|
||||||
10 Years of Trustworthy Computing at MicrosoftBefore joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ... 
10 Reasons to migrate off Windows XPI would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ... 
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and SecurityA long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ... 
Cybersecurity–More than a good headlineA lot of governments all across the globe are working on starting, restarting or pushing their Cybersecurity initiative. What often concerns me is, that the last real headline has more impact on the strategy and the themes to be addressed than a structure or a plan or a strategy. This made us thinking about what is needed to run a successful Cybersecurity Agenda within a country? What themes ought to be ... 
The Australian Defense Signals Directorate maintains a list of the Top 35 Mitigation Strategies against targeted intrusions. This is just a reference to the top strategies: Patch Applications Patch the Operating System Minimize the use of local admin Application whitelisting … Looking at these 35 strategies, the DSD claims that While no single strategy can . . . → Read More: Implementing the Top 4 Defense Strategies A few years ago I posted on DaRT after having seen it: Microsoft Diagnostics and Recovery Toolset. It is a really good an interesting tool for a lot of problems, one of them being incident response. I just stumbled across one article describing this: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response. . . . → Read More: Using the Microsoft Diagnostics and Recovery Toolset (DaRT) for Incident Response A while ago we released the Microsoft Security Update Guide to explain how we release security updates and how you should/could work with our updates. It encompasses these themes: Get to know the security update release process Learn how to evaluate risk See how to mitigate security risks Understand how quickly you need to apply . . . → Read More: Microsoft Security Update Guide, Second Edition As attacks are moving up the stack, PDF becomes the number 1 exploited file type. Make sure you patch all your applications . . . → Read More: Attacks on Application Level You might know about Bluehat, which is an internal security conference we run several times an year. Some of the presentations we record and make them publically available. There is a really good one on the Microsoft Security Response Center. Dustin (the presenter) blogged on it Behind the Curtain of Second Tuesdays: Challenges in Software . . . → Read More: Behind the Curtain of Second Tuesdays: Challenges in Software Security Response We all know that Windows XP is rock-solid but not capable anymore to defend against today’s attacks and the same is true for IE6. Having been great products, when they were launched, the threat landscape changed significantly since then. Windows 7 has a great potential to help customers now move away from Windows XP and . . . → Read More: Move to latest versions – for security reasons What is your view?: Stuxnet: Future of warfare? Or just lax security? Roger As soon as zero-days appear on the Internet, two things happen: Somebody publishes an exploit and somebody else an unoffical patch. How trustworthy are such updates? How should you handle them? It is all about risk management! . . . → Read More: The Risks of Unofficial Patches I just wanted to remind you: The support for Windows XP SP2 ends today. I hope that this does not catch you by surprise. If you need all the information about which kind of support ends when for which product, please consult out Lifecycle page. If you have a Premier Support contract with us, your . . . → Read More: Support for Windows XP SP2 ends today! |
|
|||||
|
Copyright © 2012 Roger Halbheer on Security - All Rights Reserved |
||||||
