I've recently written an article for November/December's TechNet Magazine which looks in detail at how to secure both your web server and transactions between it and your customer's browser(s). It's pretty technical and is approximately two and a half thousand words. I show you step by step how to...

<I've edited this post to add a link to the pictures together with the following image> Thank you to everyone I met at Royal Holloway from the MSc in Computer Security (distance learning) course. I can honestly say I rarely get to meet to many interesting people in a single room. I thoroughly...

Just browse to a recent article on Brian Krebs' "Security Fix" column to read all about Phishers who appear to be donating to the relief effort using the credit card details of their victims!

Shawn posted an interesting article along these lines which is accessible here Browse to http://www.microsoft.com/msa to download free blueprint guidance for building a wide range of data centre scenarios. MSA stands for Microsoft Systems Architecture, just to keep you on your toes the name has recently...

Matthew Fisher has written written an interesting article for the Industry Insider's blog which is hosted on TechNet. We're getting quite a few submissions from people like Matt who have best practise advise for you based on their practical experience. If you have something you'd like to share then browse...

How do you compare and make sense of the security vulnerability announcements from different vendors? Jeff Jones's short article looks into the way Redhat, Novell Suse and Microsoft announce vulnerabilities in their software and suggests how to ensure your software is up to date. The article is available...

Rhys Wilkins recently made me aware of an article which advises several good practises in making sure your code isn't susceptable to SQL Injection attacks. The first prosecution (that I've heard of) was way back in 1996! The article is located here . It's amazing just how many public websites include...

RIPA is an acronym for The Regulation of Investigatory Powers Act 2000 which is a piece of UK legislation governing the right of the authorities to recover information from UK organisations as required for investigations. I am not a legal expert, make no claims to be, and therefore I suggest you consult...

Another resource I've mentioned when presenting @ TechNet events is ITShowCase - the following URL is the home of a wealth of information (including "how to" build guides) written by our internal technical administrators and architects when building and securing our infrastructure: http://www.microsoft...

I've spoken at a number of TechNet events recently at which I've mentioned the DTI report as a useful source of UK metrics for security breaches and risks. The latest report(released in 2004) is located at the following URL. http://www.infosec.co.uk/page.cfm?HyperLink=http://www.infosec.co.uk/files/DTI_Survey_Report...

Bruce's recent article has started a great deal of debate. Clearly the implications for the way cryptographic signatures are relied upon more and more come into question. IMHO the sky's not about to fall down but certainly it's sensible for all software authors(Microsoft included) to think how their...

I've just read the summary to an IBM Report which discusses the perceived risk of security problems on mobile devices and even cars akin to those suffered by Personal Computer users today. This is something I've been thinking of writing about for some time - reading the report has finally given me the...

I've seen sessions @ security events which claim to "Break SSL in Internet Explorer" & recently received an email along the same lines (listed after the next couple of paragraphs starting "Subject"). The "Padlock" is part of Internet Explorer as shipped in Windows. It signifies that an SSL connection...

Robert's talking to a whole bunch of folk who want to blog but are terrified! I find Blogging's a little like a first date - pretty scary ahead of time, generally lots of fun when you stop worring and get on with it - of course that's not the case with all first dates!!!!! I am staggered by the following...

Larry Osterman's posted a really interesting article explaining how Threat Modelling helps his team improve the security of the code they develop. As Larry goes on to explain the technique's not new, nor is it rocket science and yet it's often under utilised in development houses. Part of Microsoft's...

Back in the year 2000 Scott Culp published a paper outlining the 10 Immutable Laws of Security . I've restated them here to be concise but strongly encourage you to read the original article as it develops each law to discuss each in turn. If you're new to information security and would like to put everything...

The ITConversations website contains some very interesting broadcasts from eminent security speakers. The top level site includes a vast range of topics. The site includes the tag line of "Listener-supported audio programs, interviews and important events" which sums the content up nicely.

Paul Thurrot has posted an article which includes comments following an "interview with Giant co-founder Andrew Newman just days before his company was purchased by Microsoft". The article is well worth a read - here are a couple of excerpts: " We decided to leverage the power of community and create...

"Microsoft plans to make available to Windows customers a beta version of a spyware protection, detection and removal tool, based on the GIANT AntiSpyware product, within one month. The upcoming beta will scan a customer's PC to locate spyware and other deceptive software threats and enable customers...

Keith Brown has published a very interesting guide to Windows Security - the twist is that it's available both as a convential book and here as a wiki. For those of you who are not familiar with the concept of a Wiki there's a good defn & explaination here . The book covers a wide range of topics...

John Howard's just posted an article advertising the event which will take place in Birmingham. Speakers will include Eileen Brown , John , and myself. I've copied the following from John's article: Free Technet IT Forum Highlights all-day event in Birmingham on Jan 13th. The registration site for the...

The Microsoft® IT Showcase website includes a new article detailing our approach to assessing the security compliance of our internal systems. Techniques and methodologies are discussed to limit the points of exposure whilst addressing the unique management challenges posed by the Attack and Penetration...

The vast majority of firewalls on the market don't inspect the payload of packets - instead they attempt to make decisions based on source address, destination address and the port of the traffic. Historically many people took the port to be a statement of intent (i.e. port 80 = HTTP) and hence firewalls...

The Microsoft® IT Showcase website is a great resource for learning how we secure our environment at Microsoft. MicrosoftIT provide a managed highly available Information Rights Management (IRM) solution for employees use worldwide. A new article has been posted on the ITShowcase website at the following...

Ever wondered how we secure our own infrastructure? The ITShowCase website provides IT Professionals with the low down on how we develop, deploy and manage our enterprise technology solutions. The site contains both business decision maker suitable content and highly technical implementation detail....