Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: Mac OS X Security - Reality Check #1

    UPDATE: A colleague sent me a link to the source paper that the article discusses: http://www.techzoom.net/papers/blackhat_0day_patch_2008.pdf . As anyone who reads my blog knows, I like to shine a light on areas of common security misperceptions. I am even happier when others do it. I think Apple...
  • Blog Post: Exploitability Index - More Information for Customers

    Yesterday at Black Hat 2008, along with some other stuff , we announced that we will be adding some new information to Security Bulletins - an "Exploitability Index" for each of the vulnerabilities addressed by the bulletin. Based upon talking with Microsoft customers over the past five years, they are...
  • Blog Post: Weekly Roundup : Dec 30, 2011 : Taking a Look Back at Some of the Year’s Top Security Stories

    Trending Security News In August we started posting the Weekly Roundup to share trending security news from many viewpoints. Week by week the flow of news provides insights into the ever growing challenges faced in the global efforts to secure cyberspace, as well as the progress made and security...
  • Blog Post: Live from the ?Configuresoft? Conference

    I thought I'd share a quick story from Black Hat. So, I went Caesar's and headed back to the conference area to register and get my badge. As I neared the escalators, I started seeing a lot of folks with badges on that said "Configuresoft." I thought, hmm, there must be another conference going on here...
  • Blog Post: Mac OS X Security - Reality Check #2

    First, let me express a caveat. I don't really care for "hack the box" contests. If a machine doesn't get hacked, it does not mean it isn't breakable. If it does get hacked, it just shows us what we already know - any machine can be broken under the right circumstances. So, don't read too much into the...
  • Blog Post: Weekly Roundup : Aug 5, 2011 : Black Hat and the Blue Hat Prize

    Trending Security News An eventful week with plenty coming out of the Black Hat conference, the Microsoft Blue Hat prize , publication of the EWI Cybersecurity Summit Report , and more, covered below. Black Hat USA 2011 With Black Hat USA 2011 running this week there were plenty of stories about cyber...
  • Blog Post: New MSRC Progress Report 2012 Now Available

    Today we released the fourth annual Microsoft Security Response Center (MSRC) Progress Report . This report highlights advancements in various Microsoft information sharing initiatives that foster deeper industry collaboration, increase community-based defenses, and better protect customers. This...
  • Blog Post: Black Hat 2008, Here I Come...

    Tomorrow, I set off for Black Hat 2008 in Las Vegas to join colleagues that are already there (see Defend the Flag: Roguery Abounds! , over on the new MSRC Ecostrat blog .) As always, I am excited to head over to this conference to see if anything new and exciting will be presented and of course, to...
  • Blog Post: The Four Horsemen of CLeopatra's Barge

    One of the more interesting session I went to yesterday was a talk by Chris Hoff called " The Four Horsemen of the Virtualization Apocalypse ." (If you've never read Hoff's blog, you should check it out at http://rationalsecurity.typepad.com/ .) I thought I was keeping a close eye on security and virtualization...
  • Blog Post: Black Hat : Got2 Luv the H8ers

    So, this afternoon, I'm in the Microsoft booth at Black Hat when this guy comes up (badge hidden of course) and starts talking to some of my colleagues. Right away, it was pretty obvious that he was antagonistic. I will refer to him as "h8er" from here on out. Though I am paraphrasing a bit, this is...
  • Blog Post: Weekly Roundup : Aug 12, 2011 : Dissecting a Shady Rat

    Trending Security News Probably the most widely discussed and interesting story in security news was the follow-on activity from McAfee’s disclosures last week of “Operation Shady Rat.”   As we noted previously , Vanity Fair called it an “unprecedented cyber-espionage campaign and intellectual property...