Welcome to TechNet Blogs Sign in | Join | Help

April 2006 - Posts

Sunday, April 30, 2006 8:39 AM

Accept the Geek in you - join a Geek Dinner!

Browse here to find out more about the most recent London Geek dinner. There's another one coming up on Tuesday 16th of May - it's a Girl Geek Dinner so you'll either have to be a Girl or pursuade one to take you along! Full details of the upcoming Girl
Posted by Steve Lamb | 0 Comments
Filed under:
Saturday, April 29, 2006 6:30 PM

What should a User Group be? A New Information Security User Group is taking form

Many people at InfoSec expressed great interest in joining a new User Group that's focused 100% on Microsoft Information Security - it's being run by MVPs (Most Valuable Professionals). We discussed the essence of the various different successful User
Posted by Steve Lamb | 8 Comments
Saturday, April 29, 2006 5:56 PM

Is there any way for Malware to attach itself to Word Documents OTHER THAN VIA MACROS?

There are many well known pieces of Malware that target Microsoft Word Macros - hence they are turned off by default in recent versions of the software. Following Yvonne's comment re. how to keep Malware off your systems we spoke to discuss how to clean
Posted by Steve Lamb | 4 Comments
Saturday, April 29, 2006 5:48 PM

Update re. how to deal with Phishing on OSX

Following my recent post , James has referred me to Mactopia which confirms that IE has indeed been discontinued for OSX . I'm sure this isn't exactly ground breaking news to Mac officionados. If any of you are reading this then I'd love to hear how you
Posted by Steve Lamb | 0 Comments
Saturday, April 29, 2006 2:59 PM

Information is NOT Power. Effective Security enables Powerful decisions

Information is NOT Power. Timely access to accurate information can give the holder the ability to make powerful decisions. Effective Information Technology can enable the required flow of information. Inappropriate Information Security Policues, Processes,
Posted by Steve Lamb | 1 Comments
Saturday, April 29, 2006 10:00 AM

Directions to the TechNet and MSDN Roadshow in Birmingham

If you're planning to join either TechNet or MSDN @ our Technical Roadshow in Birmingham this week (Tuesday is Infrastructure day, Wednesday is Developer day) then I recommend considering the Train as your means of transport if you're travelling from
Posted by Steve Lamb | 6 Comments
Thursday, April 27, 2006 7:11 PM

Is there a way to stop Phishing on the Apple Mac's Safari Browser?

I'm not casting aspertions on Apple's Safari browser in any way. @ InfoSec I discussed Internet Explorer 7's Phishing filter (for Windows XP and Windows Vista) - several people asked me WHY Microsoft don't provide something for the Mac to help mitigate
Posted by Steve Lamb | 3 Comments
Thursday, April 27, 2006 7:06 PM

How to improve the level of assurity in your Windows System integriry and data integrity - Windows Vista's Bitlocker feature

The most popular area of discussion I experience regarding Microsoft @ InfoSec related to Bitlocker (a feature of the high-end SKUs of Windows Vista) - formerly known as Full Volume Encryption and Secure Startup. There's some interesting discussion in
Posted by Steve Lamb | 2 Comments
Thursday, April 27, 2006 6:56 PM

It was great to see so many of you @ InfoSec in London this week.

InfoSec (uber security show in London >10,000 attendees) this week has been great fun. Hard work by the entire Microsoft and MVP team together with all the associated agencies, crew and behind the scenes folk. Our aim of giving purely technical information
Posted by Steve Lamb | 1 Comments
Thursday, April 27, 2006 6:08 PM

Looking for increased security via Trusted Platform Module (TPM) support such as Windows Vista's Bitlocker

Andy made an interesting comment regarding his interest in Trusted Platform Module (TPM) hardware based security to compliment the software controls in his environment. I'm not familiar with the 3rd party he refers to (Wave) though can highly recommend
Posted by Steve Lamb | 1 Comments
Wednesday, April 26, 2006 9:39 AM

What's your view of multi-factor authentication?

Steve Riley's looking for your feedback on what works for you - please browse to here and give him your comments. I like smart cards and wouldn’t dream of accessing sensitive information on a machine that isn't managed by someone I trust. I don’t like
Posted by Steve Lamb | 4 Comments
Tuesday, April 25, 2006 6:12 AM

Internet Explorer 7 Beta 2 is now available - download IE7 here

Click here to download Internet Explorer 7 Beta 2 . IE 7 is nearing release bringing with it a wealth of security improvements including significant re-engineering and new features including the anti-phishing filter. Much will no doubt be made of the
Posted by Steve Lamb | 5 Comments
Monday, April 24, 2006 4:15 PM

Join Rafal for a free event covering Identity Management

Browse here to register for Rafal's free event - it's running in the UK (Reading) on the 17th May. Rafal's frequently the top rated security speaker at TechEd and IT Forum. The event is described as follows: "“A typical corporate user spends an average
Posted by Steve Lamb | 1 Comments
Friday, April 21, 2006 10:21 AM

Will end users turn off Windows Vista's User Account Control feature?

This is the final part of a three part response to a comment made by Matt in his comment regarding the least privilege model in Windows Vista. Part 1 was: Let's review how privilege is used in Windows NT, XP, 2000 and 2003 : Part 2 was: How will User
Posted by Steve Lamb | 3 Comments
Thursday, April 20, 2006 9:19 AM

How will Windows Vista's User Account Control (UAC) work?

This is the second part of a three part response to a comment made by Matt in his comment regarding the least privilege model in Windows Vista. Part 1 was: Let's review how privilege is used in Windows NT, XP, 2000 and 2003 : The access control mechansim
Posted by Steve Lamb | 1 Comments
Wednesday, April 19, 2006 1:55 PM

How to keep your system(s) safe from Malware including Spyware, Worms, Viruses and Rootkits

Many of us are concerned about the ever increasing threat to information security and business continuity posed by malicious software. Before delving into ways to deal with malicious software it’s important to ensure that we are all familiar with the
Posted by Steve Lamb | 7 Comments
Tuesday, April 18, 2006 8:02 AM

How is privilege used in Windows XP, NT, 2000 and 2003. What are DACLs and SACLs

This is the first part of a three part response to a comment made by Matt in his comment regarding the least privilege model in Windows Vista. Let's review how privilege is used in Windows NT, XP, 2000 and 2003: Objects including files, services and the
Posted by Steve Lamb | 3 Comments
Monday, April 17, 2006 2:07 PM

InfoSec 2006 is just around the corner - if you're in the UK and interested in security it's well worth a visit

Browse here to find out more about the event. InfoSecurity (InfoSec) Europe 2006 is an exhibition and symposium held in London from the 25th to 27th April. As I've mentioned before it's a huge event - typically over 10,000 IT and security professionals
Posted by Steve Lamb | 0 Comments
Friday, April 14, 2006 10:45 AM

A "Plain English" description of what we mean by RPC over HTTP(S)

Eileen's posted a nice concise description explaining "what is RPC over HTTP(S)". As we move away from requiring Virtual Private Networks (VPNs) to using Secure Socket Layer (SSL) as a transport we gain flexibility, a better user experience and a reduced
Posted by Steve Lamb | 1 Comments
Friday, April 14, 2006 10:40 AM

Who do all those acronyms mean? Where's an accurate technical dictionary of Microsoft terminology?

The Microsoft Developer Network (MSDN) provides an excellent technical reference for terminology used in Microsoft products. You don't need an MSDN subscription to access the dictionary - just browse here
Posted by Steve Lamb | 0 Comments
Filed under:
Thursday, April 13, 2006 5:14 PM

How to mitigate the threat posed by malware and how Windows Vista will help in the long run

Many of us are concerned about the ever increasing threat to information security and business continuity posed by malicious software. The more I study malicious software the more I believe that as an industry we need to focus our efforts upon preventing
Posted by Steve Lamb | 3 Comments
Wednesday, April 12, 2006 11:39 AM

Why doesn't SMS check to see whether I've actually installed security updates before inflicting them upon me?

The SMS client is present on my computer (Windows XP SP2) to ensure that it's up to date with security updates. I think that's a good thing. I happen to also use Windows Update and therefore tend to have security updates on my machine before I arrive
Posted by Steve Lamb | 3 Comments
Tuesday, April 11, 2006 4:33 PM

What is a firewall, ISA Server and caching in laymans terms - here's a simple analogy

Earlier today I was asked "what is ISA Server?" - the person who asked me was completely non-technical and therefore I held off from answering "Internet Security and Acceleration Server - it's an Application Layer Firewall with integrated Cache" as this
Posted by Steve Lamb | 2 Comments
Monday, April 10, 2006 5:24 PM

How to recover from Malware infestation? How to avoid getting malware in the first place

I encourage customers to architect machines such that data is stored in a separate partition of the hard disk – this makes it far less painful should the worst case scenario of machine rebuild be required. It’s certainly true that insidious malicious
Posted by Steve Lamb | 0 Comments
Friday, April 07, 2006 3:52 PM

Traffic information MashUp

Click here to play with the Traffic Information MashUP - and here to find out what a MashUP is! In layman's terms a MashUp is where you (as an application developer) build upon an existing application - the term comes from DJ's mixing music samples. Try
Posted by Steve Lamb | 0 Comments
Friday, April 07, 2006 3:40 PM

Why can't regular users shutdown Windows Server 2003?

Perhaps this is obvious for a production system - you'd hardly want end-users to be able to shutdown the server. If you're using a Windows Server 2003 system on a laptop as perhaps a demo, dev or test system then you may want regular users to be able
Posted by Steve Lamb | 0 Comments
Friday, April 07, 2006 2:40 PM

I'm NOT a Girl!

...but I have been to a Girl Geek Dinner and plan to go to more. As the name suggests they focus on the female perspective of technology. Of course I have no idea how many of you are Girl Geeks - if you are one then you can add your name to the WIKI and
Posted by Steve Lamb | 4 Comments
Thursday, April 06, 2006 6:47 PM

Security Quick Reference - here's a list of security resources for IT Pro, Dev and Consumers alike

Security Quick Reference Guidance The Security Guidance Centers provide the most prescriptive security guidance Microsoft has to offer as well as security tools, security response information, such as security bulletins and virus alerts, to assist in
Posted by Steve Lamb | 1 Comments
Thursday, April 06, 2006 6:02 PM

Here are some Online Technical Security resources that will help you keep up with Microsoft Security Innovations

The Microsoft Security Newsletter is a monthly electronic newsletter that's tailored for IT Professionals and Developers to provide the latest Microsoft Security news together with tips for getting the most from our products. The Security Webcast Calendar
Posted by Steve Lamb | 0 Comments
Wednesday, April 05, 2006 5:12 PM

Is Effective Information Security an ART or a Science?

Let's start with a definition to set the tone - this is one I've made up: "Effective Security is enables business to be MORE effective whilst minimising risk to an acceptable level as defined in a meaningful security policy that has teeth". I'm sure one
Posted by Steve Lamb | 3 Comments
Wednesday, April 05, 2006 4:56 PM

Get answers to difficult questions and debate security solutions with experts at InfoSec 2006 in London

Browse to our InfoSec2006 page to read about the free education sessions and debates we'll be hosting. The main InfoSec event site is the place to go to secure (no punn intended) a free place at the event - if you turn up on the day (three days actually)
Posted by Steve Lamb | 0 Comments
Tuesday, April 04, 2006 3:34 PM

Where can I find out how to write secure code?

The Microsoft Application Security Website is a UK based resource that aims to help you write more secure code. The site includes links to the Developer Highway Code which is named after something that's only likely to make sense to those of you who have
Posted by Steve Lamb | 1 Comments
Tuesday, April 04, 2006 3:26 PM

MSDN invite you to join SPI Dynamics for a "Web Application Hacking Workshop"

Let's get this straight to start with MICROSOFT WILL NOT BE TEACHING YOU HOW TO HACK! Our partner SPI Dynamics are experts in the field of writing secure code and helping customers to measure and improve the quality of software. The event itself is free
Posted by Steve Lamb | 1 Comments
Tuesday, April 04, 2006 1:11 PM

It's true - Virtual Server 2005 R2 IS now available as a free download!

Click here to read devcenter.com's post announcing that Microsoft's Virtual Server 2005 R2 is now available as a free download. There's more information available on the Microsoft Virtual Server website . For more information about Virtual Server 2005
Posted by Steve Lamb | 2 Comments
Monday, April 03, 2006 1:12 PM

Register for the Technical Roadshow - see Windows Vista, Office & Exchange 12, Server 2003 R2 and ISA 2006

We hope you can join us for this year's Technical Roadshow - we're visiting five destinations in the UK for a series of technical sessions. Last year's event was successful due to the involvement and interaction of each of the participants. THIS IS NOT
Posted by Steve Lamb | 1 Comments
Monday, April 03, 2006 9:02 AM

ISA 2006 Pulic Beta together with Technical Product details and User Interface Walkthroughs

Internet Security and Acceleration Server is an established security product that's been in production environments since the year 2000. The second major release of the product was denoted "ISA 2004". ISA 2004 majors on protecting Microsoft Server applications
Posted by Steve Lamb | 0 Comments
Monday, April 03, 2006 8:00 AM

Big Sunday: The best wind I've ever experienced in the South East of England

OK so this isn't security related... It's Monday morning and I can't help but share the most amazing day's Windsurfing I've ever enjoyed. I live near London in the South East of England - this is generally the best time of year for wind though rarely
Posted by Steve Lamb | 1 Comments
Saturday, April 01, 2006 9:01 AM

How to securely publish multiple HTTPS websites on a single port via ISA

At last week's PKI TechNet event in Reading several people asked how to get around the challenge of allowing multiple certificates to be used (corresponding to individual HTTPS web sites) in conjunction with ISA's web server publishing feature. For those
Posted by Steve Lamb | 5 Comments
 
Page view tracker