Security of Car Software

We have seen some of the attacks recently, where people started to attack either the locks or the technology/software in the car itself controlling the chassis etc. On DarkReading I was just reading this article: Car Systems Reminiscent of Early PCs One of the things I do not get with cars is the way they…


Cloud computing providers: Clueless about security?

To me, one of the benefits of moving to the Cloud is security – obviously besides availability and costs. Recent incidents made me doubt: Amazon not only having significant downtime but in the same time losing customer data. Sony’s game network being significantly compromised. This is definitely not to blame them but I was heavily…


Rediscover Microsoft Security Guides

Fairly often I am asked whether the Security Guides for our products still exist. The good news is: They do. The bad news is: They are called differently The previously stand-alone Microsoft product-specific security guides are now included within the Microsoft Security Compliance Manager (SCM) tool, which I blogged about several times already (e.g. New…


On the effectiveness of DEP and ASLR

Our Security Research and Defense team published a blog post, which is really interesting to read to understand how to protect Windows Vista and Windows 7: On the effectiveness of DEP and ASLR. There is a lot of information on how both raise the bar for attackers. These are the key take away: DEP and…


Hotmail now with full-session SSL

If you use Hotmail, you should enable full session SSL in my opinion. Additionally we use SSL for additional services like Skydrive etc. However, there are some caveats. Read the blog post on that: Hotmail security improves with full-session HTTPS encryption Roger


Open Source and Hackers

The debate is probably as old as the Open Source software development model: Which one is more secure: Open Source or shared source as we at Microsoft run it? I know that we could now enter a religious debate about that, which I do not want to as I do not really believe in the…


We Need Solid and Strong Transparent Processes for the Cloud

This morning I was reading an article called Google seeks to assure customers on cloud security practices on ComputerWeekly. I had to read this – obviously . It references a paper written by the Google Security Officer called Security Whitepaper: Google Apps Messaging and Collaboration Products. So, I read through it and to me it…


How to Align Work Live and Private Live

It is often talked about the “New World of Work” or sometimes it is about bringing virtual and physical organizations together – which is often called the Hybrid organization. The Hybrid organization has different aspects: People, Technology and Buildings. We are running different pilots in different offices like Amsterdam or Zurich to learn what we…


Hacking Incidents 2009 – Interesting Data

There is a project called the web hacking incident database (WHID), which collects data and statistics on web-application related security incidents. I was just looking into their report called The Web Hacking Incident Database 2009 which has some pretty interesting statistics in. In order to judge the results and statistics of this database, we have…


Insider Threat of Cloud Computing

Tonight I got this article forwarded to me: Afraid of outside cloud attacks? You’re missing the real threat. David Linthicum (the author) claimed that if you are looking at the hackers attacking “your” cloud from the outside, you are missing the real problem as the insider threat is still bigger. When I read the article,…