Roger H.

Followers
1 Blog Followers
Following:
Following Blogs: 0

Latest Activity

Links for 2011-02-20 [del.icio.us]

Roger H. posted an article on - Feb 21, 2011, 3:00 am
Infrastructure Planning and Design Guide for Malware Response A new version of this guide went live – I think something, you should look at. There is a metrology and a process in detail: So, if you want to learn more: http://technet.microsoft.com/en-us/library/cc162838.aspx Roger
Comment - Like

Links for 2011-02-18 [del.icio.us]

Roger H. posted an article on - Feb 19, 2011, 3:00 am
Six “New” Attack Vectors Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches: Fake Phone Networks: I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too w
Comment - Like

Links for 2011-02-17 [del.icio.us]

Roger H. posted an article on - Feb 18, 2011, 3:00 am
Fighting a Botnet Microsoft Malware Protection Center published a document on Battling the Zbot Threat, a special edition of the Security Intelligence Report. It is a very good document, worth looking at. This is the intro (to make you curious for more): This doc
Comment - Like

Links for 2011-02-16 [del.icio.us]

Roger H. posted an article on - Feb 17, 2011, 3:00 am
How to Do an Online Background Check for Free Well, basically this title attracted my attention: How to Do an Online Background Check for Free. I had to try it with myself. So I started, following the sites and suggestions in the article: I clicked on the first link and landed on 9 Sites That&...
Comment - Like

Links for 2011-02-12 [del.icio.us]

Roger H. posted an article on - Feb 13, 2011, 3:00 am
Scott Charney at RSA this year It is kind of a tradition that Scott Charney, our Corporate Vice President for Trustworthy Computing, is speaking at RSA. If you look back, he always showed the evolution of Trustworthy Computing and spoke about e.g. End to End Trust and other concep
Comment - Like

Links for 2011-02-11 [del.icio.us]

Roger H. posted an article on - Feb 12, 2011, 3:00 am
Security Impact of the Nokia/Microsoft Announcement I am definitely looking forward to the collaboration Nokia/Microsoft and it seems to have gotten quite some chatter on the web. Interestingly, F-Secure looked into it as well: They looked at the app-model and the sandboxing technology in Wind...
Comment - Like

Links for 2011-02-10 [del.icio.us]

Roger H. posted an article on - Feb 11, 2011, 3:00 am
The Wild West on the Internet… A Crime Story A fairly interesting thriller on the Internet. It just shows that we need better ways to collaborate between private and public sector and to hunt criminals: How one man tracked down Anonymous—and paid a heavy price Scary… Roger Internet ...
Comment - Like

Links for 2011-02-06 [del.icio.us]

Roger H. posted an article on - Feb 7, 2011, 3:00 am
How much it takes to get on the No-Fly List I questioned the value of No-Fly lists since quite a while as I read all these story about how people get on the list but this is kind of the strangest story I ever heard. A UK Immigration officer put his own wife on the No-Fly list as he wanted her ...
Comment - Like

Links for 2011-02-01 [del.icio.us]

Roger H. posted an article on - Feb 2, 2011, 3:00 am
Fighting Crime and Protecting Privacy–a Contradiction? I often read two kinds of articles when it comes to ISPs and protecting privacy. In side asks for as much privacy as possible, the other one for transparency to fight cybercrime. What is our real goal? What is the role of ISPs in fightin...
Comment - Like

Links for 2011-01-31 [del.icio.us]

Roger H. posted an article on - Feb 1, 2011, 3:00 am
Blocking Social Media–What is Your View? Blocking social media in companies seems to be fairly common; however I personally do not like it for different reasons. I would like you to open a debate and educate me. Tell me, why it is good or bad. Tell me, which risks you are looking at, when/if...
Comment - Like

Links for 2011-01-27 [del.icio.us]

Roger H. posted an article on - Jan 28, 2011, 3:00 am
Phishing still very effective: 35 cards in 5 hours I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours. They analyzed a very poorly designed phishing attack and found that: The first access to the site was on January 20 at 10:01 pm (as seen in ...
Comment - Like

Links for 2011-01-24 [del.icio.us]

Roger H. posted an article on - Jan 25, 2011, 3:00 am
From the Inside: Our CISO on Cloud Security If you evern wondered, what our CISO thinks about security in the Cloud, you should listen to him directly.
Comment - Like

Links for 2011-01-21 [del.icio.us]

Roger H. posted an article on - Jan 22, 2011, 3:00 am
How to Build a CERT Often, when governments look into Critical Infrastructure Protection, they start to build a CERT (Computer Emergency Response Team) or a CSIRT (Computer Security and Incident Response Team). The questions then always comes up: How do you do that? EN
Comment - Like

Links for 2011-01-20 [del.icio.us]

Roger H. posted an article on - Jan 21, 2011, 3:00 am
Conclusion on UNODC: Open Ended Expert Group on Cybercrime I blogged about my attendence at the above mentioned UNODC meeting. This is a short summary on how I preceived the meeting.
Comment - Like

Links for 2011-01-18 [del.icio.us]

Roger H. posted an article on - Jan 19, 2011, 3:00 am
Attacks on Application Level As attacks are moving up the stack, PDF becomes the number 1 exploited file type. Make sure you patch all your applications
Comment - Like

Links for 2011-01-17 [del.icio.us]

Roger H. posted an article on - Jan 18, 2011, 3:00 am
Step-by-Step Guide: Exposing OWA 2010 with AD FS 2.0 to other organizations An interesting paper on how to leverage ADFS by our French colleagues was just published. Here is the abstract: Through the possible support for both an initial Claim-based Authentication (and the WS-Federation pr...
Comment - Like

Links for 2011-01-16 [del.icio.us]

Roger H. posted an article on - Jan 17, 2011, 3:00 am
UNODC: Open Ended Expert Group on Cybercrime From tomorrow on, UNDOC invited for an Open Ended Expert Group on Cybercrime in Vienna. I am really interested in seeing hoe these discussions will go. If – by any chance – you are there as well, please ping me and we will have a chat. Otherwis...
Comment - Like

Links for 2011-01-14 [del.icio.us]

Roger H. posted an article on - Jan 15, 2011, 3:00 am
Real Physical Security I saw this this morning – have a great weekend: Roger
Comment - Like

Links for 2011-01-12 [del.icio.us]

Roger H. posted an article on - Jan 13, 2011, 3:00 am
Cybercrime as a Service–Our Future? It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud – like any other business. Some way ba
Comment - Like

Cybercrime as a Service–Our Future?

Roger H. posted an article on - Jan 12, 2011, 4:01 am
It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud – like any other business. Some way Related posts:Council of Europe – Octopus Conferen...
Comment - Like

Links for 2011-01-07 [del.icio.us]

Roger H. posted an article on - Jan 8, 2011, 3:00 am
Dilbert on Cloud Computing The worst thing is, that there is some truth in that: At least, this is what I see often, before I talk to customers Roger
Comment - Like

Dilbert on Cloud Computing

Roger H. posted an article on - Jan 7, 2011, 7:26 am
The worst thing is, that there is some truth in that: At least, this is what I see often, before I talk to customers Roger Related posts:Cloud Computing: Benefits and Risks of Moving Federal IT into the Cloud Insider Threat of Cloud Computing Dilbert on Piracy Related posts:Cloud...
Comment - Like

Links for 2011-01-06 [del.icio.us]

Roger H. posted an article on - Jan 7, 2011, 3:00 am
Exciting News from the Consumer Electronics Show in Vegas After the launch of different products for the consumer, businesses and in the Cloud, Steve Ballmer opened CES today in Las Vegas. You should look at it. There are a few very cool announcements: Or directly from the CES webpage. Rog...
Comment - Like

Exciting News from the Consumer Electronics Show in Vegas

Roger H. posted an article on - Jan 6, 2011, 7:05 am
After the launch of different products for the consumer, businesses and in the Cloud, Steve Ballmer opened CES today in Las Vegas. You should look at it. There are a few very cool announcements Roger . . . → Read More: Exciting News from the Consumer Electronics Show in Vegas Rel...
Comment - Like

Links for 2011-01-03 [del.icio.us]

Roger H. posted an article on - Jan 4, 2011, 3:00 am
Targeted Attacks: The Biggest Risk in 2011? Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night. BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears I think that this is a real issue and very hard to f
Comment - Like

Targeted Attacks: The Biggest Risk in 2011?

Roger H. posted an article on - Jan 3, 2011, 1:01 pm
Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night. BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears I think that this is a real issue and very hard to f Related posts:Targeted Attacks -the “Real” Problem...
Comment - Like

Links for 2010-12-25 [del.icio.us]

Roger H. posted an article on - Dec 26, 2010, 3:00 am
And you think you have security problems? Merry Christmas Roger
Comment - Like

And you think you have security problems? Merry Christmas

Roger H. posted an article on - Dec 25, 2010, 9:28 am
Roger No related posts. No related posts.
Comment - Like

Links for 2010-12-22 [del.icio.us]

Roger H. posted an article on - Dec 23, 2010, 3:00 am
My Blackberry Is Not Working! That’s absolutely great and worth spending the few minutes – enjoy: Roger
Comment - Like

My Blackberry Is Not Working!

Roger H. posted an article on - Dec 22, 2010, 5:04 pm
That’s absolutely great and worth spending the few minutes – enjoy: Roger No related posts. No related posts.
Comment - Like

I sold my soul to Google, can I get it back?

Roger H. posted an article on - Dec 13, 2010, 3:45 am
Well, this question was not asked by me but by a guy called Joe Wilcox on Betanews: I sold my soul to Google, can I get it back?. He raises a few points I never really thought of: While the organizations all charge something, not one puts content be Related posts:Why Google Won’t Beat . . . → ...
Comment - Like

Links for 2010-12-09 [del.icio.us]

Roger H. posted an article on - Dec 10, 2010, 3:00 am
On the effectiveness of DEP and ASLR Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR. There is a lot of information on how both raise the bar
Comment - Like

On the effectiveness of DEP and ASLR

Roger H. posted an article on - Dec 9, 2010, 9:40 am
Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR. There is a lot of information on how both raise the b Related posts:Summary of Bitlocker Discussions Asse...
Comment - Like

Links for 2010-12-05 [del.icio.us]

Roger H. posted an article on - Dec 6, 2010, 3:00 am
Mitigating the use of Local Admin We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a gu
Comment - Like

Mitigating the use of Local Admin

Roger H. posted an article on - Dec 5, 2010, 4:17 pm
We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a gu Related posts:Running as Non-Admin . . . → Re...
Comment - Like

Links for 2010-12-02 [del.icio.us]

Roger H. posted an article on - Dec 3, 2010, 3:00 am
Behind the Curtain of Second Tuesdays: Challenges in Software Security Response You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microso...
Comment - Like

Behind the Curtain of Second Tuesdays: Challenges in Software Security Response

Roger H. posted an article on - Dec 2, 2010, 7:53 am
You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin Related posts:Legal Challenges of International B...
Comment - Like

Links for 2010-11-30 [del.icio.us]

Roger H. posted an article on - Dec 1, 2010, 3:00 am
Publishing Secret or Sensitive Information With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A&#...
Comment - Like

Security Development Lifecycle: Quick References

Roger H. posted an article on - Nov 30, 2010, 3:10 pm
A quick one: An interesting download location: With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the Related posts:The Impact of the Security Development Lifecycl...
Comment - Like

Publishing Secret or Sensitive Information

Roger H. posted an article on - Nov 30, 2010, 10:34 am
With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. Related posts:Council of Europe – Octopus Confere...
Comment - Like

The Cloud is Also Green

Roger H. posted an article on - Nov 22, 2010, 2:34 am
Yes, not only gray Seriously, we commissioned a study to see what the impact of cloud computing is not only to efficiency but the the environment. Can you save CO2 by moving to the cloud? I think something, we do not look at often enough. Related posts:Can cloud security ever work? Data Governan...
Comment - Like

Information Security Management System for Microsoft Cloud Infrastructure

Roger H. posted an article on - Nov 19, 2010, 8:26 am
Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Related posts:Securing Microsoft’s Cloud Infrastructure Why Google...
Comment - Like

New Baselines for the Security Compliance Manager

Roger H. posted an article on - Nov 16, 2010, 10:19 am
There were just new resources released for the Security Compliance Manager: the Windows Server 2008 R2 Security Baseline and the Office 2010 Security Baseline, and setting packs for Windows 7 and Internet Explorer 8. This packs help you to manage Related posts:Microsoft Security Compliance Manager:...
Comment - Like

Links for 2010-11-15 [del.icio.us]

Roger H. posted an article on - Nov 16, 2010, 3:00 am
Basic Malware Protection for Free? It is kind of strange, whenever I talk to governments and customers, everybody seems to agree that basic malware protection should be for free or even integrated into the OS. I am talking about malware, which is “installed” by the user as well…
Comment - Like

Basic Malware Protection for Free?

Roger H. posted an article on - Nov 15, 2010, 4:37 am
It is kind of strange, whenever I talk to governments and customers, everybody seems to agree that basic malware protection should be for free or even integrated into the OS. I am talking about malware, which is “installed” by the user as well Related posts:One year free anti-malware and what w...
Comment - Like

Links for 2010-11-14 [del.icio.us]

Roger H. posted an article on - Nov 15, 2010, 3:00 am
Fixing Risk Management Since quite a while I am not satisfied with the way we (in the industry) are doing risk management. In my early days, before I was actually entering the security space, I was doing project management and as part of it risk management. The way we did
Comment - Like

Fixing Risk Management

Roger H. posted an article on - Nov 15, 2010, 2:15 am
Since quite a while I am not satisfied with the way we (in the industry) are doing risk management. In my early days, before I was actually entering the security space, I was doing project management and as part of it risk management. The way we d Related posts:Security Compliance Management – So...
Comment - Like

Links for 2010-11-12 [del.icio.us]

Roger H. posted an article on - Nov 13, 2010, 3:00 am
The Value of Government Clouds We recently released a paper called The Economics of Cloud Computing for the EU Public Sector, which is actually valid for every other European country as well as it is not too narrowly focused on the EU only. Additionally there is a US-version of the paper as we...
Comment - Like

The Value of Government Clouds

Roger H. posted an article on - Nov 12, 2010, 6:59 am
We recently released a paper called The Economics of Cloud Computing for the EU Public Sector, which is actually valid for every other European country as well as it is not too narrowly focused on the EU only. Additionally there is a US-version of the paper as well. Now, Gartner commented on it as w...
Comment - Like

Links for 2010-11-11 [del.icio.us]

Roger H. posted an article on - Nov 12, 2010, 3:00 am
Hotmail now with full-session SSL If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS e
Comment - Like

Roger H.'s Blogs:

Roger H.'s Followers

Roger H. is Following

Invite Your Friends

Invite your contacts to blogged from:
gmail yahoo