January 2008 - Posts

Microsoft Windows CardSpace and the Identity Metasystem
A friend of mine (Ole Tom Seierstad, the Norwegian CSA) just published a very interesting article on Microsoft Windows CardSpace and the Identity Metasystem . So, have a look. Happy reading Roger Read More...
Posted 31 January 08 01:44 by rhalbh | 0 Comments   
Filed under ,
Securing My Infrastructure: Introduction (part 2)
Looking at Jacks comment to my initial post this morning ( Securing My Infrastructure: Introduction ) it seems that I have to give you some additional information: So let me start with the goal of this network: Basically I started to build it on one server Read More...
Posted 29 January 08 01:59 by rhalbh | 5 Comments   
Filed under , ,
LiveMessenger Trojan in the Wild
At the moment we are tracking a Trojan that is spreading through Messenger and AIM. It is called Win32/Pushbot.BD and you can find additional information on our Malware Protection Center . This just give me the opportunity to remind you that you definitely Read More...
Posted 29 January 08 09:11 by rhalbh | 1 Comments   
Filed under
Securing My Infrastructure: Introduction
As you probably know, some time ago, I asked for feedback and themes you are interested in. Some of you replied to me privately, some with comments and I would like to thank you for the constructive feedback. One of the inputs I got several times is that Read More...
Posted 29 January 08 09:05 by rhalbh | 5 Comments   
Filed under , ,
Usually our customer support is not THAT bad (taking 10 years to call back :-))
Microsoft Customer Service Calls Back 10 Years Later Roger Read More...
Posted 25 January 08 08:59 by rhalbh | 0 Comments   
Filed under
“Creative Capitalism” by Bill Gates
In Wall Street Journal there is a preview on Bill's speech today at World Economic Forum (they are actually flying over my house going to Davos – I hear them all the time J ). It is a pretty interesting reading on new ways how capitalism could work not Read More...
Posted 25 January 08 08:53 by rhalbh | 0 Comments   
Filed under ,
Was the plain crash caused by hackers?
If Al Qaida really has these capabilities, I am starting to get scared when I have to fly (which happens to me pretty often): There are reports that the plan crash last week could be caused by hackers attacking the plane before take-off in Beijing…. Al-Qaida Read More...
Posted 24 January 08 08:47 by rhalbh | 0 Comments   
Filed under ,
CERT’s Secure Coding Standards
Something that might be worth looking at: Carnegie Mellon's CERT just published two Secure Coding Standards: One for C++ and one for C . I had no chance to look into this and understand how this compares to our Writing Secure Code but it is definitely Read More...
Posted 24 January 08 08:44 by rhalbh | 0 Comments   
Filed under ,
Jeff’s Vista One-Year Vulnerability Report
Jeff released another report: He is looking back into one year of Windows Vista. We had the discussion about the value of vulnerability comparison and I do not want to open another discussion thread about that. But as long as we hear that our products Read More...
Posted 24 January 08 08:33 by rhalbh | 2 Comments   
Filed under ,
What can you do if you are a victim of e-crime?
I think that there is a very good example of how a platform could be offered for victims of cyber crime. There are often questions around: What are my rights? What can I do if something bad happens? Who is here to help?... www.e-victims-org offers answers Read More...
Posted 21 January 08 06:33 by rhalbh | 2 Comments   
Filed under , ,
What is more important: Security or Privacy?
This is basically a very interesting and pretty fundamental question for the society. After 9/11 the US changed the way they work significantly. Just as an example: Airlines had to give the US government information about passengers flying to the US that Read More...
Posted 17 January 08 08:40 by rhalbh | 3 Comments   
Filed under , , , ,
2-year old terrorist
Well, this is not new: Government agencies with insecure websites. Actually I did not want to blog on this (you find the article about an insecure TSA-website here ) but then I drilled into the comments and there is one that actually shocked me (well, Read More...
Posted 16 January 08 08:43 by rhalbh | 1 Comments   
Filed under ,
Investigating new public reports of Excel vulnerability
I guess, you have seen this but I just want to make sure: Vulnerability in Microsoft Excel Could Allow Remote Code Execution . I would like to quote two things: Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel Read More...
Posted 16 January 08 08:13 by rhalbh | 0 Comments   
Filed under ,
Oracle DBAs rarely install Patches
Wow, this is scary: A company called Sentrigo just published a study about how DBAs patch Oracle databases . Even though you could challenge their findings (they asked only 305 people) and therefore only shows half the truth, it is really scary (I quote): Read More...
Posted 15 January 08 08:43 by rhalbh | 1 Comments   
Filed under ,
Participate in the Windows Server 2008 Security Guide Beta program!
We just started the Beta program for the Windows Server 2008 Security Guide. So, if you plan to roll out Windows Server 2008 soon, participate and have a look at it: Here is the Technet Executive overview. To join the Beta program, click here . Roger Read More...
Posted 12 January 08 12:41 by rhalbh | 2 Comments   
Filed under ,
Hacker sent to jail
You remember my post on The Economy of Cyber-Crime ? One of my claims was, that you need to work with Law Enforcement in order to increase the cost for the criminals – and here we have one of the outcomes: Norcross hacker sent to prison I quote: William Read More...
Posted 12 January 08 12:11 by rhalbh | 0 Comments   
Filed under
Even the FBI has to pay the bills
No comment: FBI wiretaps dropped due to unpaid bills Roger Read More...
Posted 12 January 08 11:58 by rhalbh | 0 Comments   
Filed under
There it is – the security Silver bullet
I love that: There is finally software that is free of bugs and completely secure. Hmm, this kind of reminds me of the world-famous marketing campaign of a big software company which called itself "unbreakable". However, let's be fair: There is an article Read More...
Posted 12 January 08 11:43 by rhalbh | 1 Comments   
Filed under ,
Video about the future: Bill Gates’ last day at Microsoft
Watch this: http://video.msn.com/video.aspx?mkt=en-us&vid=be9075bb-df0a-41c9-8d86-7ded46627e26 If you want to see the whole CES keynote: http://istream.edgeboss.net/wmedia-live/istream/30743/750_istream-ces2008_080102.asx Roger Read More...
Posted 07 January 08 08:39 by rhalbh | 1 Comments   
Filed under
How to Phish yourself :-)
A guy in the UK wanted to prove that the loss of two CDs is not really serious and published his bank account details – and lost £500 to a charity J Clarkson stung after bank prank Roger Read More...
Posted 07 January 08 08:17 by rhalbh | 1 Comments   
Filed under
Hacking a Boeing 787
It seems that the new dreamliner has a serious security vulnerability: FAA: Boeing's New 787 May Be Vulnerable to Hacker Attack Roger Read More...
Posted 06 January 08 10:46 by rhalbh | 0 Comments   
Filed under ,
Extranet Collaboration Toolkit for SharePoint - Beta
Working together within different organizations and companies is always a big challenge. How can you work within different workspaces and share documents etc.? Usually you use E-Mail is the core infrastructure to share information. We just released a Read More...
Posted 06 January 08 09:41 by rhalbh | 0 Comments   
Filed under ,
You thought Worms are gone? Think again!
I am one of the security guys saying that the likelihood for us seeing events like Blaster or Slammer again is very, very low (this shall not be a "call to action" for the criminals…). I think that the measures the whole industry took as well as the increased Read More...
Posted 05 January 08 09:52 by rhalbh | 2 Comments   
Filed under , ,
Analysis of recent vulnerabilities
Michael Howard just wrote a post about recent vulnerabilities of third-party applications he looked into. This is pretty interesting as it shows certain challenges of current processes (e.g. what do you do with third-party software you rely on?): Recent Read More...
Posted 05 January 08 08:21 by rhalbh | 0 Comments   
Filed under , ,
IPSec Interop
Based on my post about IPSec, Steve Lamb posted about IPSec Interoperability and has an interesting follow-up link: How to implement IPSec between LINUX and Windows Vista: Why use IPSec network security? Roger Read More...
Posted 01 January 08 04:51 by rhalbh | 0 Comments   
Filed under ,
I could not resist...
... on the one hand to wish you all a Happy New Year - but on the other hand: This is the view I had this morning during breakfast - immediately before I got ready to get on the skis :-) Have a good time Roger Read More...
Posted 01 January 08 04:29 by rhalbh | 1 Comments   
Filed under

Search

This Blog

Chat directly with me if you want. Go to my About page to find a web messenger!

Visit ourPhoto Gallery

Locations of visitors to this page

Rogers Security Blog at Blogged Add to Technorati Favorites

Syndication

Page view tracker