All good things must come to an end

This is an excerpt from a mail I sent out internally today: The sands of time seem finally to have run their course. On September 1 I will not only celebrate the 5-year anniversary of my time here at Microsoft but also my departure from the company. On September 5 I start a new job…


How LMCompatibilityLevel really works

A while ago I once again got frustrated by LMCompatibilityLevel and the amount of confusion that is out there about it. There was also an intriguing thing in the SAMBA documentation that they (incorrectly) called “NTLM2 Session Response” that needed figured out. The results are in the latest issue of TechNet Magazine. One additional thing…


Required Attributes of Security Solutions

I’ve been trying to come up with a list of attributes that a security solution needs to have to be complete and sufficient. The idea is to develop a set of attributes that can be used when analyzing security to see if it fulfills the needs of the situation. Obviously, risk management is the most…


Microsoft Purchases Winternals

In a very interesting twist Microsoft today announced the acquisition of Winternals and Sysinternals. This is really interesting news and I am glad to see Mark Russinovich and Bryce Cogswell getting to have more of an impact on the Windows product.


How many vulnerabilities are there really?

Just in case your are of the vulnerability counting type, you may be interested in an analysis posted by my friend Jeff Jones in his blog. Jeff has done some pretty amazingly detailed analysis of the number of vulnerabilities in each of several products.