Wow, that's an interesting question:

Let's say a Canadian flies from New York to Tokyo on Korean Air and hacks the German tourist's computer seated in front of her while over the Pacific. Who's laws apply? (Canada, US, Japan, Korea, Germany?)

I mean, we have a hard time answering this question if everybody is grounded but what about such a scenario?

This is an attempt to explain: Hacking on the plane: who has jurisdiction?

Roger

A while ago, when I was travelling a journalist told me that he never pays for our software as he can easily download a tool to crack Windows XP (he was still running XP). We had an interesting discussion afterwards (besides the fact that he showed me how he steals our goods) about security. He ran a tool with highest privileges and was then proud how Windows worked without a key. I asked him how he could be sure that the tool did not install any backdoor on his machine, while cracking it – and he went kind of pale….

We know of these stories and we know that pirated copies of Windows, which can be downloaded often are coming with pre-installed malware. As you might have heard, we disrupted another botnet last week, which spread through the supply chain: Microsoft Disrupts the Emerging Nitol Botnet Being Spread through an Unsecure Supply Chain.

This leads for me to another fairly interesting question: Most governments today are relying on Common Criteria certification to evaluate products. However, to me a good product is the result of a good engineering and assembling process. So, when it comes to software, make sure that the development process is designed to lead to "secure" results (e.g. ISO 27034) and having a deeper look into your supply chain generally makes sense if I look at the botnet takedown.

Roger

As you know, protecting your information in the cloud is key. We just published a paper called Information Protection and Control (IPC) in Office 365 Preview with Windows Azure AD Rights Management. Here is the summary:

Due to increased regulation, the Consumerization of IT (CoIT) and the "Bring Your Own Device" (BYOD), the explosion of information with dispersed enterprise data, the Social Enterprise and its applications enabling new collaboration, analytics scenarios, etc. enterprises of all sizes are facing growing needs to protect sensitive information. At the same time, enterprises have a need to securely share that same information amongst appropriate employees and other individuals within and outside the corporate network.

Windows Azure Active Directory Rights Management (Windows Azure AD Rights Management) service technology provides the capability to create and consume protected content such as e-mail and documents. As of today, such a capability is part of the Microsoft Office 365 Enterprise Preview subscription, natively integrated with Exchange Online Preview, SharePoint Online Preview, and Microsoft Office to apply persistent protection to the content to meet the business requirements of your organization.

This document is intended to help you previewing and evaluating Windows Azure AD Rights Management service technology. For that purpose it contains, as an introduction, a brief information on IPC and Windows Azure AD Rights Management that helps you understand what it is, and how it differs from on-premises Active Directory Rights Management Services (AD RMS). It provides step-by-step information on how to configure and use Windows Azure AD Rights Management to perform rights protection on your corporate content, as well as other details and requirements you would need to successfully evaluate Windows Azure AD Rights Management service technology in your environment.

This document is intended for system architects and IT professionals who are interested in understanding the basics of the Windows Azure AD Rights Management technology.

Enjoy

Roger

I think that this is actually a fairly good overview of the privacy settings on Facebook and how you should set them:

How to secure your Facebook account

Roger