By Jacqueline Beauchere, director, Trustworthy Computing
This year was an exciting one for online safety at Microsoft. We continued our long-standing commitment to individuals and families by offering tools and guidance they need online – everything from new products such as Windows 8 with enhanced parental controls; to our continued collaboration with groups like the Family Online Safety Institute and the National Cyber Security Alliance (NCSA). We acknowledged support of The United States’ and the European Union’s Joint Declaration to help reduce the risks and maximize the Internet’s benefits for young people. The increased focus on global online safety led to my appointment as Microsoft’s first Chief Safety Officer, a role that I will formally assume in March 2013.
So, it’s fitting that to cap 2012, we are releasing our first “Year in Online Safety” report, a 10-page paper that describes our initiatives, projects, and programs that help create safer, more trusted computing experiences. We’ve also highlighted what we think are some of the most important trends in online safety, and where they may be headed next year.
By Tim Rains, director, Trustworthy Computing
Almost every CISO or executive with security related responsibilities that I have talked to over the past couple of years has expressed interest in learning how to improve their security posture to better mitigate the risks posed by “APT” (Advanced Persistent Threats) style attacks. At Microsoft we don’t use the term APT because these attacks are typically based on old, well understood tactics and technologies, i.e. they aren’t really “advanced.”For example, one thing these attackers typically try to do is steal user names and passwords from networks they compromise so that they can get access to more resources and stay on the network undetected for as long as possible. One type of attack they use as a matter of course is called “pass-the-hash.” This involves stealing the hashed version (a one-way mathematical representation) of user names and passwords from a compromised network and using those credentials to obtain access to network resources and data. There has been a considerable amount of research and tool development in this area over the years that has made it easier for attackers to perform pass-the-hash and other credential theft and reuse attacks.
By David Bills, chief reliability strategist, MicrosoftIn a recent post on GigaOM, Katie Fehrenbacher summarized Microsoft’s plans for a biogas-fed data center research project in Wyoming. As I reflected on the points in Katie’s article, as well as the detailed description of the project written by Microsoft’s program manager Sean James, I began pondering the reliability-related implications of effectively reducing the reliance large-scale data centers have on the electrical grid. In view of the recent challenges many data center operators faced in the aftermath of Hurricane Sandy, I think research and development projects like this one are essential. From a reliability perspective, the notion of highly-localized, cost-effective, abundant and most importantly, dependable energy sources being closely coupled to energy consumers, (like data centers), and decoupled from monolithic, complex, (and arguably unreliable), systems like the grid makes a lot of sense. In addition, the economic benefits and environmental benefits are described in the referenced article, and I encourage the reader to take a look.
Posted by Adrienne Hall, General Manager, Trustworthy Computing, Microsoft
Today I did some color-blocking. This means I put on an outfit with two colors – black and navy, interspersed from head to toe. In doing so, I was updating my look and getting a little more modern as a result! With technology, there’s always something new and interesting to modernize the ways we live our lives. It might be a new phone (I picked the Windows 8 HTC), or it may be Skype-coaching my mother who is absolutely enamored with the product uttering, “I see you, I see you!” each time the session engages and was most intrigued by the ability to talk and text at the same time. As technology continues to evolve and influence our digital lifestyles, we must be ready to adapt and respond to both enjoy the potential of new things and understand how to use them safely. The topic of online safety is one we’ve been investing in for years, yet there’s always something that comes along prompting new learning and information.
By Jeff Jones, director, Trustworthy ComputingWhen the winds and waves of Hurricane Sandy bore down ferociously on New York City, Microsoft partner WorkITsafe helped two customers upgrade to the Windows Server 2012 operating system with the new built-in Hyper-V Replica feature. As a result, their IT systems experienced minimal interruption as the hurricane flooded the surrounding area and required employees to hunker down at home. In this blog post, WorkITsafe President Steve Rubin tells how Windows Server 2012 protected his customers’ businesses—and has the potential to protect many more.
Posted by Kim Sanchez, director, Trustworthy Computing Communications, Microsoft
On average, adults in the U.S. have experienced at least eight different types of online scams. According to the Microsoft Scam Defense Survey, individuals are most vulnerable to risks such as fraudulent and malicious links, online identity theft, and the loss of sensitive personal information. Deceptive tactics are becoming even more effective at tricking even the most aware. For example, rogue security software often disguises itself as virus alerts, displaying fake warnings with the intent to confuse unfamiliar users. Consumers can learn to become more savvy when it comes to identifying these scam attempts by using the new Real vs. Rogue Facebook app from Microsoft. This app features an interactive quiz that uses actual scam screen images to walk people through a number of security scenarios, and helps them learn to tell if a security warning is from real antivirus software or from rogue security software.Sixty two percent of adults doubt they will ever fall victim to an online ruse, yet only 12 percent said they feel fully protected. As part of shoring up defenses against online fraud, the Real vs. Rogue Facebook app can help people learn to think twice before clicking on a security warning.