I am in the position of the Chief Security Advisor in Europe, Middle East and Africa since February 1st. Since then I am blogging here (before that I ran together with Urs the Swiss Security Blog). The hits per post rose over the first 6-7 months but now started to slowly drop. However, looking at…


IE and Firefox vulnerabilities

I am still convinced that there is limited value in comparing vulnerabilities between different products. However, there are a few products which seem extremely emotional: The Operating System, Office, and the browser. We already discussed pretty emotionally (I liked that actually) the Operating System part. Office came into the spotlight in the last few days…


Hackers using Playstations to crack Passwords

A reader of my blog actually pointed me to that (thank you Shoaib) and asked me for a comment. Here is the article: PlayStation a hacker’s dream. It is really an interesting thing: Gaming consoles today have quite some computing power, so why should the bad guys not use them to do some brute force?…


Security Threats in 2008

Well, slowly the year is coming to an end – 10% to go J. This is the time where everybody is looking back and – additionally – tries to look into the Crystal Ball to understand how 2008 could be. Interestingly enough, I just had the discussion about the trends for 2008 this morning with…


Teach a Man to Fish

I just read a pretty good article that goes definitely into the direction I am trying to work with the different communities we are in touch. Even though technology is a key part of any security solution, the user is key and explaining the user the “why” is even more important. Read yourself: Teach a…


I was visiting Nigeria – watch out!

You know that I rarely did trip reports in the past. I am personally convinced that you do not want to read, what I had for breakfast in Barcelona. But this trip was different. When I told the people around me that I will be travelling to Nigeria I got a lot of different reactions…


Are you ready for your users of the (near) future?

Yankee Group Study Actually near future might be wrong: I am convinced that the future (with regards to the requirements) is already here. We sponsored a study with Yankee Group with the title Anywhere Access Technologies – Open Enterprise Networks. I read through it and tried to analyze the key findings in there: more than…


The Value of Operating System Comparisons

Since Blaster/Slammer, namely since the start of Trustworthy Computing I am working at Microsoft in a publically facing security role. I went through all the blaming and had to take all the heat of what we did wrong and how bad we are – and I admitted there and still do today that security was…


Want to check your Up- and Download-Speed

I just stumbled across a pretty cool website allowing you to measure your up- and download speed wherever you are. Additionally you can compare it with others: Roger


More than 490’000 Database Server unprotected on the Web

David Litchfield ran a scan on the Internet for the typical SQL Server and Oracle ports. It is unbelievable that he found approx. 490’000 servers on the Internet – unprotected and often un-patched. On unsupported version levels, on unsupported Service Packs. What is going on there? Are these test servers nobody cares of (they are…