For those who didn’t make it down to San Francisco this year, I took a series of photos to share the experience. While each year is similar in some ways to the previous ones, the theme always stands out – and this year it was Alice and Bob , who were joined by Malicious Mallory in red, representing the concept of the malicious attacker trying to get between Alice and Bob. Back in 1978, the developers of the RSA algorithm for public key signing and encryption introduced...

Trending Security News Mark this phrase – “trusted supply chain.” It is not in Wikipedia yet, but it is an important discussion point for managing cybersecurity and risk that looks at the question of where your software came from and who touched it before it was deployed on your platforms. There were a few stories this week and go directly to this issue in a way that people have personally experienced. Google removes 21 apps infected with malware from its Android Market...

Today, the Microsoft Security Response Center released three bulletins addressing four vulnerabilities in Microsoft Windows and Microsoft Office. One bulletin is rated Critical, and this is the bulletin we recommend for priority deployment: MS11-015 . This bulletin resolves one Critical-level and one Important-level vulnerability affecting certain media files in all versions of Microsoft Windows. It has an Exploitability Index rating of 1. Due to the nature of the affected software, this bulletin...

  The Internet Explorer 6 Countdown has begun. Internet Explorer 6 released in August of 2001, even before Windows XP.  To give perspective on this 10 year old technology, let’s look at some comparisons. If you use 10 year old technology … You would be using … Internet Explorer Internet Explorer 6 Mac OS X Mac OS X “Cheetah” 10.0 Red Hat Red Hat Linux 6.2 “Zoot” Photoshop Photoshop 6.0 “Venus in Furs” iPod nada – not yet released It is time to move on. Join the cause We know that web developers...

As I wrote in February ( Changes Coming to blogs.technet.com/security ), we’re expanding the scope of the Microsoft Security Blog to include a broader set of contributors. I’d like to introduce you to Kevin Sullivan, a Senior Security Strategist in our Trustworthy Computing group.  Kevin is currently focused on realizing Microsoft’s Collective Defense for Internet Health proposal including leading botnet cleanup operations with the Microsoft Digital Crimes Unit , building ecosystem support,...

Over the past year, we have been looking at how to apply concepts from public health to address internet security. Last week I noticed two new reports published by the European Network and Information Security Agency (ENISA) on the topic of botnets. The reports make a key observation that “research on botnets is the key to analyzing, understanding and finally mitigating botnets.” Like the amazing breakthroughs that scientific research has made possible in fighting human diseases, protecting our information...

Yes, now that the court has unsealed the case, Microsoft can comment on the takedown of the large, notorious and complex botnet known as Rustock. This operation, known as Operation b107, is the second high-profile takedown in Microsoft’s joint effort between the Microsoft Digital Crimes Unit (aka DCU), Microsoft Malware Protection Center and Trustworthy Computing – known as Project MARS (Microsoft Active Response for Security) – to disrupt botnets and begin to undo the damage...