October 2008 - Posts

Hacker arrested for Video Giving Tips for ATM Skimmers

It will be interesting how you see it. When I blogged on Suspended Jail for Hacking Tutorial in France , I got quite some negative feedback like “do you have nothing better to do than to go after these guys”, “why should it be illegal to publish such Read More...

Posted 31 October 08 03:11 by rhalbh | 2 Comments   
Filed under Cybercrime, Law Enforcement

Risk of Outsourcing (and Security Outsourcing)

I am often asked about the risks of outsourcing (we often talk about processes, legal risks (e.g. Data Protection), etc.) – the list is very long. Today I read an article which touches a completely different issue: It is all about the security processes Read More...

Posted 30 October 08 10:56 by rhalbh | 2 Comments   
Filed under Cybercrime, Policy, Processes, Incidents

Getting Ready for TechED EMEA

It is as so often, autumn is the time when all the big events are happening in EMEA. This week was RSA Europe (or I think still is) and next week I am looking forward to TechEd EMEA in Barcelona. So, I worked at RSA Europe on Monday and Tuesday on the Read More...

Posted 29 October 08 10:34 by rhalbh | 2 Comments   
Filed under Microsoft, TechEd EMEA

H1 OS Desktop Vulnerability Report – Get It Now

You might know Jeff Jones' work on the different vulnerability reports comparing different products and vendors. Our goal is to understand and measure our progress and see where we stand with regards to the industry. Today, Jeff release his OS Desktop Read More...

Posted 27 October 08 03:05 by rhalbh | 3 Comments   
Filed under Cybercrime, Trends, Microsoft, Incidents

More Details on the MS08-067 Vulnerability

Our security team just published an excellent post with a lot more details on the vulnerability we patched. You should definitely read it: http://blogs.technet.com/swi/archive/2008/10/23/More-detail-about-MS08-067.aspx Roger Read More...

Posted 23 October 08 08:13 by rhalbh | 1 Comments   
Filed under Incidents

MS08-067 Out of Band Released

This is just to inform you that we just released the announced out of band security update MS08-067 . Please read the bulletin carefully and then apply the update as soon as possible Roger Read More...

Posted 23 October 08 08:03 by rhalbh | 1 Comments   
Filed under Incidents

Out of Band Security Update to be Released

I guess you have seen this already but wanted to make sure that we are reaching you: We are planning to release an Out of Band Security Update today 10am Pacific Time (which is 18pm GMT). This update will affect all currently supported versions of Windows. Read More...

Posted 23 October 08 10:18 by rhalbh | 0 Comments   
Filed under Security, Microsoft, Incidents

“Stacked against hacks” in World Finance

I recently had the pleasure to be part of an article in World Finance called Stacked against hacks Visit the virtual version here and go to page 60 and 61 Roger Read More...

Posted 20 October 08 09:44 by rhalbh | 2 Comments   
Filed under Security, Trends

Microsoft Security Assessment Tool v4.0 available

I already blogged a few times on MSAT (the Microsoft Security Assessment Tool). We just released a new version for it, version 4. For those of you who do not know MSAT: MSAT is a free (stress: free) Risk Assessment Tool mainly targeted a Small and Medium Read More...

Posted 17 October 08 10:00 by rhalbh | 1 Comments   

Two Important Changes Today to Our Bulletin Process

Today is the day! At Blackhat in August we announced two significant changes to our bulletin release process and today it is the first time this actually kicks in. Just to recapitulate: What did we change? We introduced the Microsoft Active Protections Read More...

Posted 14 October 08 08:31 by rhalbh | 0 Comments   
Filed under Microsoft

Windows 7 is called Windows 7

Cool title, isn't it? And you really read this post? Well then: We announced yesterday at PDC that we now will name the next version of Windows as we code named it: Windows 7! So, you can read Mike Nash's blog post about that: http://windowsvistablog.com/blogs/windowsvista/archive/2008/10/13/introducing-windows-7.aspx Read More...

Posted 14 October 08 03:57 by rhalbh | 0 Comments   
Filed under Microsoft Products

Deploying IPsec Server and Domain Isolation using Windows Server 2008 Group Policy

As you know (at least I hope that you do) we introduced Network Access Protection with Windows Server 2008. Thomas Shinder now published an article on WindowsSecurity.com about how to implement NAP and IPSec and Domain Isolation via Group Policies. It Read More...

Posted 14 October 08 10:39 by rhalbh | 0 Comments   
Filed under Microsoft Products, Technology

User Account Control and What We Learned

It is still something, people love to blog about: User Account Control. It is one of the most discussed features in Windows Vista. Now, our engineering team published a blog about the learnings and a few things about what we are going to do in Windows Read More...

Posted 12 October 08 10:41 by rhalbh | 0 Comments   
Filed under Microsoft

Network Access Protection Design Guide

If you are looking into deploying Network Access Protection, have a look at the recently published Network Access Protection Design Guide Roger Read More...

Posted 10 October 08 08:02 by rhalbh | 0 Comments   
Filed under Security, Microsoft Products, Technology

Challenging the 10 Immutable Laws of Security

You probably know them: The 10 Immutable Laws of Security , we published I think around 2000 and they were often cited. They are: Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore Law #2: If a bad Read More...

Posted 10 October 08 07:49 by rhalbh | 0 Comments   
Filed under Security, Trends

Once Again: A Scam using Microsoft’s Name to Install Malware

It happens pretty often but this time it seems to be wider spread then normal as our traffic with regards to this issue is higher than usual: There is a mail circulating pretending that it is coming from Steve Lipner here at Microsoft telling you to install Read More...

Posted 10 October 08 07:01 by rhalbh | 0 Comments   
Filed under Cybercrime, Microsoft, Incidents

Estonia’s Cyber Security Strategy

Following the attacks on Estonia, they published a pretty interesting paper called Cyber Security Strategy by the Ministry of Defense in Estonia. One thing which I see again and again is that most of the people looking into such strategies conclude that Read More...

Posted 08 October 08 09:56 by rhalbh | 1 Comments   
Filed under Cybercrime, Trends, Policy, Critical Infrastructure Protection

SAFECode released „Fundamental Practices for Secure Software Development”

SAFECode just released a new paper called Fundamental Practices for Secure Software Development . This is a collaboration of different people from different companies (SAP, EMC, Symantec, Juniper, Nokia and Microsoft). As you probably know, SAFECode is Read More...

Posted 08 October 08 09:35 by rhalbh | 0 Comments   
Filed under Security, Trends, Microsoft, Processes

Version 3 of Windows Common Criteria Documentation Available

This is completely new but end of September we published the version 3 of the documentation on the Common Criteria certification for Windows XP SP2 and Windows Server 2003 R2 SP2. Read this in Tim Myer's Blog: Version 3.0 of Windows XP and Windows Server Read More...

Posted 08 October 08 06:09 by rhalbh | 0 Comments   
Filed under Microsoft Products

Some Thoughts on UAC

I blogged several times already on UAC as this has been (and partly still is) a very disputed security feature in Windows Vista (which I still support!). I just found today a not really new blog post on UAC, which I think is worth reading. It is from Read More...

Posted 06 October 08 11:27 by rhalbh | 0 Comments   
Filed under Security, Microsoft Products, Trends, Technology, Trustworthy Computing

Why I do not like e-voting (part 3)

It goes on and on and on: Read this one Judge Suppresses Report on Voting Machine Security Roger Read More...

Posted 05 October 08 01:24 by rhalbh | 0 Comments   
Filed under Security, Law Enforcement, Technology

Armored truck robber uses Craigslist to make getaway

This is really clever (sounds like Hollywood but it seems to be real): In a move that could be right out of a Hollywood movie, a brazen crook apparently used a Craigslist ad to hire a dozen unsuspecting decoys to help him make his getaway following a Read More...

Posted 05 October 08 01:17 by rhalbh | 0 Comments   
Filed under Law Enforcement, Incidents

Search

This Blog

• Home
• About
• Email

Tags

• Behaviour
• Cloud Computing
• Competition
• Consumer
• Critical Infrastructure Protection
• Cybercrime
• Events/Training
• Fun
• Incidents
• Industry Associations
• Interoperability
• Law Enforcement
• Microsoft
• Microsoft Products
• OpenSource
• Patch Management
• Piracy
• Policy
• Politics
• Privacy
• Processes
• Securing My Infrastructure
• Security
• TechEd EMEA
• TechEd-ITForum
• Technology
• Terrorism
• Trends
• Trustworthy Computing

Archives

• November 2009 (2)
• October 2009 (11)
• September 2009 (17)
• August 2009 (12)
• July 2009 (12)
• June 2009 (13)
• May 2009 (14)
• April 2009 (16)
• March 2009 (11)
• February 2009 (12)
• January 2009 (14)
• December 2008 (22)
• November 2008 (13)
• October 2008 (22)
• September 2008 (8)
• August 2008 (14)
• July 2008 (4)
• June 2008 (16)
• May 2008 (30)
• April 2008 (29)
• March 2008 (19)
• February 2008 (16)
• January 2008 (26)
• December 2007 (18)
• November 2007 (23)
• October 2007 (11)
• September 2007 (10)
• August 2007 (7)
• July 2007 (11)
• June 2007 (11)
• May 2007 (4)
• April 2007 (9)
• March 2007 (8)
• February 2007 (8)
• January 2007 (6)

Links to other blogs

• Roger's Blog on Security
• CSA Switzerland
• CSA Russia
• CSA Finland
• CSA Italy
• MS Security Response Center
• Microsoft Malware Portal
• Jeff Jone's Securiy Blog
• Security by Numbers
• Shoaib Yousuf
• ts/sci security
• Gerhard's Marktbeobachtungen

Syndication

• RSS 2.0
• Atom 1.0