It is probably the most important and known encryption device ever: The Enigma – the machine that had a strong influence on WWII. Now you can buy your Enigma on e-bay: http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=270146949978 Roger

If you are working with Microsoft and security you definitely know him – Stephen Toulouse one of the long-term people you know from Microsoft's security units. He worked within the Microsoft Security Response Center as one of our key spokespersons and...

I love that one: Somebody sends e-mails to Hotmail users that their account would expire and they should renew it – the attacker gets UserID/Password… Then a mail is sent on behalf of the user to their friends to tell them that they are stuck in Nigeria...

Isn't it true? Don't we always say that there is a PICNIC problem (Problem in Chair, not in Computer)? When we talk about security we often talk about the user – and this is right so. But do we always give the user what he needs to protect their information...

We, being security professionals, are often "just" looking for the most secure way to implement a certain task. Often we tend to forget the user when we implement these measures. I once visited a customer showing me their ultimately secure solution to...

Often the Small and Medium Businesses do not have IT resources available and it they have, the person is a IT Generalist. We try to help these kind of people to get structured and organized around the core security challenges. Therefore we published yesterday...

Looking at my father's PC I always faced the same problem: I wanted to give him a solution that actually took care of his PC without having me too often involved J . Some time ago, we had some particular solutions: Backup (use the backup in Windows...

I blogged about three important announcements we made a few months ago ( http://blogs.technet.com/rhalbheer/archive/2007/04/25/three-microsoft-announcements.aspx ). The different malware teams are ramping up heavily and I am looking forward to working...

I wrote several times already about responsible disclosure and irresponsible disclosure. My point on that is clear: Every vendor has to have transparent and clear processes to handle vulnerabilities. These processes ensure that there will be a timely...

There were recently different articles about crime on SecondLife . What is interesting to me is that a lot of these started to express their surprise.In certain blogs I read statements like: SecondLife is so cool, how could somebody even think of this...

Before I actually start with content, let me briefly give you some background: I took the role of the Chief Security Advisor (CSA) in EMEA (Europe, Middle East and Africa) after having been 5 years the CSA in Switzerland. I went through all the nice challenges...

Jeff just posted his next version of the Windows Vista Vulnerability report to his blog. He is now looking at the first six months of Windows Vista and how the vulnerabilities developed compared to Windows XP and some other Operating Systems. Happy...

I recently purchased a PC for my parents and then started to install it – well actually used the OEM installation to get it up and running with Windows Vista Home Premium. I was pretty surprised how easy it was to actually have a running system (I usually...

ITU just launched a pretty interesting portal: If you were ever looking for a standard in the security space (not only ITU standards) go and see this portal: ICT Security Standards Roadmap Roger

Last week the first Digital Phishnet Conference in Europe took place in Berlin. Basically Digital Phishnet is an initiative to help to exchange information about Phishing-Sites in order to help enforcement. This is the core mission: Supporting Law Enforcement...

Every once in a while I am left scratching my head. Over the last few days a few blog postings have popped up on a subject and I am at a loss to understand why. I’m not the only one – several security industry colleagues have been in touch and have said...

It happens again: There seems to be a faked message giving users the impression that we are sending it out taking into account that it is “Update Tuesday” tomorrow. And they are still successful! Just to stress it once again: We are never, never, never...

A pretty interesting article about a guy trying to find a network compromise - he actually did, knowing that there is close to no chance to find the criminal behind the attack. By the way, the criminal only got access to two years worth of credit card...

Actually I did not want to blog about this, but when I read this article, I had to. This is a quote from an article written in 1987 making people predict the future - 2007. Look at Bill's prediction and enjoy: http://blog.seattlepi.nwsource.com/microsoft...

I recently blogged about three major announcements we made: http://blogs.technet.com/rhalbheer/archive/2007/04/25/three-microsoft-announcements.aspx On that I got some comments (public and private) and some wishes. Thank you all forthis feedback. I...

Recently during an event at a University, I had the pleasure to participate in a panel discussion and it did not take too long until I was heavily in disagreement with the professors there. The reason? It became a discussion around consumer security and...

Over the last few months it became evident: The attacks are moving up the stack. We see less and less attacks on the operating systems but much, much more on the application. This is a trend that was basically predicted and unfortunately in this case...

Over the last few years, often when I met customers I asked them several question: Are you happy with our monthly Security Update rhythm? How do you see the quality of the Security Updates? Any feedback to the Security Bulletins? Often...

This week I am staying on the Campus in Redmond for internal meetings. By accident it happened to me that our Bluehat briefings are taking place and I had a chance to attend the Executive Day this afternoon. If you want to know more about Bluehat, visit...

Michael Howard did a very good analysis of the ANI vulnerability and showed what we learned and where we will improve SDL (the Security Development Lifecycle). He posted that on our new SDL bog: http://blogs.msdn.com/sdl/archive/2007/04/26/lessons-learned...