I do not want to comment this but it is a fairly interesting article on Snowden's Revelations, the consequences and the legal frameworks.

Definitely worth spending the time: Making Sense from Snowden: What's Significant in the NSA Surveillance Revelations

Roger

I guess you are aware of the phone scams, when Microsoft support is calling you to tell you that you have an issue on your computer, which needs to be fixed. A Norwegian team was actually able to film that. The whole conversation with the "supporter" is in English (the rest in Norwegian) and is definitely worth looking at - The article (in Norwegian but Bing Translator helps) can be found here: Her prøver Windows-svindlerne å lure kredittkortet fra oss

Roger

To be clear upfront: After support for Windows XP will end, the world will still exist – at least I hope. However, over the course of the last few months I read numerous articles with speculations, what is going to happen, once we stop support of Windows XP. The key problem is, that we do not know at all – there is no precedence. When Windows 2000 went out of support, there were much less systems still in use. This is a huge challenge with Windows XP.

There are a few things we know today:

• The last day we issue security updates for Windows XP SP3 will be April 8^th, 2014
• There will be a lot of systems after this date, which will still run Windows XP (any Service Pack).
• There will be vulnerabilities, which are in Windows Vista, Windows 7, and Windows 8, which will affect Windows XP as well.

The last point is a guess, however, the likelihood is very, very high. What does that mean for you and for the ecosystem? Starting from April 8^th, there will be zero-days for Windows XP. By definition a 0day is a vulnerability, which gets known to the public and the bad guys before there is a security update by the vendor. As there are no security updates anymore, there will be 0days at the moment we release an update for a vulnerability, which is in Windows XP as well. How off does that happen? According to The Risk of Running Windows XP After Support Ends April 2014:

Between July 2012 and July 2013 Windows XP was an affected product in 45 Microsoft security bulletins, of which 30 also affected Windows 7 and Windows 8.

Basically, migrating off Windows XP is definitely the preferred way to go from my point of view as you cannot expect a 12 year old operating system to protect you against today's threats. However, I am aware that certain systems cannot be migrated or certain users and companies do not want to migrate off (or do not have the means to do). If you cannot migrate, shielding the systems and applying a defense in depth approach from the network to the application layer seems to me the only way to go. If you do not want to migrate – well, you should definitely think again. It is time.

If you or your management needs more data and insights, there is a fairly good analysis done by the team, which runs the Security Intelligence Report called Software Vulnerability Exploit Trends. This gives you some insights as well.

Finally, you might remember the two slides, I promoted in Security in 2013 – the way forward?. The slides can be downloaded here and I do not only give you permission to use them, I would motivate you to!

In the meantime, our Windows marketing team wrote a blog post How the evolution of security threats impacts businesses, where you find a great infograph (to the left) with the evolution of Windows and the Internet since 2001. You can definitely use this to promote any type of migration and protection.

Roger

This morning, I was reading a very interesting article called Unique in the Crowd: The privacy bounds of human mobility. This is the abstract:

We study fifteen months of human mobility data for one and a half million individuals and find that human mobility traces are highly unique. In fact, in a dataset where the location of an individual is specified hourly, and with a spatial resolution equal to that given by the carrier's antennas, four spatio-temporal points are enough to uniquely identify 95% of the individuals.

Before we go deeper into the subject, the situation above reminded me of Monty Phyton's Life of Brian:

<iframe width="420" height="315" src="http://blogs.technet.com//www.youtube.com/embed/jVygqjyS4CA" frameborder="0" allowfullscreen></iframe>

But now back to the subject. The example above, to me, just shows one of the key challenges we face, when we look at all the data, which is generated about us. If this data starts to get analyzed for behavior patterns, even the most innocent data all of a sudden might become very sensitive. If you look at the Big Data scenario, in my opinion it gets even worse as then we start to correlate non-identifiable information and very fast we will run into privacy-related issues.

Let's take the example above: They are able to uniquely identify the individuals based on their pattern how they move. Additionally, you could look at the data to figure out, where they were most – and typically you can fairly easily find out where they work and live. This means, that you can fairly fast (with a little additional effort) not only identify such patterns but even link that pattern to a name and all the doors are now open to "abuse" this data for any kind of purposes.

All these issue do not scare me from a security perspective at the moment but from a privacy approach – and for most consumers, there is no real difference

Roger

Trustworthy Computing in partnership with Microsoft IT, Microsoft Consulting and the product groups just released a series of videos on targeted attacked and how to defend.

I would definitely urge you to listen to them and make sure you implement the countermeasures: Targeted Attacks Video Series

Roger