Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Security   (RSS)

The Four Horsemen of CLeopatra's Barge

One of the more interesting session I went to yesterday was a talk by Chris Hoff called " The Four Horsemen of the Virtualization Apocalypse ." (If you've never read Hoff's blog, you should check it out at http://rationalsecurity.typepad.com/ .) I thought Read More...
Posted Thursday, August 07, 2008 9:36 PM by jrjones | 1 Comments

Black Hat : Got2 Luv the H8ers

So, this afternoon, I'm in the Microsoft booth at Black Hat when this guy comes up (badge hidden of course) and starts talking to some of my colleagues. Right away, it was pretty obvious that he was antagonistic. I will refer to him as "h8er" from here Read More...
Posted Thursday, August 07, 2008 6:07 AM by jrjones | 20 Comments

Exploitability Index - More Information for Customers

Yesterday at Black Hat 2008, along with some other stuff , we announced that we will be adding some new information to Security Bulletins - an "Exploitability Index" for each of the vulnerabilities addressed by the bulletin. Based upon talking with Microsoft Read More...
Posted Wednesday, August 06, 2008 5:20 PM by jrjones | 3 Comments

Black Hat 2008, Here I Come...

Tomorrow, I set off for Black Hat 2008 in Las Vegas to join colleagues that are already there (see Defend the Flag: Roguery Abounds! , over on the new MSRC Ecostrat blog .) As always, I am excited to head over to this conference to see if anything new Read More...
Posted Monday, August 04, 2008 10:29 PM by jrjones | 2 Comments

New Security Tools for IIS and SQL

In cast you didn't see it, the Microsoft Security Response Center (MSRC) team just announced the release of three tools to help customers fend off SQL injection attacks: UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts Read More...
Posted Wednesday, June 25, 2008 10:45 PM by jrjones | 3 Comments

Visit the New SDL (Security Development Lifecycle) Web Site

I wanted to mention to folks that a new Security Development Lifecycle (SDL) web site went up earlier this month on microsoft.com. Amazingly, you can navigate to it via http://www.microsoft.com/sdl , instead of some long name you'd never remember. Of Read More...
Posted Friday, June 20, 2008 1:08 AM by jrjones | 2 Comments

Download: Server Core Potential Security Benefit

With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option –Server Core. Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer Read More...
Posted Thursday, June 12, 2008 5:16 PM by jrjones | 10 Comments
Attachment(s): svr-core-security.pdf

Q1 2008 - Client OS Vulnerability Scorecard

This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2 Read More...
Posted Thursday, May 15, 2008 12:04 AM by jrjones | 78 Comments
Attachment(s): q108-client-scorecard.pdf

Windows Vista vs Windows XP SP2 Vulnerability Report 2007

In the wake of my Windows Vista One Year Vulnerability Report , I have received many questions regarding the current vulnerability record of Windows Vista as compares with Windows XP SP2. This short paper is a compilation of vulnerability data for Microsoft Read More...
Posted Wednesday, May 14, 2008 11:50 PM by jrjones | 9 Comments
Attachment(s): 2007-vista-vs-xp.pdf

UAC, an Excellent Description and Discussion by Crispin Cowan

I was excited when Dr. Crispin Cowan joined the company a while back - what security person wouldn't be! As one of the key drivers behind StackGuard , Linux Security Modules and co-founder of Immunix, which produced AppArmor - few people are as qualified Read More...
Posted Monday, May 12, 2008 11:07 PM by jrjones | 1 Comments

RSA 2008 Keynote: Craig Mundie

Y esterday was a busy day, so I get a bit behind with my updates on RSA, but I wanted to post about the Microsoft keynote, in addition to the others I attended. Format was fireside chat, with Craig Mundie, Microsoft's Chief Research and Strategy Officer Read More...
Posted Thursday, April 10, 2008 1:16 AM by jrjones | 1 Comments
Attachment(s): http://www.securityjones.members.winisp.net/RSA08day1.mp3

RSA Crypto Panel: Martin Hellman on 0.01% Events

In the past, I haven't always stayed to hear the Crypto panel, but based upon the excellent one this year, I'll definitely include it in my plans going forward. If you want to hear an overview of what they all said, I can recommend Robert Vamosi's story Read More...
Posted Thursday, April 10, 2008 1:04 AM by jrjones | 0 Comments

Countdown to RSA Conference 2008

With less than a week until RSA Conference 2008 , I want to provide a short preview of planned RSA activities. As we have been in the past several years, Microsoft will be very active at the security conference with a Keynote by Chief Research and Strategy Read More...
Posted Tuesday, April 01, 2008 7:54 PM by jrjones | 17 Comments

Mac OS X Security - Reality Check #2

First, let me express a caveat. I don't really care for "hack the box" contests. If a machine doesn't get hacked, it does not mean it isn't breakable. If it does get hacked, it just shows us what we already know - any machine can be broken under the right Read More...
Posted Thursday, March 27, 2008 10:43 PM by jrjones | 5 Comments

Mac OS X Security - Reality Check #1

UPDATE: A colleague sent me a link to the source paper that the article discusses: http://www.techzoom.net/papers/blackhat_0day_patch_2008.pdf . As anyone who reads my blog knows, I like to shine a light on areas of common security misperceptions. I am Read More...
Posted Thursday, March 27, 2008 10:32 PM by jrjones | 2 Comments
More Posts Next page »
 
Page view tracker