Steve Riley on Security

Formerly of Microsoft's Trustworthy Computing Group.

Steve Riley on Security

  • Blog relocated again

    Just a quick update, to make sure everyone knows. I've moved my blog from MSInfluentials to WordPress.com. Please update your aggregators/bookmarks/favorites to http://stvrly.wordpress.com . I've posted the reasoning for my move, as well as a description...
  • Good bye, and good luck

    Friends, as a part of Microsoft’s second round of restructuring, my position was eliminated yesterday and my employment with Microsoft has ended. While there were many rewards that came from my job, the most satisfying element was knowing that our time...
  • If you know the Conficker dude, we've got a prize for you

    Yesterday (12 February 2009) Microsoft announced a partnership with technology industry leaders and academia to implement a coordinated, global response to the Conficker (aka Downadup) worm. Together with security researchers, Internet Corporation for...
  • Today’s spam

    Here’s what’s in my junk mail folder today: What is up with all that? Apparently I sent a payment to myself, I initiated another payment to myself, I am a user of myself who’s received exclusive offers for January, and I received a payment from myself...
  • Attacks against integrity

    I’ve been mentioning this frequently during my talks in the last 12 months: that accidental or malicious data modification is yet something else we need to defend against. Richard Bejtlich wrote last year about attack progressions , and this year summarized...
  • I want a Model 22 HDD Hard Drive Disintegrator

    Here at Microsoft we have an active internal discussion group where most security-minded folk hang out. The topic of data destruction came up recently, it’s actually a lot more difficult than most people think. CIPHER /W and SDELETE do a reasonable job...
  • Questions about virtualization and security?

    Yesterday, Donnie Hamlett, a Microsoft core infrastructure optimization specialist, gave a webcast and played a video of my TechEd presentation on virtualization and security. Some of the viewers had questions, and I offered to Donnie that they could...
  • Poll: do you use scheduled scans for malware?

    An  interesting comment recently appeared on my older post about whether or not to use antimalware software. Peter van Dam wondered whether scheduled scans are really necessary, given that anti-malware products scan files as they enter (and sometimes...
  • Updated Microsoft Security Assessment Tool

    Greetings. In case you haven’t already read about it, we recently updated the Microsoft Security Assessment Tool (MSAT). Version 4.0 hit the web on 31 October. It’s been four years since the initial release, and two years since the prior version. Between...
  • Reading list from “How IT will change in the next 10 years”

    At Windows Connections two weeks ago, during my keynote speech “How IT will change in the next 10 years and why you should care,” I mentioned several books worth reading. Many of you have asked for the list; here it is: The Cathedral and the Bazaar by...
  • Comments, administrivia, and the future of the “infosec professional”

    Back when the spam was spiraling out of control, I configured my blog to close comments after 90 days. I’ve removed the limitation now, for two reasons: the spam is under control, and I wanted to reply to a comment made to my post on IPsec/IPv6 direct...
  • Ethernet and WiFi and Bluetooth, oh my!

    Customers have long requested a way to configure a computer to automatically disable its wireless NIC when its Ethernet is in use. Many third-party utilities can do this for you, but neither XP nor Vista have a built-in way to accomplish this, nor will...
  • Passgen tool from my book

    Way back in 2005, Jesper Johannson and I wrote Protect Your Windows Network . It’s still available , and although its product set is now somewhat dated (Windows XP and Server 2003), much of the practical advice about security policies, social engineering...
  • Sao Paulo, here I come

    I have a new TechEd destination this year: Brazil. It’ll be my first time to speak at our event there; indeed, even my first time to travel to South America. I’m looking forward to it. The event runs during 14-16 October 2008 . I’m delivering the same...
  • Internet Explorer security levels compared

    A pretty good question came across the newsgroups the other day. Someone was asking what are the differences between IE's "medium" and "medium-high" security settings. I did some digging, and found only this on MSDN: About URL security...
  • The opt-out from hell

    One problem with making your email address available (which I will continue to do, don't worry) is that folks with something to sell assume you're interested in their stuff. To wit, let's consider an email I received today (copied, headers and all, after...
  • Blamestorming

    So, let's recap the sequence of events: The Sun-Sentinel newspaper in Fort Lauderdale accidentally republishes a six-year-old news story about the bankruptcy of UAL. It wasn't on the home page, but instead buried somewhere inside the web site. Google...
  • Who is "dodacrazy" and what is a "montize buddy"?

    Check this out: http://blogs.technet.com/steriley/archive/2008/06/25/directly-connect-to-your-corpnet-with-ipsec-and-ipv6.aspx#3122377 Hey Steve you and your montize buddy Scott will soon have your hands full after the federal officers come down on your...
  • TechEd 2009: Never too early to start planning

    What's on your mind? What do you want to learn more about? Tell me, tell me... Oh, and for 2009 I plan to stay at TechEd US for both weeks. I want to start spending more time with developers -- they need some security love too :)
  • [OT rant] Are there any home WiFi routers that DON'T SUCK?

    Warning: rant ahead, and names named. When I'm not traveling, I like to work from home some days rather than endure the trek from Seattle to Redmond (although it's much better now that our own employee transit service has expanded into my neighborhood...
  • Tweet!

    The other day an office mate asked, "Do you twitter?" Sorting through the various snarky remarks that immediately popped to mind, I replied that I didn't think anyone would find my routine bits all that interesting. He suggested otherwise: that...
  • Directly connect to your corpnet with IPsec and IPv6

    Contrary to popular belief, the rumors of my demise have been greatly exaggerated. Well, ok, no actual rumors, but hey, one can dream, huh? My spring calendar was full of events in Asia and Australia, then TechEd US seemed to suddenly appear out of nowhere...
  • Do you need RMS/IRM in Office for Macintosh?

    Please let me know if this is a feature you'd be interested in. We're looking to build the business case to develop it, and the best way to do that is for you, our customers, to let us know. Also, if any of you want to deploy RMS now but can't because...
  • Throw away your digital picture frames

    Surely time itself has warped and it's suddenly April 1st. Come on, if you read the following, wouldn't you first think it was a hoax, as did I? Virus from China, the gift that keeps on giving An insidious computer virus recently discovered on...
  • Supporting your family, friends, and neighbors

    By Steve Riley Senior Security Strategist Trustworthy Computing Group, Microsoft Corporation (originally published at http://www.microsoft.com/technet/community/columns/secmgmt/sm0208.mspx ) I’ve met thousands of IT pros during my years speaking at conferences...