Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

Browse by Tags

Related Posts
  • Blog Post: Bogus Microsoft sweepstakes emails

    Over the past month I've received at least three enquiries from people asking about the legitimacy of emails claiming the recipients have won large amounts of money in a Microsoft sweepstakes or lottery -- often 500,000 British pounds. This is an easy question to answer: they're fake. Recently, someone...
  • Blog Post: FanBox: the latest in password scams

    Looks like spammers have found yet another way to worm (ha ha) themselves into the computers of the unsuspecting. In my junk email folder this morning, I saw this message: From: Question It [mailto:question_it@fanboxapps.com] Sent: Monday, January 07, 2008 2:34 To: Steve Riley Subject: Ratul has...
  • Blog Post: Today’s spam

    Here’s what’s in my junk mail folder today: What is up with all that? Apparently I sent a payment to myself, I initiated another payment to myself, I am a user of myself who’s received exclusive offers for January, and I received a payment from myself. Wow! Furthermore, an internal discussion group ...
  • Blog Post: Did you know that you ALREADY have an e-mail policy?

    An email access policy can be expressed in one of two ways: E-mail is mission critical to our business. Therefore, we permit employees to read and compose e-mail from any location in the world where employees can access the Internet, using either company-issued devices or public Internet terminals...
  • Blog Post: The opt-out from hell

    One problem with making your email address available (which I will continue to do, don't worry) is that folks with something to sell assume you're interested in their stuff. To wit, let's consider an email I received today (copied, headers and all, after my griping). Note that if I want to opt out of...
  • Blog Post: Cluelessness abounds

    So yesterday I received a rather interesting email. Subject: "INFOSEC Scholarships & Fellowships for PhD or MS + Free CISSP Exam Prep Events." Hm, I didn't know that "information security" suddenly became an all-caps acronym. How come no one asks me first about these things? Anyway, it purports to...
  • Blog Post: Tell us about the junk email you receive

    Another gem in the download center: an Outlook (2003/2007) add-in with which you can report junk email to FrontBridge. Junk E-mail Reporting Tool 1.0 for Outlook The Junk E-mail Reporting Tool submits e-mail to Microsoft when you explicitly choose to do so. If you receive a junk e-mail and want...
  • Blog Post: What do YOU need out of two-factor authentication?

    Two-factor authentication continues to grow in popularity and emerge as a security requirement for many people I meet with. At Microsoft, we use smartcards internally for VPN access right now; soon we'll be requiring smartcards for domain logon, too. We are also looking at ways to require two-factor...