Roger's Security Blog
As Chief Security Advisor of Microsoft EMEA - lets share interesting security information
Office Binary Document Formats: Specification
Last Friday we announced the availability of the Office Binary Format Specification (doc, xls, ppt)...
Author: rhalbheer Date: 02/17/2008
TV-Interview during IDC Security event in Belgrade
As you have seen in my post The Fun of Travel, I was in Belgrade this week. It was the opening event...
Author: rhalbheer Date: 02/14/2008
The „fun“ of travel
Well, there are people who keep telling me that travelling is fun. Let me tell you a story (true,...
Author: rhalbheer Date: 02/12/2008
What is a „Kill-Bit“?
We often refer the kill-bit in our Security Bulletins when it comes to ActiveX or COM-objects as a...
Author: rhalbheer Date: 02/09/2008
EISAS – European InformationSharing and Alert System – an ENISA Feasibility Study
ENISA just recently published a pretty interesting study with the title EISAS – European Information...
Author: rhalbheer Date: 02/08/2008
Securing My Infrastructure: Risk Management
This is a follow-up of my last post about how I secure my environment. If you want to read the start...
Author: rhalbheer Date: 02/05/2008
Windows Vista SP1 and Windows Server 2008 RTMed!
It's here now and ready to go: We just announced that we RTMed Windows Vista SP1 and Windows Server...
Author: rhalbheer Date: 02/04/2008
Oracle’s answer with regards to Security Patches
You probably remember my post regarding Oracle DBAs rarely install patches. It was about a study...
Author: rhalbheer Date: 02/04/2008
Dependant on the Internet? Not me!
I was reading this article this morning Internet failure hits two continents and was thinking about...
Author: rhalbheer Date: 02/01/2008
Microsoft Windows CardSpace and the Identity Metasystem
A friend of mine (Ole Tom Seierstad, the Norwegian CSA) just published a very interesting article on...
Author: rhalbheer Date: 01/31/2008
Securing My Infrastructure: Introduction (part 2)
Looking at Jacks comment to my initial post this morning (Securing My Infrastructure: Introduction)...
Author: rhalbheer Date: 01/29/2008
LiveMessenger Trojan in the Wild
At the moment we are tracking a Trojan that is spreading through Messenger and AIM. It is called...
Author: rhalbheer Date: 01/29/2008
Usually our customer support is not THAT bad (taking 10 years to call back :-))
Microsoft Customer Service Calls Back 10 Years Later Roger
Author: rhalbheer Date: 01/25/2008
“Creative Capitalism” by Bill Gates
In Wall Street Journal there is a preview on Bill's speech today at World Economic Forum (they are...
Author: rhalbheer Date: 01/25/2008
Was the plain crash caused by hackers?
If Al Qaida really has these capabilities, I am starting to get scared when I have to fly (which...
Author: rhalbheer Date: 01/24/2008
CERT’s Secure Coding Standards
Something that might be worth looking at: Carnegie Mellon's CERT just published two Secure Coding...
Author: rhalbheer Date: 01/24/2008
Jeff’s Vista One-Year Vulnerability Report
Jeff released another report: He is looking back into one year of Windows Vista. We had the...
Author: rhalbheer Date: 01/24/2008
What can you do if you are a victim of e-crime?
I think that there is a very good example of how a platform could be offered for victims of cyber...
Author: rhalbheer Date: 01/21/2008
2-year old terrorist
Well, this is not new: Government agencies with insecure websites. Actually I did not want to blog...
Author: rhalbheer Date: 01/16/2008
Investigating new public reports of Excel vulnerability
I guess, you have seen this but I just want to make sure: Vulnerability in Microsoft Excel Could...
Author: rhalbheer Date: 01/16/2008
Oracle DBAs rarely install Patches
Wow, this is scary: A company called Sentrigo just published a study about how DBAs patch Oracle...
Author: rhalbheer Date: 01/15/2008
Participate in the Windows Server 2008 Security Guide Beta program!
We just started the Beta program for the Windows Server 2008 Security Guide. So, if you plan to roll...
Author: rhalbheer Date: 01/12/2008
Hacker sent to jail
You remember my post on The Economy of Cyber-Crime? One of my claims was, that you need to work with...
Author: rhalbheer Date: 01/12/2008
Even the FBI has to pay the bills
No comment: FBI wiretaps dropped due to unpaid bills Roger
Author: rhalbheer Date: 01/12/2008
Video about the future: Bill Gates’ last day at Microsoft
Watch this: https://video.msn.com/video.aspx?mkt=en-us&vid=be9075bb-df0a-41c9-8d86-7ded46627e26...
Author: rhalbheer Date: 01/07/2008
How to Phish yourself :-)
A guy in the UK wanted to prove that the loss of two CDs is not really serious and published his...
Author: rhalbheer Date: 01/07/2008
Hacking a Boeing 787
It seems that the new dreamliner has a serious security vulnerability: FAA: Boeing's New 787 May Be...
Author: rhalbheer Date: 01/06/2008
Extranet Collaboration Toolkit for SharePoint - Beta
Working together within different organizations and companies is always a big challenge. How can you...
Author: rhalbheer Date: 01/06/2008
You thought Worms are gone? Think again!
I am one of the security guys saying that the likelihood for us seeing events like Blaster or...
Author: rhalbheer Date: 01/05/2008
Analysis of recent vulnerabilities
Michael Howard just wrote a post about recent vulnerabilities of third-party applications he looked...
Author: rhalbheer Date: 01/05/2008
IPSec Interop
Based on my post about IPSec, Steve Lamb posted about IPSec Interoperability and has an interesting...
Author: rhalbheer Date: 01/01/2008
I could not resist...
... on the one hand to wish you all a Happy New Year - but on the other hand: This is the view I had...
Author: rhalbheer Date: 01/01/2008
The PICNIC Problem
I hope you know the PICNIC problem (Problem in Chair not in Computer) – it happened to me L. I get a...
Author: rhalbheer Date: 12/28/2007
How the security magic happens at Microsoft
This is cool: Microsoft Security Elves Roger
Author: rhalbheer Date: 12/28/2007
I am gone – now :-)
Well, not really but I will now leave for the mountains and go skiing for the next week. Therefore,...
Author: rhalbheer Date: 12/28/2007
Insights into our Security Vulnerability Research
Secure Windows just started a blog which could be of interest for you as well. They will give some...
Author: rhalbheer Date: 12/28/2007
Insight into IPSec
I hope you enjoyed Christmas as much as I did (now working on losing weight again J). Soon I will be...
Author: rhalbheer Date: 12/27/2007
Consumer Trust in e-Business
If the light of the latest outreach we did around scam (Lottery Scam – The voice of the victim),...
Author: rhalbheer Date: 12/21/2007
You are hacked – by your toaster :-)
I just read this this morning Man Uses Toaster to Hack Computer. Is this now funny or scary? Roger
Author: rhalbheer Date: 12/15/2007
HP confirms vulnerabilities on 82 Laptop models.
Remember this post OEMs: Join in to "Secure by Default"? I wrote it in June… Now, HP just confirmed...
Author: rhalbheer Date: 12/15/2007
“Keep Everything Clear of the Doors”
Ed Gibson, the Chief Security Advisor in the UK just wrote an interesting article, I would like to...
Author: rhalbheer Date: 12/14/2007
Have a look at Server and Domain Isolation
I am often talking about different zones in the network and how you can create them. There is no a...
Author: rhalbheer Date: 12/13/2007
How to Build a Bomb
Well, only partly. I commented several times already about WabiSabiLabi. I especially like their...
Author: rhalbheer Date: 12/12/2007