Roger H. posted an article on Roger's Blog on Security - Feb 21, 2011, 3:00 am
Infrastructure Planning and Design Guide for Malware Response A new version of this guide went live – I think something, you should look at. There is a metrology and a process in detail: So, if you want to learn more: http://technet.microsoft.com/en-us/library/cc162838.aspx Roger
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Feb 19, 2011, 3:00 am
Six “New” Attack Vectors Reading this article Six New Hacks That Will Make Your CSO Cringe made me think as it has a few fairly interesting approaches: Fake Phone Networks: I am wondering how much work it takes to do it. If the effort is not too high, I am not (yet) too w
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Feb 18, 2011, 3:00 am
Fighting a Botnet Microsoft Malware Protection Center published a document on Battling the Zbot Threat, a special edition of the Security Intelligence Report. It is a very good document, worth looking at. This is the intro (to make you curious for more): This doc
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Feb 17, 2011, 3:00 am
How to Do an Online Background Check for Free Well, basically this title attracted my attention: How to Do an Online Background Check for Free. I had to try it with myself. So I started, following the sites and suggestions in the article: I clicked on the first link and landed on 9 Sites That&...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Feb 13, 2011, 3:00 am
Scott Charney at RSA this year It is kind of a tradition that Scott Charney, our Corporate Vice President for Trustworthy Computing, is speaking at RSA. If you look back, he always showed the evolution of Trustworthy Computing and spoke about e.g. End to End Trust and other concep
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Feb 12, 2011, 3:00 am
Security Impact of the Nokia/Microsoft Announcement I am definitely looking forward to the collaboration Nokia/Microsoft and it seems to have gotten quite some chatter on the web. Interestingly, F-Secure looked into it as well: They looked at the app-model and the sandboxing technology in Wind...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Feb 11, 2011, 3:00 am
The Wild West on the Internet… A Crime Story A fairly interesting thriller on the Internet. It just shows that we need better ways to collaborate between private and public sector and to hunt criminals: How one man tracked down Anonymous—and paid a heavy price Scary… Roger Internet ...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Feb 7, 2011, 3:00 am
How much it takes to get on the No-Fly List I questioned the value of No-Fly lists since quite a while as I read all these story about how people get on the list but this is kind of the strangest story I ever heard. A UK Immigration officer put his own wife on the No-Fly list as he wanted her ...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Feb 2, 2011, 3:00 am
Fighting Crime and Protecting Privacy–a Contradiction? I often read two kinds of articles when it comes to ISPs and protecting privacy. In side asks for as much privacy as possible, the other one for transparency to fight cybercrime. What is our real goal? What is the role of ISPs in fightin...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Feb 1, 2011, 3:00 am
Blocking Social Media–What is Your View? Blocking social media in companies seems to be fairly common; however I personally do not like it for different reasons. I would like you to open a debate and educate me. Tell me, why it is good or bad. Tell me, which risks you are looking at, when/if...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 28, 2011, 3:00 am
Phishing still very effective: 35 cards in 5 hours I just read this blog post by ESET laboratories: Inside a phishing attack: 35 credit cards in 5 hours. They analyzed a very poorly designed phishing attack and found that: The first access to the site was on January 20 at 10:01 pm (as seen in ...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 25, 2011, 3:00 am
From the Inside: Our CISO on Cloud Security If you evern wondered, what our CISO thinks about security in the Cloud, you should listen to him directly.
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 22, 2011, 3:00 am
How to Build a CERT Often, when governments look into Critical Infrastructure Protection, they start to build a CERT (Computer Emergency Response Team) or a CSIRT (Computer Security and Incident Response Team). The questions then always comes up: How do you do that? EN
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 21, 2011, 3:00 am
Conclusion on UNODC: Open Ended Expert Group on Cybercrime I blogged about my attendence at the above mentioned UNODC meeting. This is a short summary on how I preceived the meeting.
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 19, 2011, 3:00 am
Attacks on Application Level As attacks are moving up the stack, PDF becomes the number 1 exploited file type. Make sure you patch all your applications
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 18, 2011, 3:00 am
Step-by-Step Guide: Exposing OWA 2010 with AD FS 2.0 to other organizations An interesting paper on how to leverage ADFS by our French colleagues was just published. Here is the abstract: Through the possible support for both an initial Claim-based Authentication (and the WS-Federation pr...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 17, 2011, 3:00 am
UNODC: Open Ended Expert Group on Cybercrime From tomorrow on, UNDOC invited for an Open Ended Expert Group on Cybercrime in Vienna. I am really interested in seeing hoe these discussions will go. If – by any chance – you are there as well, please ping me and we will have a chat. Otherwis...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 15, 2011, 3:00 am
Real Physical Security I saw this this morning – have a great weekend: Roger
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 13, 2011, 3:00 am
Cybercrime as a Service–Our Future? It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud – like any other business. Some way ba
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 12, 2011, 4:01 am
It is not really surprising that the criminals will leverage the economy of Cloud Computing for their illegal purposes. Especially activities, which consume a lot of processor power will be moved to the Cloud – like any other business. Some way Related posts:Council of Europe – Octopus Conferen...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 8, 2011, 3:00 am
Dilbert on Cloud Computing The worst thing is, that there is some truth in that: At least, this is what I see often, before I talk to customers Roger
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 7, 2011, 7:26 am
The worst thing is, that there is some truth in that: At least, this is what I see often, before I talk to customers Roger Related posts:Cloud Computing: Benefits and Risks of Moving Federal IT into the Cloud Insider Threat of Cloud Computing Dilbert on Piracy Related posts:Cloud...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 7, 2011, 3:00 am
Exciting News from the Consumer Electronics Show in Vegas After the launch of different products for the consumer, businesses and in the Cloud, Steve Ballmer opened CES today in Las Vegas. You should look at it. There are a few very cool announcements: Or directly from the CES webpage. Rog...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 6, 2011, 7:05 am
After the launch of different products for the consumer, businesses and in the Cloud, Steve Ballmer opened CES today in Las Vegas. You should look at it. There are a few very cool announcements Roger . . . → Read More: Exciting News from the Consumer Electronics Show in Vegas Rel...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 4, 2011, 3:00 am
Targeted Attacks: The Biggest Risk in 2011? Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night. BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears I think that this is a real issue and very hard to f
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Jan 3, 2011, 1:01 pm
Since quite a while, I am saying that targeted attacks are the risks, which really keep me up at night. BBC just posted a similar article: Cyber-sabotage and espionage top 2011 security fears I think that this is a real issue and very hard to f Related posts:Targeted Attacks -the “Real” Problem...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 26, 2010, 3:00 am
And you think you have security problems? Merry Christmas Roger
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 25, 2010, 9:28 am
Roger No related posts. No related posts.
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 23, 2010, 3:00 am
My Blackberry Is Not Working! That’s absolutely great and worth spending the few minutes – enjoy: Roger
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 22, 2010, 5:04 pm
That’s absolutely great and worth spending the few minutes – enjoy: Roger No related posts. No related posts.
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 13, 2010, 3:45 am
Well, this question was not asked by me but by a guy called Joe Wilcox on Betanews: I sold my soul to Google, can I get it back?. He raises a few points I never really thought of: While the organizations all charge something, not one puts content be Related posts:Why Google Won’t Beat . . . → ...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 10, 2010, 3:00 am
On the effectiveness of DEP and ASLR Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR. There is a lot of information on how both raise the bar
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 9, 2010, 9:40 am
Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR. There is a lot of information on how both raise the b Related posts:Summary of Bitlocker Discussions Asse...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 6, 2010, 3:00 am
Mitigating the use of Local Admin We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a gu
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 5, 2010, 4:17 pm
We recently had internal discussions on the use of local admin and how to mitigate it. During this, Richard Diver, a Premier Field Engineer in APAC, wrote a great article how to do it. I wanted to make sure, you can see this as well. So, this is a gu Related posts:Running as Non-Admin . . . → Re...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 3, 2010, 3:00 am
Behind the Curtain of Second Tuesdays: Challenges in Software Security Response You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microso...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 2, 2010, 7:53 am
You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin Related posts:Legal Challenges of International B...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Dec 1, 2010, 3:00 am
Publishing Secret or Sensitive Information With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. A&#...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 30, 2010, 3:10 pm
A quick one: An interesting download location: With the SDL Quick Security References (QSR), the Security Development Lifecycle (SDL) team introduces a series of basic guidance papers designed to address common vulnerabilities from the Related posts:The Impact of the Security Development Lifecycl...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 30, 2010, 10:34 am
With a lot of interest I followed the media on the latest Wikileaks’ publication of sensitive documents from the US Government. At least here in Europe, there is a huge debate whether this publication is really problematic for the United States. Related posts:Council of Europe – Octopus Confere...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 22, 2010, 2:34 am
Yes, not only gray Seriously, we commissioned a study to see what the impact of cloud computing is not only to efficiency but the the environment. Can you save CO2 by moving to the cloud? I think something, we do not look at often enough. Related posts:Can cloud security ever work? Data Governan...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 19, 2010, 8:26 am
Just a quick one. Our Global Foundation Services organization (the ones who run our datacenters) just published a new whitepaper: Information Security Management System for Microsoft Cloud Infrastructure This paper describes the Related posts:Securing Microsoft’s Cloud Infrastructure Why Google...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 16, 2010, 10:19 am
There were just new resources released for the Security Compliance Manager: the Windows Server 2008 R2 Security Baseline and the Office 2010 Security Baseline, and setting packs for Windows 7 and Internet Explorer 8. This packs help you to manage Related posts:Microsoft Security Compliance Manager:...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 16, 2010, 3:00 am
Basic Malware Protection for Free? It is kind of strange, whenever I talk to governments and customers, everybody seems to agree that basic malware protection should be for free or even integrated into the OS. I am talking about malware, which is “installed” by the user as well…
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 15, 2010, 4:37 am
It is kind of strange, whenever I talk to governments and customers, everybody seems to agree that basic malware protection should be for free or even integrated into the OS. I am talking about malware, which is “installed” by the user as well Related posts:One year free anti-malware and what w...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 15, 2010, 3:00 am
Fixing Risk Management Since quite a while I am not satisfied with the way we (in the industry) are doing risk management. In my early days, before I was actually entering the security space, I was doing project management and as part of it risk management. The way we did
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 15, 2010, 2:15 am
Since quite a while I am not satisfied with the way we (in the industry) are doing risk management. In my early days, before I was actually entering the security space, I was doing project management and as part of it risk management. The way we d Related posts:Security Compliance Management – So...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 13, 2010, 3:00 am
The Value of Government Clouds We recently released a paper called The Economics of Cloud Computing for the EU Public Sector, which is actually valid for every other European country as well as it is not too narrowly focused on the EU only. Additionally there is a US-version of the paper as we...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 12, 2010, 6:59 am
We recently released a paper called The Economics of Cloud Computing for the EU Public Sector, which is actually valid for every other European country as well as it is not too narrowly focused on the EU only. Additionally there is a US-version of the paper as well. Now, Gartner commented on it as w...
Comment - Like

Roger H. posted an article on Roger's Blog on Security - Nov 12, 2010, 3:00 am
Hotmail now with full-session SSL If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS e
Comment - Like