Spying on Smartphones

I was recently at an event for Law Enforcement where one of the discussion points was how critical it is to protect Smartphones – actually it was more about how easy to would be to claim that my Smartphone was hacked and how proof can be found. That you should run Anti-Malware software on phones,…


SQL Injection – again?

This week I had – again – a longer mail thread on SQL Injection attacks. Probably it caught me at the wrong moment, as it was a very long week preparing for the IE Out of Band making sure everybody knows what they have to do. And then… I was actually pinged by our office…


Stealing the Empire State Building in 90 Minutes

You do not trust e-Business? Why do you trust “normal” business then? Read this: Newspaper ‘Steals’ Empire State Building in Just 90 Minutes Roger


Internet Explorer Security Update Ready

Go out there and install the update immediately now. Here is the bulletin: MS08-078 – Security Update for Internet Explorer (960714) If you think that you could be infected, run a scan with the online Windows Life OneCare Safety scanner which finds the malware based on this exploit as far as we know it. Roger


IMPORTANT: IE Vulnerability: Out of Band Release Scheduled for Tomorrow

Just as a short notice: We just started to communicate that we will release a security update for the Internet Explorer vulnerability. At the moment, the update is schedule to be released approx 10:00 am PST (19:00 CET) tomorrow. Have a look at the Advanced Notification which you can find here: http://www.microsoft.com/technet/security/bulletin/ms08-dec.mspx Please start immediately…


Videos about the latest Security Development Lifecycle

I know that this is not particularly news but nevertheless it could well be that the non-developers out there have not yet seen this. During TechEd EMEA for Developers we announced several things around SDL and had some speeches. Some of them are public including interviews with people like Michael Howard: Video on the Announcements…


Vulnerability in Internet Explorer Could Allow Remote Code Execution

You know that I rarely blog on Advisories we publish unless they are heavily critical. I just want to make sure that you have seen this. MSRC (the Microsoft Security Response Center) constantly updates this advisory with workarounds. Please take this very, very serious: Microsoft Security Advisory (961051) Details on updates by MSRC Details from…


Privacy Video Competition

On January 28th the European Union is holding the Data Protection Day. To prepare for that, they are holding a competition for young people from 15 to 19 to express their views about online privacy. Here is the teaser: Surf the net – Think privacy! So, please spread the word! Roger


Europol High Tech Crime Experts Meeting 2008

I recently had the great opportunity to join the Europol High Tech Crime Experts Meeting 2008 in Den Haag. This is mainly a get together of the High Tech Crime leads of the EU Law Enforcement agencies and countries where they have a close relationship with (e.g. Switzerland, Norway, Canada etc). Additionally there are a…