This paper by the Geneva Centre for the Democratic Control of Armed Forces (DCAF) was just brought to my attention. A piece of work, which is definitely worth working through. It lays out the problem space and then does a deep dive into the different...

An interesting article by ISACA: Six predictions for CIOs . Here they are: Prediction 1: Cloud computing is here to stay and will become business as usual. Prediction 2: Virtualization will be a catalyst that drives IT modernization. Prediction 3: IT...

This is one of the rare more private posts on this blog and this time has nothing to do with security at all. Since ages one singer was always part of my wife’s and my live: Chris de Burgh. And even if it is uncool in our kid’s world, they love him and...

On March 24th, we got the certificate for the Common Criteria certification for Windows 7 and Windows Server 2008 on EAL 4+. Here are the certified products: http://www.commoncriteriaportal.org/products/ and here you find the certificate . A great job...

That’s really interesting: Impressive! Roger

A few years ago, I wanted to run an exercise with our incident response team in Switzerland. A customer, the government and me came together to develop the goals and the scenario. One of the key question we tried to answer together with the university...

A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk...

It is kind of strange: I worked with some kids on Tuesday on online safety challenges and mainly we talked about Facebook, Netlog, Twitter etc. We had a lot of very good discussions with them about how to protect your privacy Tonight we will talk to the...

Forbes posted: The World's Most Ethical Companies . I quote: The Ethisphere Institute, a New York City think tank, has just announced its fifth annual list of the World's Most Ethical Companies. The selection, open to every company in every industry around...

You know that we are trying to get rid of outdated versions of IE like IE6: IE6 Countdown–Migrate to IE8 (or IE9) – as we released IE9 to the web, it is not about moving to IE8 or IE9 but moving to Internet Explorer 9. If you want to know more about IE9...

It seems that RSA got attacked and might have lost some information. They actually took a really courageous step and went public and the Executive Chairman wrote an open letter . To quote: While at this time we are confident that the information extracted...

My manager was on the Tokyo airport, when the earthquake started. We had a chat yesterday about this – he is back home in the meantime – and he told me that he was very surprised that, while the phone network broke Internet still worked and he was able...

FTC released their Consumer Sentinel Network Data Book for January – December 2010 . The interesting and scary thing is that fraud via phone is on the raise. We get more and more complaints by customers as well, telling us that they got a call from “Microsoft...

10 years ago a browser was born. Its name was Internet Explorer 6. Now that we’re in 2011, in an era of modern web standards, it’s time to say goodbye. We all know that Internet Explorer 6 is outdated and that you should move away...

Botnets are one of the toughest problems in the world of Cybercrime today. At least, this is what we think… ENISA just published an interesting paper called Botnets: 10 Tough Questions , which raise questions about e.g. the size of botnets or better the...

You might have seen this experiment but it is absolutely astonishing. A guy called Andy from Scotland tested the upgrade path from Windows 1 through to Windows 7. 10 minutes worth investing if you want to get some nostalgic feelings: Here is the original...

I just read this article on Google pulling 50 applications from their Android marketplace ( Google uses remote delete to remove Android apps from smartphones – Update ). A very good decision as these apps leverage an exploit to access user data. However...

It is a repeating pattern but not the less disgusting. Whenever bad things happens on the globe, the criminals are not far. This happened during hurricane Katrina, the tsunami in Indonesia, the earthquake in Haiti and now, not surprisingly in Libya as...

I just got this from a friend of mine: European heaven : You are invited to an official dinner. The English welcomes you, the French is cooking, the Italian is making the show and the event is organized by the German. European hell: You are invited to...

You might have heard that we will ship an update for Windows Phone 7 soon. Yes, with some new functionality, I am waiting for as well. In the next few days we update the update mechanism to make the delivery for the next version smoother. The interesting...

Just a reminder: I am slowly consolidating my blog to http://www.halbheer.info/security . So, if you still read this, I would appreciate you moving over as I do not want to lose you as a reader Thank you Roger

A new version of this guide went live – I think something, you should look at. There is a methodology and a process in detail: So, if you want to learn more: http://technet.microsoft.com/en-us/library/cc162838.aspx Roger

Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches: Fake Phone Networks : I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too worried...

Microsoft Malware Protection Center published a document on Battling the Zbot Threat , a special edition of the Security Intelligence Report . It is a very good document, worth looking at. This is the intro (to make you curious for more): This document...

It kind of reminds me of someone – but whom? Roger source: Dilbert website