Save info   Get password
Home Submit your blog Edit Account Rules RSS-Archive Contact
Show All




Web Catalog F305 C905 webbutveckling Article Directory




Want to check your Up- and Download-Speed
2007-11-15 06:38:02
I just stumbled across a pretty cool website allowing you to measure your up- and download speed wherever you are. Additionally you can compare it with others: http://www.speedtest.net Roger
Read more: Download , Speed

More than 490’000 Database Server unprotected on the Web
2007-11-14 14:01:42
David Litchfield ran a scan on the Internet for the typical SQL Server and Oracle ports. It is unbelievable that he found approx. 490'000 servers on the Internet – unprotected and often un-patched. On unsupported version levels, on unsupported Service Packs. What is going on there? Are these test servers nobody cares of (they are pretty often connected to the corporate network and can easily be used as an entry point for a criminal)? Who is the company behind that? ... Looking at the comments to the article Hacker finds 492,000 unprotected Oracle, SQL database servers people just talk of the admins being stupid … I tend to disagree. Often the ITPros (and this is just my assumption) are just overstrained. They do not get enough training. They have to be the AD Admin, the SharePoint Guru, the Exchange Pro, the Network specialist, the…., the…., the…. and we expect them to be the Security Officer as well? They are held responsible for having a good uptime – unfortunately not f
Read more: Database

Be Careful Whom You Trust
2007-11-13 13:50:00
When I talk to customers I sometimes ask them, whether they do background checks on whom they hire as employees or contractors. If it comes to security, the whole theme gets pretty sensitive. Imaging that you hire an employee to deal with your security architecture and he turns out to be a criminal. Or you give a project to work on your security to an external consultant and all of a sudden he is arrested for spreading malware. Fantasies? Not really! This just happened: Security consultant hijacked 250,000 machines and Ex-Security Pro Admits Running Huge Botnet Would a background check have helped here? Probably not but we really have to think about whom we trust and how we hire people. I still cannot understand that there are companies hiring convicted hackers (even though everybody deserves a second chance – I agree). I blogged on that already once and the comments have been not in line with my view (Hackers getting Jobs in the Industry) Any views from your side? Roger
Read more: Careful

TechEd-IT Forum: The Keynote and Announcements
2007-11-12 08:20:34
I told you that I will keep you posted. We had some pretty exciting announcement at the keynote at IT Forum . For me, the whole area of virtualization is probably the biggest step forward. We announced that we name the official product/feature "Hyper-V", which will be integrated in some of the Windows Server 2008 SKUs. There are some cool things to see: We will releasing integration components to make Linux run on our virtualization platform (Hyper-V) We are supporting 64bit, large memory, and up to four cores. We are able to run Hyper-V as a core role, meaning with a thin layer of the OS just to support Hyper-V We can take snapshots of a VM and are able to roll back to any snapshot without rebooting the VM! In order to be able to manage the VMs, we are announcing the System Center Virtual Machine Manager. We can control the VMs directly, independent whether they are running on Virtual Server, Hyper-V or VMWare! Not only that, you can do more with System Center You can move VMs from o
Read more: Keynote

IT Forum is about to begin
2007-11-12 03:35:00
It is always fascinating to see an event of this size! I actually arrived in Barcelona yesterday night and yes, you might be jealous if you see the weather. But actually I will probably not have a lot of time to enjoy it - PR filled my schedule all over :-) but that is why I am here. Here are the post in Technorati on TechEd-ITForum : TechEd- ITForum And here is the actual TechEd- ITForum web site with some cool videos to start with :-) We will really kick it off at 2:00 pm with a 90 minutes keynote with some announcements. Tomorrow morning we are holding a panel for journalists with some pretty interesting security peoples all around the company like: David Burt, Microsoft Security and Access Product Management (he is moderating the panel) Vinny Gullotto, General Manager of the Microsoft Malware Protection Center Paul Mayfield, Program Manager for Network Access Protection Josh Edwards, Technical Product Manager, Microsoft Office Steve Brown, Director for Security and Acces
Read more: begin

WabiSabiLabi and their view on ethics
2007-11-08 01:27:04
I commented on that already twice and I stated that WabiSabiLabi seems to have a different view on ethics than me. For those of you who do not know WabiSabiLabi, it is an online auction for vulnerabilities. We met the founder of this platform during Blue Hat in Redmond and had some discussions on ethics, vulnerabilities and his platform. I have to admit that the way he tweaked the ethical view of the world the way he needed it was pretty interesting. Now, I see that my view on ethics is definitely the one that at least keeps me out of jail: WabiSabiLabi founder arrested in Italy At least he gets press coverage (and blog coverageJ) for his platform Roger


Mary Jo Foley: It’s payback time: If the Vista team could write ad copy …
2007-11-06 15:20:00
Well, well: You know that I never ever would bash a competitor and I will not do so now. However, I have to give you the link to the above mentioned article – not because of the article but because of the comments the article got. It seems that our efforts around Trustworthy Computing pay off. I have to quote a comment: MS has good taste, <company> has none Oh the irony of <CEO of company> accusing MS of having no taste! Those ads were the epitome of tastelessness and the fact that Microsoft won't stoop down to <company>'s level is proof that Microsoft is the company with the superior ethics. It says a lot about <company> when Microsoft is judged to be the morally superior company!! If you want to read it: http://blogs.zdnet.com/microsoft/?p=905 Roger P.S. A few years ago we wanted to have a big (and extremely successful) security event with Swiss TV and <company> and <company> told us that they will not participate because they "do not
Read more: Foley , payback , Vista

Fight against Terror and how it can be abused
2007-11-06 13:14:00
I am not completely clear how much a lot of the measures we see (like the fluid restrictions on planes, the forced violation of privacy laws by airlines by having to transmit PII to the US, ...)  really bring. On the other hand we definitely see some pretty weird things happening as any suspicion seems to lead to serious consequences. Read this article I found today: Man angry with son-in-law fingers him as terrorist to FBI Roger
Read more: against , Terror

The next step at home: Windows Home Server
2007-11-06 10:03:00
One of the big challenges we face all the time is how to control one of these growing networks at home. How shall I help my neighbors to actually manage their growing environment with different PCs (one per parent and one per kid and a mediacenter and, and, and)? I assume that you know that feeling. I do not say (yet) that all the problems are solved but at least we did one significant step with a product we call Windows Home Server - a server version (as OEM version) targeted to the above described scenarios. Definitely something to look at and something that will help us in the future to help our friends and family to manage their environment in a secure, safe and easy way. Here is the blog of the Windows Home Server team: http://blogs.technet.com/homeserver/ Here is the demo: http://www.microsoft.com/windows/products/winfamily/windowshomeserver/demo/index.html And here is the product page: http://www.microsoft.com/windows/products/winfamily/windowshomeserver/default.mspx Roger
Read more: Windows Home Server

Social Engineering - Live
2007-11-05 22:12:00
I just found a pretty interesting article on "social engineering". It is one of these articles showing an anecdote on how to use social engineering to enter a building and get access to everything: The Spy in Your Server Room Roger
Read more: Social

Pricelist for Cybercriminals
2007-11-02 11:05:00
Remember Economy of Cybercrime? I hope so! There I made the statement that Cybercrime has to pay off. On Zone-h today they summarized a research from G DATA with the title How much can cyberterrorist get? In there you see how much you have to pay for which "service". This is a pretty good income: Doing simple math - working for just 20 hours per month, on 20 orders, spammer can send over 400 millions of messages and without much effort he could earn around 7000 euro. If that wasn't enough, you can get 10 millions of e-mail addresses for just 100 euro. Same goes to paypal accounts, credit cards numbers and internet game account's. Roger


Rumors about Cyber-Terror Attack, November 11th
2007-11-01 04:50:11
This is an interesting phenomenon on the Internet: There is one source publishing the statement that they picked up an Internet announcement by Al Qaeda that they will start a cyber attack on November 11th: DEBKAfile Exclusive: Al Qaeda declares Cyber Jihad on the West. From there on the blogsphere went ballistic (the article was published October 30th). If you search for it, you will find quite a lot of articles and blog posts referring to the DEBKAfile site. Nobody actually really questions the source. I am definitely not in a position the quality and depth of this information as I do not have enough experience with DEBKAfile at all. It is just interesting to see how information spreads without really thinking twice about the trustworthiness of the source. As you know, I wrote already several times about Cyberterrorism and there is definitely a certain probability that something like that might happen and that it might even happen on November 11th. However, I think that a certain lev
Read more: Terror

Spotlight – The coolest online event platform
2007-11-01 01:31:00
You know about Silverlight, don't you? We built a new Online Event platform on it. Sorry? You did NOT hear of Silverlight yet? Come on, don't tell me you missed this announcement? It is absolutely cool and if you really missed it, there you go: Sliverlight. But now let's really talk about Spotlight . This is an absolutely cool platform we use for high-class recording of big technical event s (or even videos produced especially for spotlight). You can find the homepage of Spotlight here. Additionally there is a blog on Spotlight, giving you the latest news and the opportunity to comment. There are a few pretty cool security presentations: John Craddock and Sally Storey: Is your IT Infrastructure Secure? Steve Riley: The Fortified Datacenter in your Future: Build It Now and They Will Come Mark Russinovich: Advanced Malware Cleaning Mark Russinovich: Windows User Account Control Internals (you have to sign in) …and a lot more….. If you do not want to look into the dry securi
Read more: online

The Value of Operating System Comparisons
2007-11-16 15:05:46
Since Blaster/Slammer, namely since the start of Trustworthy Computing I am working at Microsoft in a publically facing security role. I went through all the blaming and had to take all the heat of what we did wrong and how bad we are – and I admitted there and still do today that security was not a priority for Microsoft back then (and if you quote me, please quote the whole sentenceJ). However, we changed dramatically and I am convinced that Microsoft is one of the few companies of such a size having the capability to change within the timeframe we did and the change will go on. When I did my first presentation on Trustworthy Computing, I stated publically that this is an industry initiative and not a "Microsoft only thing" – and the people laughed at me. They told me that Microsoft is THE problem and that we will never change. When I looked at the figures of e.g. vulnerabilities back then, we saw from the beginning that we were much better than everybody else but have been the b
Read more: Operating , System , Value

I was visiting Nigeria – watch out!
2007-11-23 01:14:39
You know that I rarely did trip reports in the past. I am personally convinced that you do not want to read, what I had for breakfast in Barcelona. But this trip was different. When I told the people around me that I will be travelling to Nigeria I got a lot of different reactions J. I guess that most of these reactions are based on our constant confrontation with what we call the Nigeria scam. As you probably know there is section 419 of the Nigerian criminal code that is violated by these kinds of attacks. Therefore these scams are often called 419-scams. It is unbelievable; when you go to our search engine and search for "Nigeria scam 419" you find more than 400'000 hits! There is even a site called http://www.nigerian-scam.com/ . For a country like Nigeria, this is one of the worst possible things to happen if you want to base the growth of the economy on modern technology! Is this a Nigeria-only problem? Not by far. A lot of scams originate from Western countries, a lot of other
Read more: watch

Windows Vista is protecting the environment
2007-12-01 03:24:00
When we launched Windows Vista , one of the features which was pointed out to me was power management and how it will lower the costs in the enterprise environment. Well, I put my focus on the security technologies (obviously) and ignored the power management part - and I seem to be wrong. Read the following blog post and see that you should definitely look into this: How green is your PC? Roger
Read more: Windows Vista

YOUR FEEDBACK REQUESTED
2007-11-30 13:10:00
I am in the position of the Chief Security Advisor in Europe, Middle East and Africa since February 1st. Since then I am blogging here (before that I ran together with Urs the Swiss Security Blog). The hits per post rose over the first 6-7 months but now started to slowly drop. However, looking at the ranking of all the Technet blogs, this one is slowly on the raise. Now, I think it is time to ask you: Are you "just" looking at the RSS Feed or do you actually read the posts? (I have the figures of direct browser hits, which does not yet mean that you really read it). Are the themes I am covering the ones you are interested in or would you expect something different? If yes, what? Is it worth the time you invest to read the posts? Are there not enough or too many posts? What else? I am open to any kind of feedback. Please avoid being "politically correct", you might be open and candid. You can give me the feedback directly (roger.halbheer@microsoft.com) or as comments, which I wou


Teach a Man to Fish
2007-11-26 04:37:00
I just read a pretty good article that goes definitely into the direction I am trying to work with the different communities we are in touch. Even though technology is a key part of any security solution, the user is key and explaining the user the "why" is even more important. Read yourself: Teach a Man to Fish Roger


A Retrospect on my Trip to Kenya
2007-12-07 17:41:33
I asked for feedback from you and got quite some. Some privately and some publically – thank you all who took the time to answer. One of the feedbacks I heard more than once was, that you are interested in my view on the region and the security there. So, what I will try to do is giving you some insights in trips I do to more "exotic" places (so I will most probably not cover my trips to Brussels and London next week). So, I just came back today from Nairobi, Kenya . Let me share my impressions and my program. We mainly did three things Visited a call center called KenCall Did some internal business stuff (which I will not be talking of J) Visited some NGOs helping the people in the slums. So, there are two main areas to share with you, let's start with KenCall: KenCall is a classical outsourcer for call center services. The interesting thing were the regulative hurdles they had to overcome. As an example: In order to use Voice over IP, they need a certification. However, the govern


You are hacked - by your toaster :-)
2007-12-15 04:19:44
I just read this this morning Man Uses Toaster to Hack Computer. Is this now funny or scary? Roger


"Keep Everything Clear of the Doors"
2007-12-14 01:29:34
Ed Gibson, the Chief Security Advisor in the UK just wrote an interesting article, I would like to share with you: You've seen it, read it, heard it so many times you've blocked it out … routine, mundane. . . but instinctively you take the necessary precautions.  And the idiots who think they can beat the doors for gosh sakes . . . some make it, most don't… when will they learn.  Even though, I suspect the next time you hear this spoken over the intercom in the Underground, or read the warning label on the inside of the carriage you'll take just that extra second to really make sure everything is clear of the doors.  "Why?", you ask.  "Because you've just read this!"  No different than the many times you've looked at your watch, and then someone else asks you what time it is; you can't remember, so you look again. Unremarkably, the same applies when it comes to being more safe online.  This past year you bought a brand new state of the art, 2g of RAM, 600g hard drive t
Read more: Clear , Doors , Everything

Have a look at Server and Domain Isolation
2007-12-13 14:25:07
I am often talking about different zones in the network and how you can create them. There is no a demo kit available for you to download and "play" with it: Server and Domain Isolation Demo Roger    
Page 1 of 5 « < 1 2 3 > »
Copyright 2006 - 2007. TopBlogArea.com All Rights reserved. Created by SEOMinds.com
eXTReMe Tracker