MAPP + Exploitability Index == Protected Customers, Better Security Update Prioritization

Today we officially launched our MAPP program (http://www.microsoft.com/security/msrc/mapp/partners.mspx) and at the same time we also started providing exploitability information about our vulnerabilities to the world.  These two things are pretty huge.  The idea behind the exploitability index is to help customers understand which updates they should deploy immediately vs. which ones we don’t think are…

1

DayCon II / OSU Security Day / SafeCode

Welp – just got back from speaking at a couple of events in Dayton, OH.  First up was THE Ohio State University security day . . . I delivered my ‘targeted attacks’ presentation which I’ve been doing for over 2 years now (everything’s the same – only the malware changes. :).  I got to take…

1

Shostack on "Threat Modeling"

Adam Shostack is incredibly smart – and he also happens to be responsible for managing the threat modeling aspect of the SDL these days.  Here’s got a nice 10 page paper here on threat modeling – very much worth the read if you’re into that sort of thing. http://blogs.msdn.com/sdl/archive/2008/10/08/experiences-threat-modeling-at-microsoft.aspx

0

iPhone running WM 6.1?

Okay – I’m not sure if this is real or not – but the interview itself is hilarious – the questions the woman asks at the end and the kid’s responses are hysterical: http://wmpoweruser.com/?p=1330  

0

SkyFire?!?!?!

OMG – how is it possible that I JUST today found out about this? http://www.skyfire.com What is it?  It’s a new FREE (for now) browser for WM phones . . . that doesn’t absolutely positively suck.  I just installed it on my Q9 smartphone and it rendered www.microsoft.com perfectly and it even rendered the flash…

0

I’m a PC and I fight for the users . . .

Tron Guy makes a cameo in our “I’m a PC” video wall: http://media.lifewithoutwalls.com/ugc/t/r/o/tronguy/tronguy_336_252.wmv Here’s the algorithm for finding direct links to videos based on user name: http://media.lifewithoutwalls.com/ugc/[1st letter of username]/[2nd letter of username]/[3rd letter of username]/[username]/username]_336_252.wmv (thanks for the tip Jiri) I sort of like the video wall (and no the irony of having a…

0

Extreme Ad Makeover – We are now entering "the 2nd phase"?

You know, I have one simple request.  And that is if we are to have an ad campaign with sharks, that we have sharks with frickin’ laser beams attached to their heads! http://www.nytimes.com/2008/09/18/business/media/18adco.html?pagewanted=1&_r=1&ei=5040&partner=MOREOVERFEATURES

0

Zune 3.0 – Using wifi to download songs right from the ZMP (speed test)

Today a friend asked me how fast downloading songs / albums from the ZMP was and I had to admit – I wasn’t sure.  The day the firmware came out I immediately hooked up my Zune to my wifi network at home and then connected to the marketplace and then started playing a newly released…

0

Zune 3.0 – Insanely great creamy goodness from the Zune team

So I have a Zune 80 (black) and I freaking love it.  The Zune software kicks the living crap out of anything Apple has ever released in terms of quality and functionality and ease of use.  The software just works, the Zune just works – it’s probably the best entertainment device we make that no…

1

GOVCERT.NL and German authorities recommend against installing Chrome!?

It was only a matter of time – the first few days worth of bugs were so bad I gave up covering them / reading them and one *has* to question Google’s commitment and ability to write secure code: http://www.computerworld.co.ke/articles/2008/09/09/security-agencies-rally-against-google-chrome  After reading their security architecture whitepaper – it really is pretty unbelievable how many vulns were found…

0