CISSP® Baby!

In my Inbox today from (ISC)2: Congratulations! It gives me great pleasure to be the first to address you with the Certified Information Systems Security Professional (CISSP®) designation! Based upon your examination results, a review of your application and acceptance of your endorsement, the (ISC)2 Board of Directors awarded you with the CISSP designation. Yaaay!…

2

Threats and Countermeasures Guide updated for Windows Vista

It looks like the Threats and Countermeasures guide has been updated for Windows Vista. This guide is a reference to security settings that provide countermeasures for specific threats against current versions of the Windows® operating systems. This guide is a companion for two other publications that are available from Microsoft: Windows Server 2003 Security Guide…


Should I go there?

Below are screenshots from IE8, Safari, and Firefox 3 when visiting a phishing website that hit my email this morning. (Firefox didn’t yet have the bad URL in their blacklist, so I waited until they did to take a screenshot). Does your web browser pass the “keep my grandma safe” test? Internet Explorer 8 Firefox…


Security within Microsoft’s own IT department

In case you are curious what it is like to be in charge of Security for IT at Microsoft, you get to deal with an environment where there are: Approximately 100,000 intrusion attempts each month. Approximately 1 million infected or malicious e-mail messages received each month. Over 5,000 PCs rebuilt every day. Microsoft IT (MSIT)…

1

Microsoft Baseline Security Analyzer update released. Now with 64-bits!

I see over on Matt’s blog that MBSA 2.1 has been released, with the following new features: Windows Vista and Windows Server 2008 compatibility New revised user interface 64-bit support Improved Windows Embedded support Compatibility with Microsoft Update, Windows Server Update Services 2.0 and 3.0, the SMS Inventory Tool for Microsoft Update (ITMU), and SCCM…

2

Why can I not compress AND encrypt a folder in Windows?

Just a random bit of knowledge to share here 🙂 If you open the Advanced Attributes of a folder (right-click on it, choose properties, then click Advanced…), you have the option at the bottom of the window to either compress the contents to save disk space, or encrypt the contents to secure data. Judging by…

7

I did it! (also known as the June TechNet Magazine)

One of the best parts of working at Microsoft is the amazing discussions and debates that take place on our internal Discussion Lists.  A few months ago, the greatest security minds at Microsoft were undergoing a hot and heavy debate on Security by Obscurity.  Does it make sense to rename the Administrator account?  Change the…


Active Directory Security Best Practices

Because why wouldn’t you?    Best Practice Guide for Securing Windows Server Active Directory Installations Best Practice Guide for Securing Active Directory Installations and Day-to-Day Operations: Part 1 Best Practice Guide for Securing Active Directory Installations and Day-to-Day Operations: Part 2 Windows Server 2003 Deployment Kit: Designing and Deploying Directory and Security Services Windows Server…

2

Windows Server 2008 Security Guide Released

Not sure how I missed this, but the Windows Server 2008 Security Guide has been released! It is available online here, and for download here. As an IT professional focused on security, you know firsthand how essential your servers are to keeping your organization up and running. It’s your job to stand guard over these…

2

The First Step on the Road to More Secure Software is admitting you have a Problem

  GREAT post by Michael Howard over on the SDL blog about the hyperbole that usually crops up on <cough>/.</cough> whenever Jeff Jones posts his vulnerability analysis report. “This is FUD” “Yeah, but it’s not an apples to apples comparison” “How can you believe this guy? He works for Microsoft!” “What would Microsoft know about…

2