The Enhanced Mitigation Experience Toolkit is definitely not new but I recently realized that not too many people know about it – and they should. EMET helps you to raise your shields against zero-days and any exploit in the wild. I do not say that it is a silver bullet but it is definitely going . . . → Read More: EMET–Protection Against Zero-Days
|
||||||
10 Years of Trustworthy Computing at MicrosoftBefore joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ... 
10 Reasons to migrate off Windows XPI would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ... 
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and SecurityA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ... 
Cybersecurity–More than a good headlineA lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ... 
A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset. It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response. . . . → Read More: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response A very good overview over the way we run Microsoft’s Cloud. The interesting thing is – if you look at the video – that most customers are still running their datacenters on generation 1-2, which means that the efficiency (labor as well as energy) we can deliver is significantly higher – not talking of our . . . → Read More: Video on Microsoft’s Datacenter You heard about the launch of Office365 recently and I hope you read the blog post on the application of the Cloud Computing Security Considerations to the private. cloud. If not, here it is: Security Considerations in a Private Cloud To complete the series now, we released an additional paper on how these considerations can . . . → Read More: Cloud Security in Office365 One of the things which surprises me often, when talking to customers is, that they do not know, when certain (key) products run out of support – and therefore no security updates will be shipped. You should include the following dates in your plans: Windows XP Home: Mainstream support ended 4/14/2009 Windows XP Professional: Extended . . . → Read More: Windows Lifecycle and Support Quite a while ago, I blogged about the File Classification Infrastructure in Windows Server 2008 R2: File Classification Infrastructure in Windows Server 2008 R2 File Classification Infrastructure:More content In my opinion, this is an interesting tool, built in to your server platform. Now, we just published a paper about how we use this File Classification . . . → Read More: How Microsoft Uses File Classification Infrastructure Actually, there is not much to say about this. It is a blog post by CanegieMellon called A Security Comparison: Microsoft Office vs. Oracle Openoffice and just does what it says. However, I do not particularly like the security comparison of products built solely on vulnerabilities as this shows only one side of the equation . . . → Read More: A Security Comparison: Microsoft Office vs. Oracle Openoffice On March 24th, we got the certificate for the Common Criteria certification for Windows 7 and Windows Server 2008 on EAL 4+. Here are the certified products: http://www.commoncriteriaportal.org/products/ and here you find the certificate. A great job by the team – congratulations! Roger Forbes posted: The World’s Most Ethical Companies. I quote: The Ethisphere Institute, a New York City think tank, has just announced its fifth annual list of the World’s Most Ethical Companies. The selection, open to every company in every industry around the globe, gives its winners an opportunity to trumpet their do-gooding ways. It is . . . → Read More: Ethisphere Institute: Microsoft amongst the world’s most ethical companies Microsoft Malware Protection Center published a document on Battling the Zbot Threat, a special edition of the Security Intelligence Report. It is a very good document, worth looking at. This is the intro (to make you curious for more): This document provides an overview of the Win32/Zbot family of password-stealing trojans. The document examines the . . . → Read More: Fighting a Botnet |
|
|||||
|
Copyright © 2012 Roger Halbheer on Security - All Rights Reserved |
||||||
