Browse by Tags

All Tags » Incidents » Processes   (RSS)
You deployed MS09-008 – are you now protected?
You might have seen several reports that MS09-008 does not protect you from the vulnerabilities. We reviewed these claims and customers who have deployed MS09-008 are protected from the four vulnerabilities. If you want to have the details, you should Read More...
Posted 14 March 09 04:18 by rhalbh | 3 Comments   
Filed under , , ,
Would a properly managed IT have withstood Conficker?
Before I start here: Let’s be clear that I will not say (and will never say) that if a customer was infected with Conficker he had a poorly managed network! I had a lot of discussions over the course of time about the reasons for customers being infected. Read More...
Posted 04 March 09 03:37 by rhalbh | 1 Comments   
Filed under , , , ,
Conficker and Microsoft Anti-Malware Software
I want to add a few things as it is still not over: More and more enterprises are still hit. My last blog post showed you what you can do but I wanted to add two resources and a comment. The comment first: There were some discussions about our Anti-Malware Read More...
Posted 14 January 09 07:46 by rhalbh | 2 Comments   
Filed under , ,
Russian Roulette with your Network
First of all, before I really start, I hope that you all had a great start in 2009. Mine was actually pretty mixed. The good side was, how my year really started and what I saw when I looked out the window at January 1st (yes, I was on vacation skiing Read More...
Posted 04 January 09 01:17 by rhalbh | 17 Comments   
Filed under , , , ,
SQL Injection – again?
This week I had – again – a longer mail thread on SQL Injection attacks. Probably it caught me at the wrong moment, as it was a very long week preparing for the IE Out of Band making sure everybody knows what they have to do. And then… I was actually Read More...
Posted 22 December 08 01:04 by rhalbh | 1 Comments   
Filed under , ,
Security Risks in the Supply Chain?
At the moment I am travelling through the Gulf in order to launch the Security Intelligence Report v5 with local data. During one of the discussions today, a question was raised which I was thinking about quite some while (but – honestly - do not have Read More...
Posted 24 November 08 04:40 by rhalbh | 3 Comments   
Filed under , , , ,
Risk of Outsourcing (and Security Outsourcing)
I am often asked about the risks of outsourcing (we often talk about processes, legal risks (e.g. Data Protection), etc.) – the list is very long. Today I read an article which touches a completely different issue: It is all about the security processes Read More...
Posted 30 October 08 10:56 by rhalbh | 2 Comments   
Filed under , , ,
Security through Collaboration
If you ever heard me keynote an event you know that one of the key messages I have is, that partnerships are necessary in order to be able to protect against today's threats. At Black Hat USA we just announced a new program called Microsoft Active Protections Read More...
Posted 06 August 08 04:35 by rhalbh | 0 Comments   
Filed under , , , ,
New Information on SQL Injection Attacks
I just wanted to make sure that you have seen the Advisory ( Rise in SQL Injection Attacks Exploiting Unverified User Data Input ) where we added some additional information. This is especially important as we did not "only" publish guidance but tools Read More...
Posted 24 June 08 10:38 by rhalbh | 0 Comments   
Filed under , ,
The latest SQL Injection Attacks
Well, there was quite some chatter over the last few weeks with regards to the massive defacements we saw based on SQL Injection Attacks. So, what was really new? Close to nothing. Well, this is not completely true. The new thing we have seen with these Read More...
Posted 30 May 08 09:39 by rhalbh | 1 Comments   
Filed under , , ,
0-Day-Patch – An new Metric for Security?
The Federal Institute of Technology in Zurich released a study at Blackhat, which is definitely worth looking into. Now, let's be serious: They looked at a metric they call 0-Day-Patch being the number of patches a vendor is able to release at the day Read More...
Posted 18 April 08 09:51 by rhalbh | 2 Comments   
Filed under , , ,
Oracle’s answer with regards to Security Patches
You probably remember my post regarding Oracle DBAs rarely install patches . It was about a study where Sentrigo claimed (after having asked 305 people) that more than 2/3 of Oracle DBAs do not install the patches provided by Oracle. Now Oracle recently Read More...
Posted 04 February 08 03:42 by rhalbh | 1 Comments   
Filed under , , ,
Insights into our Security Vulnerability Research
Secure Windows just started a blog which could be of interest for you as well. They will give some more insights into our vulnerability research and the outcome thereof. Definitely something worth keeping an eye on, especially if you have a technical Read More...
Posted 28 December 07 10:52 by rhalbh | 0 Comments   
Filed under , ,

Search

This Blog

Chat directly with me if you want. Go to my About page to find a web messenger!

Visit ourPhoto Gallery

Locations of visitors to this page

Rogers Security Blog at Blogged Add to Technorati Favorites

Syndication

Page view tracker