Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Improvement in Incident Response: ICASI launched
At FIRST in Vancouver the formation of the Industry Consortium for Advancement of Security on the...
Author: rhalbheer Date: 06/27/2008
Hyper-V is {Here}
We just released Windows Server 2008 Hyper-V to manufacturing. You can find more information on our...
Author: rhalbheer Date: 06/26/2008
Deploying Forefront Client Security at Microsoft
A question I often get is "How does Microsoft solve the problem x in their IT?" (e.g. How does...
Author: rhalbheer Date: 06/26/2008
New Information on SQL Injection Attacks
I just wanted to make sure that you have seen the Advisory (Rise in SQL Injection Attacks Exploiting...
Author: rhalbheer Date: 06/24/2008
Links to Microsoft Security Pages
Our Chief Security Advisor in Italy spent quite some time to collect a list of web-pages and blogs...
Author: rhalbheer Date: 06/24/2008
Bitlocker™ completes FIPS 104-2 Certification
I am very proud for the product team to tell you that Windows Vista Bitlocker™ completes FIPS 140-2...
Author: rhalbheer Date: 06/19/2008
Issue deploying updates with SCCM 2007
There seems to be some problems deploying the latest security updates with System Center...
Author: rhalbheer Date: 06/16/2008
Server Core in our Security Bulletins
A question that was often raised after the launch of Windows Server 2008 was about Server Core and...
Author: rhalbheer Date: 06/11/2008
Are we talking about the right things?
I am in Qatar at the moment at the Doha Information Security Conference. They actually have a very...
Author: rhalbheer Date: 06/10/2008
Security Compliance Management – Solution Accelerator Available
I wrote about it as we released the Beta. Now, the Solution Accelerator for Security Compliance...
Author: rhalbheer Date: 06/07/2008
The Emancipation of Hackers
In the world of Chinese Hackers there seems to be a group especially for female hackers. I just read...
Author: rhalbheer Date: 06/04/2008
On-Premise vs. On-Demand (or SaaS) – A Quocirca Report
I was made aware of a pretty good report on Software as a Service Quocirca did in collaboration with...
Author: rhalbheer Date: 06/04/2008
Windows Server 2008 PKI and Certificate Security
Fresh out of press (ok, it is out since beginning of April but I just saw it now): Brian Komar, the...
Author: rhalbheer Date: 06/03/2008
Service Oriented Architecture and the Security Implications
I was just posting on SOA and the Security Implications of it from a CIO/CSO perspective on my other...
Author: rhalbheer Date: 06/03/2008
The “successful” attack on Cardspace
I guess you read it as it was pretty wide-spread in the press in the last few days: On the...
Author: rhalbheer Date: 06/02/2008
New Guidance on the SQL Injection Attacks
We just published yesterday two new pieces of guidance for the latest SQL Injection attacks, which I...
Author: rhalbheer Date: 05/31/2008
Microsoft Advisory for Safari Flaw
I posted yesterday on the Safari flaw (Why Apple has to fix the Safari flaw) as Apple did not...
Author: rhalbheer Date: 05/31/2008
The latest SQL Injection Attacks
Well, there was quite some chatter over the last few weeks with regards to the massive defacements...
Author: rhalbheer Date: 05/30/2008
Why Apple has to fix the Safari flaw
Remember me talking about Is Security Research Ethical? I made a statement in there when it comes to...
Author: rhalbheer Date: 05/30/2008
How to sell security
I just read this essay by Bruce Schneier: How to Sell Security. This is definitely a must-read in my...
Author: rhalbheer Date: 05/27/2008
How to Hack Windows Vista
No, no. For sure. I am not going to give you advise how to hack – but look at this video:...
Author: rhalbheer Date: 05/27/2008
Two Important Whitepapers on Windows Server 2008
If you are planning to implement Windows Server 2008, there are two paper recently published that...
Author: rhalbheer Date: 05/26/2008
Researcher at Microsoft Research wins ACM award for Privacy Protection
I just read this article on Cryptography Expert Wins ACM Award for Advances in Protecting Privacy of...
Author: rhalbheer Date: 05/26/2008
Adding additional File Formats in Office 2007 SP2
We just announced that we will add support for additional file formats in Office System 2007 SP2....
Author: rhalbheer Date: 05/22/2008
Is Security Research Ethical?
Shoaib's blog actually pointed me to a pretty interesting article called Face-Off: Is vulnerability...
Author: rhalbheer Date: 05/22/2008
Analysis of the Estonian Attacks
I just read a paper on the political analysis of the Estonian Attack. If you are interested reading...
Author: rhalbheer Date: 05/21/2008
You know about PDOS?
Well, I know DOS, I know DDOS, but I never knew PDOS until today: there seems to be a new way to...
Author: rhalbheer Date: 05/21/2008
Security Risks of Virtualization
One fact strikes me pretty often: Companies have the problem that they have legacy software running...
Author: rhalbheer Date: 05/20/2008
Learnings on Publishing SharePoint on ISA Server
Here Blogging on MOSS 2007 (SharePoint) I talked about the way I use SharePoint and a Codeplex...
Author: rhalbheer Date: 05/20/2008
Storm coming back?
I just read first reports that Storm is coming back as we speak. This is frightening but shows the...
Author: rhalbheer Date: 05/20/2008
Selling Vulnerabilities and Ethics
Shoaib just blogged on Hacking & Security Community - Ethical or Unethical?. To start with: I do...
Author: rhalbheer Date: 05/18/2008
The Best Security Blogs on the Web
Well, this is not what I am claiming to have…. This is what I am looking for. At the moment, I am...
Author: rhalbheer Date: 05/17/2008
Bug Hidden for more than 25 Years
Wow, this was impressive: A Swiss Developer posted on Saturday a blog that he found a bug which...
Author: rhalbheer Date: 05/14/2008
Opening a File (Dilbert)
Ever tried to open a file? Roger
Author: rhalbheer Date: 05/12/2008
How a Botnet looks like
If you would like to know a little bit more on botnets and how they actually look like, there is a...
Author: rhalbheer Date: 05/09/2008
The Debate on Security Metrics
Recently I was sitting on a panel which was pretty heterogeneous: There was a representative from...
Author: rhalbheer Date: 05/09/2008
Microsoft is winning the NAC war
I just read an interesting chat with Joel Snyder from Opus One who did Interop testing on the...
Author: rhalbheer Date: 05/08/2008
How Microsoft IT does Threat Analysis
I wrote on that already earlier. We make processes and tools available how we internally do Threat...
Author: rhalbheer Date: 05/05/2008
8 Dirty Secrets Of The Security Industry
I just read this article called 8 Dirty Secrets Of The Security Industry, which seems pretty nasty....
Author: rhalbheer Date: 05/03/2008
The Dumbest Thief of the Month
If there would be a price for the "Dumbest Thief of the Month", this guy deserves #1: Texan tries to...
Author: rhalbheer Date: 05/03/2008
Public Testing for Office
Are you working on Office System 2007? Ever looked for a command, you knew in 2003 exactly where it...
Author: rhalbheer Date: 04/30/2008
The recent IIS Attacks
There has been a lot of discussions in different blogs on the attacks on IIS servers. Microsoft...
Author: rhalbheer Date: 04/29/2008
Securing your Web Browser
Cert.org published guidance on how to secure your browser. Here you would find them if you are...
Author: rhalbheer Date: 04/29/2008
Best Practices for Microsoft PKI & Certificate Management
You might know Brian Komar. He wrote numerous books on PKI and Certificate Management and he is a...
Author: rhalbheer Date: 04/29/2008