Just a quick update, to make sure everyone knows. I've moved my blog from MSInfluentials to WordPress.com. Please update your aggregators/bookmarks/favorites to http://stvrly.wordpress.com . I've posted the reasoning for my move, as well as a description...

Friends, as a part of Microsoft’s second round of restructuring, my position was eliminated yesterday and my employment with Microsoft has ended. While there were many rewards that came from my job, the most satisfying element was knowing that our time...

Yesterday (12 February 2009) Microsoft announced a partnership with technology industry leaders and academia to implement a coordinated, global response to the Conficker (aka Downadup) worm. Together with security researchers, Internet Corporation for...

Here’s what’s in my junk mail folder today: What is up with all that? Apparently I sent a payment to myself, I initiated another payment to myself, I am a user of myself who’s received exclusive offers for January, and I received a payment from myself...

I’ve been mentioning this frequently during my talks in the last 12 months: that accidental or malicious data modification is yet something else we need to defend against. Richard Bejtlich wrote last year about attack progressions , and this year summarized...

Here at Microsoft we have an active internal discussion group where most security-minded folk hang out. The topic of data destruction came up recently, it’s actually a lot more difficult than most people think. CIPHER /W and SDELETE do a reasonable job...

Yesterday, Donnie Hamlett, a Microsoft core infrastructure optimization specialist, gave a webcast and played a video of my TechEd presentation on virtualization and security. Some of the viewers had questions, and I offered to Donnie that they could...

An  interesting comment recently appeared on my older post about whether or not to use antimalware software. Peter van Dam wondered whether scheduled scans are really necessary, given that anti-malware products scan files as they enter (and sometimes...

Greetings. In case you haven’t already read about it, we recently updated the Microsoft Security Assessment Tool (MSAT). Version 4.0 hit the web on 31 October. It’s been four years since the initial release, and two years since the prior version. Between...

At Windows Connections two weeks ago, during my keynote speech “How IT will change in the next 10 years and why you should care,” I mentioned several books worth reading. Many of you have asked for the list; here it is: The Cathedral and the Bazaar by...

Back when the spam was spiraling out of control, I configured my blog to close comments after 90 days. I’ve removed the limitation now, for two reasons: the spam is under control, and I wanted to reply to a comment made to my post on IPsec/IPv6 direct...

Customers have long requested a way to configure a computer to automatically disable its wireless NIC when its Ethernet is in use. Many third-party utilities can do this for you, but neither XP nor Vista have a built-in way to accomplish this, nor will...

Way back in 2005, Jesper Johannson and I wrote Protect Your Windows Network . It’s still available , and although its product set is now somewhat dated (Windows XP and Server 2003), much of the practical advice about security policies, social engineering...

I have a new TechEd destination this year: Brazil. It’ll be my first time to speak at our event there; indeed, even my first time to travel to South America. I’m looking forward to it. The event runs during 14-16 October 2008 . I’m delivering the same...

A pretty good question came across the newsgroups the other day. Someone was asking what are the differences between IE's "medium" and "medium-high" security settings. I did some digging, and found only this on MSDN: About URL security...

One problem with making your email address available (which I will continue to do, don't worry) is that folks with something to sell assume you're interested in their stuff. To wit, let's consider an email I received today (copied, headers and all, after...

So, let's recap the sequence of events: The Sun-Sentinel newspaper in Fort Lauderdale accidentally republishes a six-year-old news story about the bankruptcy of UAL. It wasn't on the home page, but instead buried somewhere inside the web site. Google...

Check this out: http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx#3122377 Hey Steve you and your montize buddy Scott will soon have your hands full after the federal officers come down on your...

What's on your mind? What do you want to learn more about? Tell me, tell me... Oh, and for 2009 I plan to stay at TechEd US for both weeks. I want to start spending more time with developers -- they need some security love too :)

Warning: rant ahead, and names named. When I'm not traveling, I like to work from home some days rather than endure the trek from Seattle to Redmond (although it's much better now that our own employee transit service has expanded into my neighborhood...

The other day an office mate asked, "Do you twitter?" Sorting through the various snarky remarks that immediately popped to mind, I replied that I didn't think anyone would find my routine bits all that interesting. He suggested otherwise: that...

Contrary to popular belief, the rumors of my demise have been greatly exaggerated. Well, ok, no actual rumors, but hey, one can dream, huh? My spring calendar was full of events in Asia and Australia, then TechEd US seemed to suddenly appear out of nowhere...

Please let me know if this is a feature you'd be interested in. We're looking to build the business case to develop it, and the best way to do that is for you, our customers, to let us know. Also, if any of you want to deploy RMS now but can't because...

Surely time itself has warped and it's suddenly April 1st. Come on, if you read the following, wouldn't you first think it was a hoax, as did I? Virus from China, the gift that keeps on giving An insidious computer virus recently discovered on digital...

By Steve Riley Senior Security Strategist Trustworthy Computing Group, Microsoft Corporation (originally published at http://www.microsoft.com/technet/community/columns/secmgmt/sm0208.mspx ) I’ve met thousands of IT pros during my years speaking at conferences...