Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

September, 2011

  • The Threat Landscape in Africa & the Internet Governance Forum

    The sixth annual United Nations Internet Governance Conference (UN-IGF) meeting is being held this week (September 27-30, 2011) at the U.N. Office in Nairobi, Kenya (UNON). The main theme of this meeting is “Internet as a catalyst for change: access, development, freedoms and innovation.” Representatives from government and industry from numerous places in Africa will be gathering to address a host of Internet governance topics, including security. A delegation from Microsoft is in attendance. Historically...
  • Playing Better Defense: Protecting Against Cyber Threats

    I’m happy today to introduce a guest blog post by Matt Thomlinson, the General Manager of Trustworthy Computing Security at Microsoft, who leads the Microsoft Security Engineering Center (MSEC), the Microsoft Security Response Center (MSRC), and Global Security Strategy & Diplomacy (GSSD). His teams are responsible for proactively implementing training, tools and processes of the Security Development Lifecycle (SDL) to improve the security of Microsoft products. Matt is speaking today...
  • Weekly Roundup : Sep 2, 2011 : DigiNotar and Fraudulent Google Cert

    Trending Security News The big security news this week focused on the security breach of Dutch certificate authority DigiNotar, a subsidiary of Chicago-based Vasco Data Security. This significance of the event was underscored when it was announced that one of the certificates affected by the breach was for Google.com. ReadWriteHack summed up industry concerns with its headline: SSL Certificates: What’s Left to Trust?   Organizations swiftly responded to block potentially bad certificates from...
  • Targeted Attacks and the Need to Keep Document Parsers Updated

    Over the past few years there has been a lot of concern about “advanced persistent threat” and targeted attacks such as “spear-phishing” and “whaling”. In my discussions with security professionals in different parts of the world I have encountered many different views on the risks associated with these attacks, ranging from disbelief that they actually happen to the belief that every email with an attachment contains an exploit. The Microsoft Security Engineering Center (MSEC) studies such attacks...
  • Weekly Roundup : Sep 30, 2011 : Microsoft and Kaspersky Lab Take Down the Kelihos Botnet

    Trending Security News More good news this week on the botnet front, with reports that Microsoft and Kaspersky Lab had succeeded in taking down the Kelihos botnet, a collection of some 41,000 infected computers worldwide that was capable of sending spam at the rate of 3.8 million e-mails per day. Kaspersky lab played a staring role in defining and then sinkholing the botnet to render it inactive, as described in The Inside Story of the Kelihos Botnet Takedown . The importance of taking down botnets...
  • Protective Steps for Fraudulent DigiNotar Certificates

    Last week, Microsoft released Security Advisory 2607712 , notifying customers that fraudulent digital certificates had been issued by certificate authority DigiNotar.   Earlier this week, the Microsoft Security Research & Defense Blog (srd blog) posted further guidance explaining more about the potential risks and actions you can take to protect yourself from any potential attacks that would leverage those fraudulent certificates. The srd blog post provides details risk and actions...
  • Weekly Roundup : Sep 9, 2011 : DigiNotar Reverberations Continue

    Trending Security News DigiNotar continued to reverberate through the industry this week. Companies scrambled to block and eliminate potentially compromised certificates. Meanwhile security experts took time to ponder what the event meant for security going forward. This led to headlines that included: Are Digital Certificates Doomed? and Cracked digital certificates endanger 'web of trust' . Against this backdrop, and other security breach stories that have been with us this year, law makers in...
  • Read the Series: Lessons from Least Malware Infected Countries

    Tim Rains’ recent series on Lessons from the Least Malware Infected Countries has been very popular, so we created a page that brings all of the links together so that it is easier to read through the full series of posts. Click here to go to the full series page.   Regards ~Jeff
  • Weekly Roundup : Sep 16, 2011 : Bot Net Armies and Heidi Klum

    Trending Security News Sometimes the juxtaposition of stories you read is kind of interesting. Over at Network World, Tim Greene authored an article Bot army being assembled, awaiting orders . While CNET News reported Heidi Klum the 'most dangerous' celeb on the Net . It appears as if Klum , a model, actress, and television host is quite a popular subject of online searches, and about 10 percent of search results on her are reported to be malicious – leveraging the “social engineering” power of Ms...
  • Trip Report: Securing Control Systems in our Critical Infrastructures

    I am just returning from Washington, DC where I had the privilege to attend and present at the Control Systems Cyber Security Conference . I have attended this annual conference several times in the past and it never fails to attract some of the brightest minds in the field. Over three days the single track conference featured speakers from government, vendors, end users and security researchers. Industrial Control Systems (ICS) are at the core of many of our critical infrastructures such as electric...