removal Tool (MSRT...
  • Microsoft Diagnostics and Recovery Toolset

    Well, we call it simply DaRT. You know the feeling: A machine does not boot anymore, crashed, has a virus you cannot clean with the OS in a running state or any of the other nightmare scenarios in daily operations of computers. Since quite some time there...
  • The Value of Operating System Comparisons

    Since Blaster/Slammer, namely since the start of Trustworthy Computing I am working at Microsoft in a publically facing security role. I went through all the blaming and had to take all the heat of what we did wrong and how bad we are – and I admitted...
  • Why Windows 7 XP Mode makes sense from a security perspective

    I have to admit: When I first learned about Windows 7 XP Mode I was quite surprised. How can we actually ship an XP Virtual Machine with Windows 7? Well, then I started to think (no, it did not hurt too much)… But before I share my findings with you,...
  • Some Windows XP Users Can't Afford To Upgrade

    I just read a post on slashdot : During a recent trip to an eye doctor, I noticed that she was still using Windows XP. After I suggested that she might need to upgrade soon, she said she couldn't because she couldn't afford the $10,000 fee involved...
  • Sun and Apple Updates – A Sheer Nuisance!!

    As you all know: I rarely blog on competitors and – even rarer – blog about them negatively. But this time I definitely had to: As most of us I have QuickTime on my PC as well as a Java VM. I know that there are alternatives for this software and the...
  • How to Hack Windows Vista

    No, no. For sure. I am not going to give you advise how to hack – but look at this video: http://www.offensive-security.com/movies/vistahack/vistahack.html . I am always amazed about these kind of videos, which still surprise people. If look years back...
  • Only the Easiest Way is the Secure Way

    We, being security professionals, are often "just" looking for the most secure way to implement a certain task. Often we tend to forget the user when we implement these measures. I once visited a customer showing me their ultimately secure solution to...
  • Windows XP: The world after April 8, 2014

    To be clear upfront: After support for Windows XP will end, the world will still exist – at least I hope. However, over the course of the last few months I read numerous articles with speculations, what is going to happen, once we stop support of Windows...
  • Hacking on the plane: who has jurisdiction?

    Wow, that's an interesting question: Let's say a Canadian flies from New York to Tokyo on Korean Air and hacks the German tourist's computer seated in front of her while over the Pacific. Who's laws apply? (Canada, US, Japan, Korea, Germany?) I mean...
  • Cloud computing providers: Clueless about security?

    To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being...
  • I was visiting Nigeria – watch out!

    You know that I rarely did trip reports in the past. I am personally convinced that you do not want to read, what I had for breakfast in Barcelona. But this trip was different. When I told the people around me that I will be travelling to Nigeria I got...
  • More than 490’000 Database Server unprotected on the Web

    David Litchfield ran a scan on the Internet for the typical SQL Server and Oracle ports. It is unbelievable that he found approx. 490'000 servers on the Internet – unprotected and often un-patched. On unsupported version levels, on unsupported Service...
  • What is more important: Security or Privacy?

    This is basically a very interesting and pretty fundamental question for the society. After 9/11 the US changed the way they work significantly. Just as an example: Airlines had to give the US government information about passengers flying to the US that...
  • Some Thoughts on Today’s Bulletins

    As always: It is the second Tuesday of the months and we released the Security Updates. However, this month is special from one perspective: We released an update for the DNS resolver, which is released simultaneously by a lot of DNS vendors with the...
  • Comments on US-CERTs Advisory on Auto-Run

    You might have seen the advisory of the US-CERT titled Microsoft Windows Does Not Disable AutoRun Properly – if not, you will definitely have seen one of the articles covering this issue and telling you that our advice on how to prevent Conficker is flawed...
  • “Black Screen of Death” Reports

    Oh, wow – sometimes the power of social media, the blogs and the Internet can backfire. I guess in the meantime you have seen the claims by Prevx that approx. 80 Mio of PCs are affected by the Black Screen of Death problems supposedly caused by our November...
  • Hacking the Human Body

    Years ago I was sitting in a healthcare event, when a researcher was talking (very excited) about the idea of having a pacemaker with Bluetooth access to fine-tune the system and read information from the sensors. Even though this might medically be a...
  • Both Sides of the Windows 7 UAC Problem

    I have to come back to the UAC problem again. I just read a good article from Larry Seltzer on eWeek.com: Both Sides of the Win7 UAC Problem I think it is one of the first one I read, which takes the emotions out of the discussion and tries to understand...
  • Is there a Correlation between Stolen Software (Piracy) and Security/Patching?

    Remark : A few weeks ago I made a post where I asked you about the correlation between Piracy and Security. I was talking about Piracy (stolen software) and got a lot of answers about Privacy (Data Protection) . So the following post is about stolen and...