Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

September, 2006

  • Symantec's Plea : Protect our Protection Racket

    I must emphasize that these are my thoughts as an individual and do not necessarily reflect those of Microsoft, or MSN, or any of the teams I happen to work with. While some of the notions in this article may be provocative, they are consistent with my charter of provoking thoughtful discussions and look at issues from different angles. I've been reading the public rhetoric from Symantec concerning Windows Security Center like, Symantec Calls Out Microsoft Over Vista Security Center, where they...
  • Real Life Protection! IE7 on Vista

    Happy day, if you get this dialog box: This screenshot comes from Zdnet article Vista passes one security test that points out some of the benefits of the multiple levels of security in IE7 and Windows Vista, with respect to the zero day issue warned about in and Microsoft Security Advisory and fixed yesterday with MS06-055 . My favorite quote is this: Now, it's important to note that the developers of IE7 clearly had no idea that this vulnerability existed in IE6. But their development...
  • Ubuntu 6.06 LTS (Dapper Drake) - 90 Day Security Vulnerability Scorecard

    Based upon Debian, Ubuntu has cool release names like "Warty Warthog", "Hoary Hedgehog", "Breezy Badger" and "Dapper Drake" and is certainly the current fair haired Linux. Warty Warhog, aka Ubuntu 4.10, was the first release in October 2004. Dapper Drake, released on June 1 of this year added Ubuntu to the ranks of Enterprise Linux with Ubuntu 6.06 LTS (Long Term Support), committing to supporting that "snapshot" of components for 3 years on the desktop version and 5 years on the server. In comparison...
  • What If? The First Days of a Security Enhanced OS ...

    This story is especially dedicated to all the new IT Pro friends I met in Budapest this past week. I had meant to share this story with you, but it got squeezed out by more important discussions... With the Windows Vista release drawing more near each week, I've been thinking back to the release of Windows Server 2003, which had been through the earlier version of the SDL and was expected to improve security for customers quite a bit. Of course, it was inevitable that vulnerabilities would eventually...
  • Stepto Has *not* Left the Building

    Not building 27, nor the security team, that is. A couple of days ago, I'm on the phone with a colleague from another group, who says "hey, I heard, Stepto (aka Stephen Toulouse) is leaving the STU to join the Windows Vista team." I said, "err... I don't think so." So he sent me a link to this story: MS Security Manager Joins Vista Team . They even point to his blog where he supposedly says this. So, I went and looked and he actually says he's taking a "new opportunity" that is "a broader role...
  • New Firefox (sort of) Available

    I had heard that the Firefox update would be coming out last week, then I heard the 12th and then I heard the 14th. Looks like it is out on the ftp server now: ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/1.5.0.7/win32/en-US/Firefox%20Setup%201.5.0.7.exe , but they're not yet pointing to it on the FF site, http://www.mozilla.com/firefox/ . I've been wanting to dig into browser security and vulnerabilities, so I'm looking forward to the official release of this, along with an update to...
  • Mozilla Chief Security Something-or-Other

    Well, I've had a busy couple of weeks, including selling a house, buying a house and moving - which didn't leave much free time for blogging, so I am a bit behind on current events. So, let me start the catch-up with a human interest post. Window Snyder, a former colleague and all around great security professional has joined the Mozilla team. According to my LinkedIn connection, she is the Chief Security Something-or-Other at Mozilla. I've seen that title referred to a couple of times, so it...