Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Roger's Security Blog

  • Windows XP: The world after April 8, 2014

    To be clear upfront: After support for Windows XP will end, the world will still exist – at least I hope. However, over the course of the last few months I read numerous articles with speculations, what is going to happen, once we stop support of Windows...
  • Some Windows XP Users Can't Afford To Upgrade

    I just read a post on slashdot : During a recent trip to an eye doctor, I noticed that she was still using Windows XP. After I suggested that she might need to upgrade soon, she said she couldn't because she couldn't afford the $10,000 fee involved...
  • The Moscow Rules in the Cyberspace

    Doing your basics is a natural given, when you defend your assets. Basics like updating your computers, staying on latest versions, dynamic network zones, incident response, identity management, monitoring etc. etc. – last but not least (or probably first...
  • Careful, when Microsoft Support is calling

    I guess you are aware of the phone scams, when Microsoft support is calling you to tell you that you have an issue on your computer, which needs to be fixed. A Norwegian team was actually able to film that. The whole conversation with the "supporter"...
  • Microsoft Account: Enable Two-Step Verification

    We could even talk about two-factor authentication in my opinion. The idea is, that whenever you logon from an untrusted PC, you will be asked to use a second factor (or step). In my case, which I show below, I use the Authenticator app on my phone, which...
  • Making Sense from Snowden: What’s Significant in the NSA Surveillance Revelations

    I do not want to comment this but it is a fairly interesting article on Snowden's Revelations, the consequences and the legal frameworks. Definitely worth spending the time: Making Sense from Snowden: What's Significant in the NSA Surveillance Revelations...
  • Will the user define security policies in the future?

    I think, I blogged about this event already earlier: Years ago I was meeting a customer and was talking about the future of IT. I was telling the audience (about 10 people including the Security Officer) that there is a good chance that IT will not define...
  • Paper: Information Protection and Control (IPC) in Office 365 Preview with Windows Azure AD Rights Management

    As you know, protecting your information in the cloud is key. We just published a paper called Information Protection and Control (IPC) in Office 365 Preview with Windows Azure AD Rights Management . Here is the summary: Due to increased regulation...
  • Internet Accessible SCADA Systems

    This is a fairly scary view of the world…. Freie Universität Freiburg mapped the Internet accessible SCADA systems. Have a look on your own: https://www.scadacs.org/projects.html Roger
  • Enabling the Hybrid Cloud with Microsoft Technology

    When I talk with customers about the Cloud, we always talk about a few key themes: Identity: I am convinced that you need to be able to federate your identity from your on premise solutions to the cloud. You will want to control the process of decommissioning...
  • Security in 2013 – the way forward?

    Typically January is the month where we are asked to make predictions on the trends for the New Year. I do not like this as I am an engineer and not a fortune teller J . But there are things we know and things we definitely need to drive this year. I...
  • Are we sitting on a time bomb?

    I just read another of these studies: Enterprises sitting on security time bomb as office workers compromise company data . Let's briefly look at the findings first: 38% of U.S. office workers admit to storing work documents on personal cloud tools...
  • Unique in the Crowd – False sense of Privacy

    This morning, I was reading a very interesting article called Unique in the Crowd: The privacy bounds of human mobility . This is the abstract: We study fifteen months of human mobility data for one and a half million individuals and find that human...
  • Mitigating Pass the Hash Attacks

    In the recent months, we have seen more and more targeted attacks towards our customers. A lot of them use a technique called Pass the Hash. This made us publishing a paper, which explains Pass the Hash but much more important shows some fairly simple...
  • Targeted Attacks – a Video Series

    Trustworthy Computing in partnership with Microsoft IT, Microsoft Consulting and the product groups just released a series of videos on targeted attacked and how to defend. I would definitely urge you to listen to them and make sure you implement the...
  • Is there a future for Product Certifications?

    Often, when I talk to customers, product certification is one of the key themes they want to address. Especially they want to know about our commitment to Common Criteria and whether our products are certified. Typically we certify an operating system...
  • The Challenge of Patch Management

    Depending on where I travel and with which customers I talk, patch management is still the number 1 issue coming up. Not only is the challenge to deploy the updates – much worse, there is still an awareness issue in a lot of markets. People know that...
  • Cyber Espionage and Targeted Attacks

    This morning I read an article on Infoworld: Why you should care about cyber espionage which – to me – is a strange question. First of all, most companies have to protect some sort of intellectual property. It is not new for the Internet, that state-driven...
  • New book on Direct Access

    A lot of customers are asking us about Direct Access and how you can implement it. Erez Ben Ari (a Senior Support Escalation Engineer at Microsoft) and Bala Natarajan (a Program Manager in our Windows division) wrote a book on that called Windows Server...
  • An Attack via VPN – Really?

    I was just made aware of a case study, which is a really interesting "attack" on a US company via VPN. It is sometimes not like it seems… You should read this: Case Study: Pro-active Log Review Might Be A Good Idea Roger
  • Try Office 365 Home Premium

    Today is the day we launched Office 2013 officially to the broad market. This is a real cool step forward you should look at: Go to http://office.microsoft.com and give it a try. For only $8/year you get the ability to have it on up to 5 PCs or Macs...
  • The Directory in the Cloud?

    It seems that it is an eternity ago – and it is. Pretty much three years ago, Doug Cavit and me published a paper called the Cloud Computing Security Considerations . Even though it is three years, the paper is still worth reading as the content still...
  • Kaspersky Lab: Microsoft software products pretty darn secure

    What a statement! The last time I was on a panel with Eugene Kaspersky, he told us that the world will end and the only way to prevent this from happening is a new really secure OS (and they have one…). And now, I read such statement: Microsoft products...
  • Security Lessons from Star Wars

    Exactly the right article for a weekend: May the (En)Force(ment) Be With You – Security Lessons from Star Wars From applying security policies to DLP and effective user authentication, there are many infosecurity lessons to be learned from the classic...
  • The Future of Crime

    You should spend 15 minutes on this TED talk – really worth it!! http://youtu.be/7_OcyWcNi_Y Roger