April 2007 - Posts

Analysis of ANI vulnerability
Michael Howard did a very good analysis of the ANI vulnerability and showed what we learned and where we will improve SDL (the Security Development Lifecycle). He posted that on our new SDL bog: http://blogs.msdn.com/sdl/archive/2007/04/26/lessons-learned-from-the-animated-cursor-security-bug.aspx Read More...
Posted 27 April 07 09:18 by rhalbh | 0 Comments   
Filed under ,
Three Microsoft Announcements
Last night Vinny Gullotto made some significant announcements at RSA Japan. At least for us they are significant: We published the second Security Intelligence Report. Now, you might ask, we this is significant. Think about the data sources, we build Read More...
Posted 25 April 07 09:08 by rhalbh | 5 Comments   
Filed under , ,
Risks in Online Calendar Sharing
Do you know that scenario: My wife would like to fix a meeting and should have access to my calendar. I am not available, therefore she cannot just call me but - again - she should see my availability. Not uncommon, isn't it? A typical solution for this: Read More...
Posted 25 April 07 10:25 by rhalbh | 0 Comments   
Filed under ,
Yet another UAC discussion
If I would have to nominate the number one feature of Windows Vista, it would be UAC. Not because I think that it is the most important feature (it is one important feature among a lot of others) but because UAC caused an unbelievable amount of press. Read More...
Posted 23 April 07 11:46 by rhalbh | 1 Comments   
Filed under ,
Protecting your disk with biometric devices?
As you (hopefully) know, Windows Vista ships with a component we call Bitlocker - at least some of the Windows Vista versions do. Now, Bitlocker can be run with different way of protecting your keys: a TPM chip (basically a smartcard on your motherboard), Read More...
Posted 23 April 07 12:41 by rhalbh | 3 Comments   
Filed under , , ,
Haven't we seen this already? Disgusting!
Remember the days back when Katrina hit New Orleans? The tragedy was still going on and the first phishers started to launch an attack - disgusting. Guess what is happening now with the Virginia Tech shooting? There were now sites registered carrying Read More...
Posted 19 April 07 12:06 by rhalbh | 0 Comments   
Filed under
Trustworthy Computing is an Industry Initiative
Remember the early days of Trustworthy Computing? 2002 I started to give keynotes about TwC - as we call it - and told the "world" about what we think should be done in the industry in order to regain trust. I usually compared it with the power network: Read More...
Posted 13 April 07 08:16 by rhalbh | 0 Comments   
Filed under ,
Mapping the Malicious Sites on the Web
McAfee SiteAdvisor did an interesting study about the number of malicious sites per domain on the web: http://www.siteadvisor.com/studies/map_malweb_mar2007.html They have an interactive map that helps you to get an overview of the different threats per Read More...
Posted 13 April 07 08:13 by rhalbh | 1 Comments   
Filed under ,
An E-Mail-Bot Analysis
Well, we all know that we shall not click on links in mails and stuff like that. Marc Russinovich did an interesting analysis of a pretty simple bot: http://blogs.technet.com/markrussinovich/archive/2007/04/09/741440.aspx What I like as well is that is Read More...
Posted 10 April 07 03:08 by rhalbh | 0 Comments   
Filed under ,

Search

This Blog

Chat directly with me if you want. Go to my About page to find a web messenger!

Visit ourPhoto Gallery

Locations of visitors to this page

Rogers Security Blog at Blogged Add to Technorati Favorites

Syndication

Page view tracker