Free Security Support Number For Your Region

At an event in Germany today the issue came up how to access the free security support in your region. For a couple of years now Microsoft has offered no-charge support for security issues. However, the number is different in different regions. To find the number in your region, go to:


What is a "zero-day"?

Once again, it seems misguided reporters have appropriated a technical term and are misusing it in ways to confuse the field. “Hacker” was not the first term they ruined, but it is still the one that irks me the most. The primary definition of “Hacker,” is of course “a person who creates and modifies computer…


I Really Do Not Hate Hardening Guides

Unfortunately, it seems that people are getting the impression that I hate hardening guides. A few people told me that after I delivered the “Security Myths” presentation at Microsoft’s Federal Security Summit West last week. It is really not the case. I do not hate hardening (or security) guides. In fact, I really like them -…


Going Wild With Administrative Accounts

Today I got a question that reminded me that I have not written a whole lot about how to manage the accounts used by system administrators. The question was whether I could think of any reasons why you would share an administrative account between several people, other than for the sheer convenience of it. My…


Are we too simplistic in how we think about risk?

Yesterday I had a fascinating meeting where we discussed a number of theoretical concepts, including how we think about risk. Risk, of course, should be the driver in everything we do in information security, and risk management should be the discipline that guides us. The problem with risk is that it is a very nebulous concept….


Why your comments no longer automatically show

Just a quick note to let you know why your comments to my blog no longer show up automatically. It turns out that someone decided my blog was a good place to post ads for online pharmacies, gambling, and all that other stuff that we apparently do not get enough of in e-mail. The other…


More Security Myths

About a year ago Steve Riley and I built a presentation based on a set of security myths we put into the book. It was one of the most popular presentations we have ever made, and we kept coming up with more myths every time we delivered it, or talked to people, or sat long…


Upcoming engagements

The schedule for Spring 2006 is in full swing. Just in case anyone is interested in meeting up with me somewhere in the world (or has some new gig they think I should go to) I thought it makes sense to post my schedule here. February 6 and 7 – Albuquerque, NM for a training…


Windows Firewall: the best new security feature in Vista?

It is interesting how some of the best security features in Windows receive either no attention, or get criticized for the strangest reasons. Case in point: Windows Firewall is one of the best firewalls out there, and yet much of the talk about it are complaints that outbound filtering is disabled by default. I believe there are…