Really interesting article. Military mindset no longer applicable in our line of work http://searchsecurity.techtarget.com/columnItem/0,294698,sid14_gci1171862,00.html My favorite bit: "Obviously, secrecy is important to business, as is the ability...

Today I upgraded the brain on my i-mate K-JAM. Which, of course, requires a hard reset, meaning that I get to spend a relaxing day re-installing and configuring all my applications. Usually when I do this (too frequently, it seems) I browse around for...

Recently I seem to have had the same conversation over and over again, in places as far apart as Jakarta, Winnipeg, and Berlin. The question is usually worded like this: "What happens if someone steals one of my domain controllers?" There is...

So the CEO of an important customer of ours (no, I won't tell you who it is) claims to be, um, "very technical" and therefore keeps his own Windows domain and refuses to be part of the corporate forest. Go ahead, take a moment to express your astonishment;...

Some dates have changed: we had to move the days for the Southeast Asia roadshow in Viet Nam. Also, I'm speaking at MEDC (Mobile and Embedded DevCon) this year -- a presentation on how Microsoft's IT department secures mobile computing. I've updated the...

http://www.microsoft.com/technet/technetmag/issues/2006/03/SecurityWatch/default.aspx In those good old easy-to-manage pre-mobility days, personal computers presented few actual threats to a network. Sure, there was the occasional virus you’d get from...

My February Security Management column is posted: http://www.microsoft.com/technet/community/columns/secmgmt/sm0206.mspx No matter what kinds of technological or procedural advancements occur, certain principles of computer science will remain ...

Wow! After what seemed like a too-short month off (December), the work has resumed with vigorous intensity. Here are my public appearances in the coming weeks and months: 24 Jan : Beyond the Firewall security seminar in Jakarta 7-8 Feb : I.T. Professional...

OK, I have to unload a burden here. I often interact with the tech press in various places throughout the world. I've had wonderful, productive meetings with many fine journalists. New Zealand and Malaysia particularly stand out in my memory. However...

Soon I will begin a research project into quantifying and expressing return on security investment. From conversations I've had with many conference attendees, there's a need for developing a basic understanding of how to measure ROSI so that budget money...

You know, stupid security abounds. I just discovered this site today, and I plan to become a regular visitor -- and probably a contributor, too! I encourage you to explore it and enjoy. Oh, some advice: it probably would be unwise to read an offline archived...

I'm now a contributing editor for TechNet Magazine . Everyone with a TechNet subscription automatically receives it; if you don't have one, you can still get the magazine free . The magazine's published three issues so far: Winter 2005 , Spring 2005 ...

Yesterday I mentioned that there's no substitute for doing your own testing of updates. I mentioned virtualization is your friend -- building a model of your environment using Virtual PC and Virtual Server will save you a lot of money and it's something...

Now that the furor has waned, I want to comment on MS05-051. For those of you who don't memorize bulletin numbers (I am part of that set; Susan Bradley , for example, isn't, hehe), this is the security update that fixed a number of vulnerabilities found...

Those of you who've seen me speak at various events know that I like to play my own music before the presentations begin. In industry parlance, this is called "walk-in music." My experience, though, is that many times the music they provide is better...

Have you seen this yet? " Grokster ruling begins the good fight " If you haven't, it's worth your time to read -- it's a terrible shibboleth for a U.S. "national firewall." Coursey is promoting the idea that all U.S. Internet access should pass through...

Microsoft UK has posted videos of various European events of the past year. Various speakers are featured, including Andreas Luther, Dennis Karlinsky, Eileen Brown, Graham Calladine, Jesper Johansson, John Craddock, Justin Alderson, Kalpit Jain, Kimberly...

So yesterday I received a rather interesting email. Subject: "INFOSEC Scholarships & Fellowships for PhD or MS + Free CISSP Exam Prep Events." Hm, I didn't know that "information security" suddenly became an all-caps acronym. How come no one asks...

Lousy security is all around us, and I'm not even thinking about airport security here (which, I admit, i love griping about). Here I have in mind lousy computer security. And lest you think I'm proceeding to engage in naval-gazing introspection, no ...

Well, after several months of griping (what else is new? hehe), Jesper's finally started a blog. And he's got some scathing criticism of how people commonly abuse audiences with PowerPoint. Good reading! Check him out at http://blogs.technet.com/jesper_johansson...

Several months ago I learned from Svyatoslav Pidgorny, Microsoft MVP for security, about a problem in 802.1X that makes it essentially useless for protecting wired networks from rogue machines. Initially I was a bit skeptical, but the attack he described...

Oh, I forgot to mention that we're planning some tools for the consumer book , too. The first will help you set yourself up as a least-privileged user. It would detect how you're running now, create an account for managing the system and running games...

Jesper and I are planning a second book. We've noticed a distinct dearth of useful, actionable, and non-scare-mongering computer security resources for home users. A few of the books we've seen are hopelessly bad, really. Either they rapidly forget their...

The dates for TechEd China have changed (venue issues), and I've added another city. Here's the updated list: Europe , in Amsterdam (4-8 July) Japan, in Yokohama (2-5 August) Asia , in Singapore (24-26 August) New Zealand , in Auckland (28-31 August...

So today (Thursday 21 July 2005) I flew from Seattle to Dallas for a customer meeting. Since it's a short one-day affair, I packed my small carry-on size suitcase. In it was a pair of shoes, one pants, one shorts, two shirts, a toiletry bag, and my collection...