Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: Perception: Case in Point

    I love it when a good, real-life example falls right into your lap. As you know from my recent posts, I’ve been doing a series of articles probing Mozilla and Firefox security claims.  I think I’ve been pretty open about why, but I always seem to get pushback around the idea that there might be...
  • Blog Post: Supplemental Data for Calculating Mozilla Patching Speed

    A couple of days ago, Secunia published their Secunia 2008 Report , and one of their tables garnered quite a bit of attention with respect to Mozilla patching quickly: Brian Krebs , Washington Post, Fanning the Flames of the Browser Security Wars Brian Prince, eWeek, Security Report Ignites Firefox vs...
  • Blog Post: 2008 Pwn2Own Winner says Safari is an Easy Target

    Apple Inc.'s Safari is the juiciest target in the upcoming PWN2OWN hacking contest, last year's winner predicted today. "It's an easy target," said Charlie Miller, the vulnerability researcher who last year walked off with a $10,000 cash prize for breaking into an Apple laptop just a few minutes...
  • Blog Post: CIO.COM: Mozilla and “Counting Still Easy…”

    [DISCLOSURE for those who don’t read about boxes: I work for Microsoft.] I admit that I enjoy discussing issues and digging into claims to see if I can find fractures or flaws in logic. When I ran product management teams for companies in previous roles, I would always review our draft product glossies...
  • Blog Post: Hundreds of Pages of New Security Intelligence Now Available: Microsoft Security Intelligence Report Volume 12 Released

    Today we released the latest volume of the Microsoft Security Intelligence Report (SIR) containing a large body of new data and analysis on the threat landscape. This volume of the SIR includes: Latest industry vulnerability disclosure trends and analysis Latest data and analysis of global vulnerability...
  • Blog Post: Firefox in 2008 – No Single Version Available for The Full Year?

    I’ve been busy doing analysis for the next article in my cio.com Firefox series of articles, looking at vulnerability disclosures during 2007 and 2008 and I stumbled upon a little factoid that I had not previously noticed – no single version of Firefox was available for the full year of 2008. In retrospect...
  • Blog Post: CIO.COM: Can Mozilla Support Their Security Claims?

    Mozilla bills Firefox as the most secure Web browser on the planet, but is it really? Follow along with this series and see if the claims hold up to close scrutiny. Today, I started a multi-part article series on cio.com (Security landing page: http://www.cio.com/topic/1419/Security ) probing Mozilla...
  • Blog Post: Brian Krebs Blog on ‘at Risk’ Chart Methodology

    I am a couple of articles into my series: Can Mozilla Support Claims of Firefox Being the Most Secure Web Browser? , and Can Mozilla Support Claims of Firefox Being the Most Secure Web Browser? (Part 2) In part 2, I probed Mozilla’s usage of an ‘at risk’ chart to claim that their customers...
  • Blog Post: Scareware: Don’t Let Scammers Scare You

    Scareware, also known as fake anti-virus software, has become one of the most common methods computer hackers use to swindle your money. If you have had a security alert icon pop up on your computer, you may have been the victim of scareware. In a recent TV interview , I discuss how scareware programs...