The Enhanced Mitigation Experience Toolkit  is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going into this direction – a little bit.

You can find all the necessary information on EMET here:

• That’s the article on our support website: The Enhanced Mitigation Experience Toolkit
• Here a TechNet blog post: New version of EMET is now available
• To download EMET v 2.1
• And a BlueHat session

Before you start, please make sure that you have the Bitlocker recovery key ready (you are running Bitlocker, don’t you?) or that you suspend Bitlocker for the time of the configuration as EMET might change your Data Execution Prevention settings, which change your bootloader, which invalidates the Bitlocker signature, which needs to be proven.

I always love to strengthen my policies and see when something breaks and how. I started to use it and it actually provides you a fairly straight-forward interface with what is running and in which state:

You can then configure your applications and define on which level you want them to be protected. It might then happen that this pops up:

I wont tell you which application it was but I was a little bit scared…

Anyway, if you did not use it yet, I think you should!

Roger

A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy.

This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be addressed and in which form.

We came up with a fairly simple model:

To explain the model, we just published two papers about it:

• Cybersecurity white paper abstract – a one pager with a high-level description
• Cybersecurity: More than a good headline – a few more pages going deeper into the discussion of the different subjects.

In parallel we are working on a book about this, giving much more examples and background – so stay tuned.

The only thing I really know: When I do a presentation explaining Cybersecurity and at the end show the slide above, governments love it. Typically they approach me asking for the deck – if they are not politically correct they tell me that they just want to get this slide.

Comments are very welcome. If you need/want further information, get in touch with me. Happy to help

Roger

If you are a regular reader of my blog, you should know the Security Compliance Manager (if you are not, you should become a regular reader of my blog ).

Version 2 of the Microsoft Security Compliance Manager (SCM 2) is now available for download. If you do not know it, this is the way our Solution Accelerator team promotes it:

Security Compliance Manager 2 is a free tool from the Microsoft Solution Accelerators team that enables you to quickly configure and manage your computers, traditional datacenter, and private cloud using Group Policy and Microsoft^® System Center Configuration Manager.

SCM 2 provides ready-to-deploy policies and DCM configuration packs that are tested and fully supported. Our product baselines are based on Microsoft Security Guide recommendations and industry best practices, allowing you to manage configuration drift, address compliance requirements, and reduce security threats.

Easily configure Windows® operating systems, Microsoft® Office applications, and Internet Explorer with industry leading knowledge and fully supported tools.

Take advantage of SCM 2 to import the configuration of a “golden master” reference machine or existing Group Policy. Compare your standards to industry best practices, customize them using rich knowledge, and seamlessly create new policies and DCM configuration packs in the user-friendly UI designed to work with System Center Configuration Manager 2007 R2.

Key Features Include:

Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project!

Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature!

Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important!

Compare against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems!

This is how it looks like:

and

It is really worth looking at.

For you, this is what you should do:

• Download SCM 2.
• Help spread the word: tell your friends about Security Compliance Manager 2.
• Thoughts? Favorite features? Feedback? Tell it to the dev team.

Want more information on a specific feature? Interested in speaking with the development team? Please contact Venkat Ganti.

Roger

Always something new… As these kinds of codes are mainly used on mobile phones (or only used on mobile phones) the malware actually addresses smartphones “only” – in this case Android: Hackers using QR codes to push Android malware. If you use a code such as this (source: ZDnet Article referenced):

You will be redirected to a website hosting the malware.

How often do you use these codes? I am using the gettag below since quite a while and get quite some click-through but personally I am not using them too often.

Anyway: Another attack vector to trick users into doing something they do not want.

Roger

Interesting: Microsoft takes the Android profit, the Wonkas take the pain

I quote:

Yet Android costs Google billions, without drawing revenue. Microsoft is making half a billion a year from Android. The settlement with Oracle, when it eventually comes, will add even more costs to working with Android – for anyone who dabbled with it.

Google executives must be wondering – in the words of David Byrne – “how did I get here?”

The company is going to have to spend very big to settle a clutch of outstanding IP issues, and almost certainly have to restructure Android governance to restore confidence in its stewardship of the systems. But even after all the smoke has cleared, things at Mountain View will have irrevocably changed. No amount of public relations or lobbying, or invite-only conferences, are going to return Google to the golden status it enjoyed only a few years ago.

Imagine you're a public policy person, or a business strategist. Why would you think Google can give you a glimpse of the future, when it can't even understand the present?

Roger