This is a theme that is quite controversial since a long time: Is it a good idea to hire known hackers to improve security of your products? It was an interesting process to follow a time ago, when the guy who wrote Sasser (and brought down several networks), was arrested by Law Enforcement and even during the trial got a job in the security industry. Pretty good deal, isn't it? Beforehand he had no job, nothing. Afterwards, he did not have to go to jail but got a job.

Now, today an article stroke me that different hackers move to the software industry: Hacker movements: Murphy joins Apple; Caceres to Matasano

What do you think about it? Are these the right people to secure our networks and/or products? Do they even have the right skill-set?

I am interested in your view

Roger

Today we released a Pre-SP1 update for Windows Vista to address some issues we experienced after the initially release of Windows Vista:

• KB938194: An update is available that improves the compatibility and reliability of Windows Vista
• KB938979: An update is available that improves the performance and reliability of Windows Vista

Have fun

Roger

I just read an interesting article BBC News. There seems to be a study by the UK government about e-crime and the fears of the citizens. The report cited a government survey that suggested more Britons feared internet crime than burglary.

Times changed. Five years ago – being helpless and not really understanding the problem – everybody blamed anybody. And to be fair, five years ago we fought vandalism. Today the economy of crime has changed and the organized crime is making a huge amount of money on the internet by fraud. What I do not get in these kind of articles: They always leave the feeling with me that everybody is trying to argue that the others have to act upon e-crime: There are calls for new legislation, for more responsibility with the user, for liability calls, for better law enforcement, for …, for …, for …, for……

I stated it several times: In my opinion, the only way to having a significant impact on e-crime is to work closely together in completely new ways. We have to share information where we never did before between consumers, enterprises, vendors, providers, law enforcement, and policy makers. There have to be new coalitions that trust each other to use the legal framework we have in place and add upon it. There are excellent approaches like the Council of Europe where steps are made to harmonize legislation – but we have to act much faster and we have to act together without looking into how to move responsibility over to other parties as the only winner of this is the organized crime.

If you want to read the article above: Government 'must act on e-crime'

Roger

This is interesting: Imagine the scenario where a huge amount of Windows computers all boot at the same time. What would happen? Well, probably quite some online services would get into troubles with the load they all of a sudden get as the rebooted machines would want to logon all more or less at the same time. Fortunately this scenario is not too likely – or am I wrong? What happens after a Security Update release on the second Tuesday of a month? The machines having Automatic Update switched on will some when install the updates and then, if the use agrees, reboot. Fortunately we have a lot of different time zones across the globe, the computers are sometimes switched off and often the user does not want to reboot now but in a few hours. So, the reboots will be distributed over time, will there?

Hmm, you probably already know where I am heading to: The recent discussions around the Skype outage. It is very interesting to see how the story spins. If a service like Skype goes down, even for a short period of time and even worse for two days, the rumors start to spread from technical problems to hacking attacks to terrorist to worms to Microsoft to whatever (I have not seen the aliens this time J).

Skype posted a blog What happened on August 16^th to explain. What is interesting is the statement The high number of restarts [because of customers having patched Windows and booted] affected Skype's network resources which I can technically understand but in the meantime we know that there was nothing different compared to any other Update Tuesday. Skype admitted that the outage finally was caused by a bug in their software.

However, ABC published an article with the title Skype Outage Caused by Microsoft Update J - interesting, isn't it?

Just to let you know, Microsoft Security Response Center posted as well: Questions about last Tuesday's Release and Skype

Roger

This has definitely nothing to do with security. But anyway, I thought it worthwhile, to write to blog post about that. I found that today: an absolutely cool new search engine based on our latest development called Silverlight.

Simply have a look at it and give it a try. It is definitely worth it: http://www.tafiti.com

The only "drawback" is that you have to install the beta version of Silverlight.

Roger