April 2008 - Posts

Public Testing for Office
Are you working on Office System 2007? Ever looked for a command, you knew in 2003 exactly where it is but you were unable to locate it? Well, do not get me wrong: Since I am used to the Ribbon, I love it – really. And my wife is all of a sudden able Read More...
Posted 30 April 08 09:09 by rhalbh | 2 Comments   
Filed under
The recent IIS Attacks
There has been a lot of discussions in different blogs on the attacks on IIS servers. Microsoft Security Response Center has publised a post on it: Questions about Web Server Attacks Roger Read More...
Posted 29 April 08 10:04 by rhalbh | 0 Comments   
Filed under ,
Securing your Web Browser
Cert.org published guidance on how to secure your browser. Here you would find them if you are interested: Securing Your Web Browser I am just not clear, how the browsing experience for my mom and dad would be… Roger Read More...
Posted 29 April 08 09:56 by rhalbh | 0 Comments   
Filed under ,
Best Practices for Microsoft PKI & Certificate Management
You might know Brian Komar. He wrote numerous books on PKI and Certificate Management and he is a well-known speaker at quite some events like TechEd and IT Forum. Now, nCipher organized a Webimar on Best Practices for Microsoft PKI & Certificate Read More...
Posted 29 April 08 09:19 by rhalbh | 0 Comments   
Filed under , , ,
Blogging on MOSS 2007 (SharePoint)
As you probably realized, I stopped the series "How I secure my Infrastructure" as the hit rate on the corresponding posts have been pretty low. However, if I have something which I think is interesting and/or cool, I will still add a post. This one has Read More...
Posted 29 April 08 02:17 by rhalbh | 1 Comments   
Filed under
How to use a Cellphone
:-) Roger Read More...
Posted 28 April 08 09:24 by rhalbh | 0 Comments   
Filed under
Security Updates and Exploits
As you may know, we announced version four of the Microsoft Security Intelligence Report earlier this week. Amongst the many interesting findings is data which relates to software vulnerability exploits. I wanted to highlight these as Shoaib, one of my Read More...
Posted 25 April 08 12:01 by rhalbh | 5 Comments   
Filed under , , ,
Security Pros ignoring their own message
As you probably know: I am Swiss. We have a saying in Switzerland (I do not know whether something like this exists in English as well) that the kids of the shoemaker always have the worst shoes… So, what about the security professionals? No, I am not Read More...
Posted 25 April 08 09:17 by rhalbh | 0 Comments   
Filed under , ,
Our Malicious Software Removal Tool and Storm
There is an interesting article on the value of the Malicious Software Removal Tool (MSRT – the tool we release monthly to clean PCs) and the fight against storm. It gives you some insight how our Malware Protection Center works and what they did against Read More...
Posted 24 April 08 02:28 by rhalbh | 0 Comments   
Filed under ,
Infosec: Security community must work together
Ed Gibson, our CSA in the UK had an interview during Infosec with VNunet. He made some interesting statements: We have a good set of laws in place and they have teeth. But the police have priorities and budgets set by the Home Office and Any one of you Read More...
Posted 24 April 08 02:22 by rhalbh | 0 Comments   
Filed under , ,
Technology to Circumvent Censorship (Part 2)
Back in March I blogged on a Technology to Circumvent Censorship . I actually expected some dialogue on this but today somebody posted an interesting comment, I think is worth reading. Just click the link above and look at the second comment Roger Read More...
Posted 24 April 08 01:56 by rhalbh | 0 Comments   
Filed under ,
Security Intelligence Report v4 – Live and Ready to be Read
As you (hopefully) know, we publish a Security Intelligence Report every 6 month and today we just released version 4. Let me give you some key findings before you go and read it J Basically the intent of the report is, to provide a comprehensive overview Read More...
Posted 22 April 08 12:13 by rhalbh | 1 Comments   
Filed under , ,
0-Day-Patch – An new Metric for Security?
The Federal Institute of Technology in Zurich released a study at Blackhat, which is definitely worth looking into. Now, let's be serious: They looked at a metric they call 0-Day-Patch being the number of patches a vendor is able to release at the day Read More...
Posted 18 April 08 09:51 by rhalbh | 2 Comments   
Filed under , , ,
The ideal profile of a CSO
I was in Bratislava this week for an IDC Conference. During these kind of events I often talk to the press as well. Additionally I had this time the opportunity to talk to a pretty well-known blogger in Slovakia called Jozef Vyskoč . You may have a look Read More...
Posted 18 April 08 07:00 by rhalbh | 2 Comments   
Filed under ,
SDL and End to End Trust
Last week we published – as you hopefully know – our "End to End Trust" whitepaper. If not, please read my blog post on it J Now, Eric Bidstrup just commented on End to End Trust in the light of the Security Development Lifecycle (or better: the other Read More...
Posted 17 April 08 02:48 by rhalbh | 1 Comments   
Filed under , ,
Hacking Back?
Pretty often there is a discussion how far it is allowed to hack back. I was just reading an interesting post called Hackers Could Become The Hacked? which I wanted to share with you Roger Read More...
Posted 16 April 08 09:50 by rhalbh | 0 Comments   
Filed under ,
Office Binary Formats on the Web
I just wanted to make you aware that we put the Office Binary Formats on the web. We did this for interoperability reasons but often this can be very useful for forensics as well: Microsoft Office Binary (doc, xls, ppt) File Formats Roger Read More...
Posted 15 April 08 07:32 by rhalbh | 0 Comments   
Filed under ,
How long does it take to hack a Power Plant?
I start to get scared – more and more. Back in September I blogged on Critical Infrastructure Protection – Live which shows what would happen if somebody would be able to tamper with power generators. Now, during RSA there was a guy called Ira Winkler Read More...
Posted 14 April 08 09:19 by rhalbh | 1 Comments   
Filed under , ,
“The Security Business has no Future” (Quote by IBM)
This is actually an interesting statement. If you had ever to deal with the press you know how these headlines are composed. It might be that the person actually made the sentence in this way – the question is whether he meant it so absolute. Nevertheless, Read More...
Posted 14 April 08 08:52 by rhalbh | 1 Comments   
Filed under ,
Forefront Codename “Stirling” Beta ready for Download
I had the opportunity to see the Beta of our next generation of Forefront environment the first time last week and I think that it rocks. Have a look yourself and/or download the beta: http://www.microsoft.com/forefront/stirling/en/us/default.aspx Roge Read More...
Posted 09 April 08 04:08 by rhalbh | 0 Comments   
Filed under
End-To-End Trust: We want your Feedback
You probably saw my blog post on End-To-End Trust last week. This week at RSA Craig Mundie, Microsoft's Chief Research and Strategy Officer, talked about our ideas and views on this topic. In parallel, we announced the availability of a Whitepaper on Read More...
Posted 08 April 08 07:10 by rhalbh | 2 Comments   
Filed under
Building a faster Internet
Does not solve any of the security problems (challenges?) but it sounds promising anyway Building A Faster Internet Roger Read More...
Posted 05 April 08 10:14 by rhalbh | 0 Comments   
Filed under
Security Compliance Management – Beta Available
Compliance is the theme of the day at the moment. We often even see the Security Officers starting to report to the head of compliance. So, if you are interested in this, we just launched the Security Compliance Management Beta for you to download. I Read More...
Posted 04 April 08 08:36 by rhalbh | 1 Comments   
Filed under
Where next? – Watch out for RSA
We are six years into Trustworthy Computing (TwC). When we launched it, we said a number of things: "It is a 10-year vision". Well, that's something we have had to update. As long as there are criminals out there using the Internet to steal, Trustworthy Read More...
Posted 03 April 08 05:13 by rhalbh | 0 Comments   
Filed under , ,
Security Risks of VoIP
Internet Telephony Has Security Problems : This was an interesting read this morning for different reasons: First of all, it is not surprising (even if we would not have known the problems it would have to be expected). I liked the statement: The goal Read More...
Posted 03 April 08 08:42 by rhalbh | 0 Comments   
Filed under ,
How to do security in Development
Michael Howard just pointed us to a resource that could be interesting for you as well – it was new to me at least J We have a set of short videos (3-10 min.) on how to address some security challenges in development: "How Do I?" Videos for Security And Read More...
Posted 02 April 08 04:09 by rhalbh | 0 Comments   
Filed under ,
All the Vista SP1 Features where you have time to read them :-)
I just found this blog post: In Japan there is toilet paper with all the Vista SP1 features on it…. At least, there you have time to read Windows Vista SP1 Toilet Paper - It's really available now Roger Read More...
Posted 02 April 08 10:18 by rhalbh | 0 Comments   
Filed under
Microsoft Diagnostics and Recovery Toolset
Well, we call it simply DaRT. You know the feeling: A machine does not boot anymore, crashed, has a virus you cannot clean with the OS in a running state or any of the other nightmare scenarios in daily operations of computers. Since quite some time there Read More...
Posted 02 April 08 07:37 by rhalbh | 10 Comments   
Filed under
The Death of the DMZ = The Death of the Castle
Since quite some time we are talking about the "Death of the DMZ". This seems a little bit provocative but I am convinced that it is coming very closer to the truth. Do not get me wrong: I do not think that you should replace your firewall with routers Read More...
Posted 01 April 08 01:10 by rhalbh | 0 Comments   
Filed under ,

Search

This Blog

Chat directly with me if you want. Go to my About page to find a web messenger!

Visit ourPhoto Gallery

Locations of visitors to this page

Rogers Security Blog at Blogged Add to Technorati Favorites

Syndication

Page view tracker