Consumerization of IT–How to address this
Bring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that they have a hard time figuring out, how to secure such an environment; very, very ...
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Vulnerability Disclosure to Compete? By Roger Halbheer, on June 11th, 2010 As you know (I stress that fairly often  ), I am Swiss. The reason why I am stressing this today is that I want to give you an example on security from the Swiss market: The banks here on place compete with each other – obviously. However, I have never seen the banks competing on security. They never use for example new authentication schemes in eBanking to compete. There is nothing like “our eBank is more secure than our competitor’s” or “have you seen, our competitor was just successfully phished”. The reason for that is fairly simple: The whole banking system will lose as trust will erode in the ecosystem as such if they start to blame each other and this is not to the advantage of all the banks.
Why do I tell you this? Well, as you know, we at Microsoft are promoting responsible disclosure of vulnerabilities since years. We do not buy vulnerabilities and if we find vulnerabilities in third party products, we let the vendor know and help them to fix the issue. This is to protect the ecosystem, to protect our customers as public, irresponsible disclosure puts all our joint customers at risk.
By the way, on a side-note I want to make sure you have seen the advisory we release yesterday on a Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution as it might be important for you to understand the workarounds. The history of this vulnerability can be found here: Windows Help Vulnerability Disclosure. I just want to quote the blog post: This issue was reported to us on June 5th, 2010 by a Google security researcher and then made public less than four days later, on June 9th, 2010. Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk
…
Roger
Related posts:
- Microsoft Security Intelligence Report – What it means for EMEA
- Update on the Khobe “vulnerability”
- H1 OS Desktop Vulnerability Report – Get It Now
- Selling Vulnerabilities and Ethics
- IE Vulnerability: Going Out of Band
Leave a Reply
|
|
|
[...] blogged about the vulnerability which was publically disclosed by a researcher working for Google earlier this month. In the meantime the attacks started to increase. I think that it would be important for you to [...]
obviously like your web site but you need to check the spelling on several of your posts. A number of them are rife with spelling problems and I in finding it very bothersome to tell the truth nevertheless I’ll certainly come back again.