Steve Lamb's Blog

Security Matters

Browse by Tags

Related Posts
  • Blog Post: Become a Security Insider! Join the most exciting security community in the World!

    I'm the lead Technical Security Advisor for Microsoft's ITPro community in the UK. My role involves evangelising the our security technologies(most of which are built into Windows) to help ITPros deliver real world business benefits - reducing costs by enabling businesses to do more with less risk. Every...
  • Blog Post: News from the consumer awareness campaign - GetSafeOnline

    We've been evangelising to the good people of Birmingham today - local radio, the main library, the BullRing shopping centre, the University and the Town Hall. We met the Major and showed in the demonstrations and material we're using around the City. It's been a very busy day but a great deal of...
  • Blog Post: Information is NOT Power. Effective Security enables Powerful decisions

    Information is NOT Power. Timely access to accurate information can give the holder the ability to make powerful decisions. Effective Information Technology can enable the required flow of information. Inappropriate Information Security Policues, Processes, application of controls and lack of awareness...
  • Blog Post: Are ITPROs in the UK familiar with the Term "BlackHat"?

    I'm sure you're probably familiar with the term ITPro but just incase you're not then it means people who are paid for Technical work on Information systems. Is the term "BlackHat" familiar to ITPros in the UK? Please hit the "Feedback" button for this post and let me know what you think. Thanks Steve
  • Blog Post: How we at Microsoft Secure our own infrastructure

    Ever wondered how we secure our own infrastructure? The ITShowCase website provides IT Professionals with the low down on how we develop, deploy and manage our enterprise technology solutions. The site contains both business decision maker suitable content and highly technical implementation detail....
  • Blog Post: Why isn't the Firefox code signed?

    I'm having a look @ Firefox and have noticed that the code is not signed and therefore it's theoretically possible for a trojan to have been inserted in it.
  • Blog Post: Here are some great Cheat Sheets and here is why I love the term "Ego Surfing" and what on Earth is Technorati anyway

    I've just been reading KC's blog post about Cheat sheets - it's well worth a look as the site he links to contains summaries of all kinds of useful information - the list is almost endless - well worth a look. I've heard the term "Ego Surfing" many times recently and for those of you who many not...
  • Blog Post: How to think like a hacker - Scott Culp's 10 Immutable Laws of Security

    Back in the year 2000 Scott Culp published a paper outlining the 10 Immutable Laws of Security . I've restated them here to be concise but strongly encourage you to read the original article as it develops each law to discuss each in turn. If you're new to information security and would like to put everything...
  • Blog Post: Microsoft IT Attack and Penetration Testing Team

    The Microsoft® IT Showcase website includes a new article detailing our approach to assessing the security compliance of our internal systems. Techniques and methodologies are discussed to limit the points of exposure whilst addressing the unique management challenges posed by the Attack and Penetration...
  • Blog Post: Blog Spam / Phishing / Harvesting

    Many Blogs are receiving feedback with links to the following URL - DO NOT FOLLOW THIS LINK(that's why I've left off the http:// prefix) "cool12xp.s20.xrea.com". Typical entries have the title of "Great article" with text along the following lines: "Great Site! Keep it up!Great site,keep it up, thanks...
  • Blog Post: Should children be encouraged to secure their family's PCs?

    I met a diverse group of people earlier today and one of the interesting debates that we touched upon was - "Should Children be encouraged to secure their family's PC(s)". In my experience there seem to be two schools of thought: - firstly that generally speaking Children are far more able to secure...
  • Blog Post: Free MIIS technical event which includes practical demonstrations - this is not a sales event

    Come and spend a day with Microsoft and partner Identity Management experts who will demonstrate how to deal with user administration, security, compliance, directory services, single sign on, password management, and self service. There will be sessions from Microsoft as well as some of its Identity...
  • Blog Post: What would you like to know about PKI?

    Like many of you I've heard all the stories about how PKI (Public Key Infrastructure) "will save the day" for all our security concerns - this message was pushed particularly hard four to five years ago. PKI is a component of infrastructure which makes things like secure email (S/MIME), secure browsing...
  • Blog Post: What should a User Group be? A New Information Security User Group is taking form

    Many people at InfoSec expressed great interest in joining a new User Group that's focused 100% on Microsoft Information Security - it's being run by MVPs (Most Valuable Professionals). We discussed the essence of the various different successful User Groups including the following: VBUG (a...
  • Blog Post: How Microsoft secure our own systems - ITShowCase

    Another resource I've mentioned when presenting @ TechNet events is ITShowCase - the following URL is the home of a wealth of information (including "how to" build guides) written by our internal technical administrators and architects when building and securing our infrastructure: http://www.microsoft...
  • Blog Post: Load Balancing a Rights Management Server Cluster using Network Load Balancing

    The Microsoft® IT Showcase website is a great resource for learning how we secure our environment at Microsoft. MicrosoftIT provide a managed highly available Information Rights Management (IRM) solution for employees use worldwide. A new article has been posted on the ITShowcase website at the following...
  • Blog Post: How to give GoogleLove(or MSNLove!) to interesting sites without killing them

    The following comments are all IMHO not those of Microsoft.......blah blah blah.... you get the idea! As readers will be aware, I recently linked to content on a third party site. My intent was to advocate the author's content to my followers(both of them!) as in my view it was worthy of attention. Unfortunately...
  • Blog Post: Threats Vulnerabilities and Exploits to mobile phones, PDAs, mobile devices and cars as discussed in a report published this week by IBM Security Intelligence Services

    I've just read the summary to an IBM Report which discusses the perceived risk of security problems on mobile devices and even cars akin to those suffered by Personal Computer users today. This is something I've been thinking of writing about for some time - reading the report has finally given me the...
  • Blog Post: What are the privacy implications of Moblogs?

    It's only a matter of time before Moblogs hit the mainstream. Clearly this is something the mobile operators will encourage and so many people have camera phones & love sharing pictures. Moblogs are likely to be seen as requiring less effort than text oriented Blogs. The thing is that sharing pictures...
  • Blog Post: Poetic Justic - the Register advocates XP SP2

    http://www.theregister.co.uk/2004/11/21/register_adserver_attack/ I'm not saying that it's good that anyone's been hacked, simply that publicity to get people to install XP SP2 is a good thing.
  • Blog Post: Is there a cool alternative to the iPod?

    Clearly there's massive competition in this space. I was about to ask you what devices you think come close or even exceed the coolness of the classic iPod. I have a friend(Tony Krijnen) sat next to me who's watching me type this post - as a result of the last couple of lines he handed me his Samsung...
  • Blog Post: What feedback would you like to give Microsoft Product Groups on Security

    I'm working in Redmond(Seattle) this week - I flew over from the UK last night. I'm working with the product groups for the entire week and am keen to give your feedback regarding security functionality of our products(Windows, Office, Security Business Unit) to the management, technical and product...
  • Blog Post: Why do most firewalls only inspect packet headers?

    The vast majority of firewalls on the market don't inspect the payload of packets - instead they attempt to make decisions based on source address, destination address and the port of the traffic. Historically many people took the port to be a statement of intent (i.e. port 80 = HTTP) and hence firewalls...
  • Blog Post: What Security topics would you like me to BlogCast about?

    Eileen Brown has just posted an interesting article on her Blog which explains a new technique we're going to use to share snippits of content as she explains in the following extract of her post: " Sometimes there just isn't time to view a whole Webcast, when all you want to do is learn something specific...
  • Blog Post: Join us on 29th Nov to find out in Plain English AND deep technical HOW PKI works

    Many of you have asked me questions about Public Key Infrastructure with regard to it's use for securing web transactions (SSL), wireless (PEAP & EAL-TLS), email (S/MIME) and Rights Management. Prior to joining Microsoft I was a security consultant for many years during which time I designed and...