• How to Hack Windows Vista

    Posted over 6 years ago
    by rhalbheer}

    No, no. For sure. I am not going to give you advise how to hack – but look at this video: http://www.offensive-security.com/movies/vistahack/vistahack.html. I am always amazed about these kind of videos, which still surprise people. If look years back, we published the 10 Immutable Laws of Security, which contains Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore. The hack shown above needs physical access….

    But if you want to protect Windows Vista from these kind of physical attacks, why do you not just switch on Bitlocker (and here on Technet)? If you switch it on, these problems are gone and this attack would fail – and it is part of the OS, no additional fees, nothing…

    Roger

  • The Best Security Blogs on the Web

    Posted over 6 years ago
    by rhalbheer}

    Well, this is not what I am claiming to have…. This is what I am looking for. At the moment, I am monitoring/reading the following security-related blogs (sorted alphabetically):

    Microsoft

    Vendors

    News Feeds

    Other Security    

    Blogs on Microsoft

    So, what I am looking for now, is what am I missing here? What are the blogs you are recommending? I am looking for blogs as well that cover more organizational themes, architectural discussions, security trends or focused on Europe, Middle East and Africa or part of it.

    I do not have a problem if you do "self-advertising J" Once I have the list together, I will add the links based on your feedback.

    Roger

  • Security Risks of Virtualization

    Posted over 6 years ago
    by rhalbheer}

    One fact strikes me pretty often: Companies have the problem that they have legacy software running on legacy operating systems (e.g. NT4) running on legacy hardware. This is a severe problem as you all know. Now, these companies look into virtualization so solve this problem. From all the three "legacy" up there, only the hardware problem can be addressed by the use of virtualization – definitely not the OS and the application piece (obvious). Now, there are still a lot of people thinking that if they embed the legacy machine in a state-of-the-art virtual environment that the machine itself might be more secure. This can be true – if you do not connect it to the network. Otherwise, the OS and the application are as vulnerable as before.

    This is all clear and in the meantime known to a lot of people. Virtualization gives us a lot. I think, it is a great technology to address quite some challenges (especially the challenge of having servers that are mainly "idlein" in the computer room) – but it does not address the challenge above. On the contrary, it adds additional risks.

    I just read a very good article on that on Information Week: Virtualization Has A Security Blind Spot. In there, they mention five laws published by Burton Group:

    1. All existing OS-level attacks work in the exact same way.
    2. The hypervisor attack surface is additive to a system's risk profile.
    3. Separating functionality and/or content into virtual machines (VM) will reduce risk.
    4. Aggregating functions and resources onto a physical platform will increase risk.
    5. A system containing a "trusted" VM on an "untrusted" host has a higher risk level than a system containing a "trusted" host with an "untrusted" VM.

    So, manage the risks and have fun with virtualization!

    Roger

  • Testing our Security Technology

    Posted over 6 years ago
    by rhalbheer}

    Quite a while ago, I blogged on Virtual Labs, an offering we are making to you to get your hands dirty with our products and give you the opportunity to work with different hands-on labs.

    There is the VirtualLabs offering, containing MSDN and TechNet labs.

    The idea behind them is: It's simple: no complex setup or installation is required to try out Forefront Security running in the full-featured TechNet Virtual Lab. You get a downloadable manual and a 90-minute block of time for each module. You can sign up for additional 90-minute blocks any time.

    So, we give you a manual and access to VMs via Terminal Server and you can use them for 90 minutes – cool isn't it?

    Just as an example, these are the Forefront Labs:

    Forefront Client Security

    Forefront Server Security

    Forefront Edge Security

    Secure Messaging and Collaboration

    Cool, isn't it? Give it a try

    Roger

  • More of a third of software is stolen

    Posted over 6 years ago
    by rhalbheer}

    BSA just released today a new piracy study and there are some remarkable facts in there:

    • The worldwide weighted average of piracy rate is 38%
    • The median piracy rate in 2007 is 61%

    Think about the second point for a second: This means that in half of the countries they studied, the piracy rate is 61% or higher. 61% of the software is stolen and people are using stolen software and are making money out of it. For you, this would mean the following: It is Wednesday today. So from now on until the end of the week you deliver your work but do not get paid for! People will simply steal the rest of your week – amazing isn't it.

    It even gets worth: The piracy rage is from around 20% (so, this is the lowest figure on the globe) in countries like the US, Luxembourg, New Zealand, Japan,… to more than 90% in Sri Lanka, Zimbabwe, Moldova, Azerbaijan, Bangladesh, Armenia.

    What does this mean from a security perspective? I would love to see a study on how these users patch their machines. As we have mostly infection rates on machines that use the Malicious Software Removal Tool and Windows Update. So, there is no real hold on this question. However, my guess is that the ones that know that they have a pirated copy will probably not patch – the others will (there are a lot of people buying a PC in good faith but the vendor "sells" them a pirated copy). My guess is that these PCs are a "good home" for bots and all kinds of malware and attacks but as I said, this is just a concern and a guess – not real knowledge.

    If you want to have a look at the study, there you go: Fifth Annual BSA and IDC Global Software Piracy Study

    Roger