10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Cybersecurity–More than a good headline
A lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy.
This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ...
Security Risks of VoIP By Roger Halbheer, on May 20th, 2008 Internet Telephony Has Security Problems: This was an interesting read this morning for different reasons:
- First of all, it is not surprising (even if we would not have known the problems it would have to be expected).
- I liked the statement: The goal is to raise awareness about flaws in these systems – and create a market for VoIPshield’s product… – This is the scary part: It is not about the security of the environment or the ecosystem but about sales.
- But then: Dalmazzi says he tried unsuccessfully to get the attention of the VoIP makers, including shoving a business card with a note describing the vulnerabilities he’d discovered into one executive’s hand at a conference. One company told us that it wants to learn more about the vulnerabilities but has had difficulty working with VoIPshield. In other words, it isn’t a clean process. It seems that there are still too many companies not being able to handle this kind of information (if it is really true). I guess today, if a Microsoft person is made aware of a vulnerability (and for sure an Exec), even if they do not know the process exactly, they would definitely know whom to ask and from there on it is a defined process.
- When I worked in Switzerland we created a CSO Roundtable called Swiss Security Exchange, where we discussed current challenges with CSO. Two years ago, the core theme there was – you guess it – VoIP! If you interested in the results of the discussion, here you find the summary.
Roger
Related posts:
- Security Risks of Virtualization
Leave a Reply
|
|
|
