Welcome to TechNet Blogs Sign in | Join | Help

April 2006 - Posts

Accept the Geek in you - join a Geek Dinner!

Browse here to find out more about the most recent London Geek dinner. There's another one coming up on Tuesday 16th of May - it's a Girl Geek Dinner so you'll either have to be a Girl or pursuade one to take you along! Full details of the upcoming Read More
posted Sunday, April 30, 2006 8:39 AM by Steve Lamb | 0 Comments
Filed Under:

What should a User Group be? A New Information Security User Group is taking form

Many people at InfoSec expressed great interest in joining a new User Group that's focused 100% on Microsoft Information Security - it's being run by MVPs (Most Valuable Professionals). We discussed the essence of the various different successful User Read More
posted Saturday, April 29, 2006 6:30 PM by Steve Lamb | 8 Comments
Filed Under: , , , ,

Is there any way for Malware to attach itself to Word Documents OTHER THAN VIA MACROS?

There are many well known pieces of Malware that target Microsoft Word Macros - hence they are turned off by default in recent versions of the software. Following Yvonne's comment re. how to keep Malware off your systems we spoke to discuss how to clean Read More
posted Saturday, April 29, 2006 5:56 PM by Steve Lamb | 4 Comments
Filed Under: , , ,

Update re. how to deal with Phishing on OSX

Following my recent post, James has referred me to Mactopia which confirms that IE has indeed been discontinued for OSX. I'm sure this isn't exactly ground breaking news to Mac officionados. If any of you are reading this then I'd love Read More
posted Saturday, April 29, 2006 5:48 PM by Steve Lamb | 0 Comments
Filed Under: , ,

Information is NOT Power. Effective Security enables Powerful decisions

Information is NOT Power. Timely access to accurate information can give the holder the ability to make powerful decisions. Effective Information Technology can enable the required flow of information. Inappropriate Information Security Policues, Processes, Read More
posted Saturday, April 29, 2006 2:59 PM by Steve Lamb | 1 Comments
Filed Under: , , , ,

Directions to the TechNet and MSDN Roadshow in Birmingham

If you're planning to join either TechNet or MSDN @ our Technical Roadshow in Birmingham this week (Tuesday is Infrastructure day, Wednesday is Developer day) then I recommend considering the Train as your means of transport if you're travelling from Read More
posted Saturday, April 29, 2006 10:00 AM by Steve Lamb | 6 Comments
Filed Under: , , ,

Is there a way to stop Phishing on the Apple Mac's Safari Browser?

I'm not casting aspertions on Apple's Safari browser in any way. @ InfoSec I discussed Internet Explorer 7's Phishing filter (for Windows XP and Windows Vista) - several people asked me WHY Microsoft don't provide something for the Mac to help mitigate Read More
posted Thursday, April 27, 2006 7:11 PM by Steve Lamb | 3 Comments
Filed Under: , ,

How to improve the level of assurity in your Windows System integriry and data integrity - Windows Vista's Bitlocker feature

The most popular area of discussion I experience regarding Microsoft @ InfoSec related to Bitlocker (a feature of the high-end SKUs of Windows Vista) - formerly known as Full Volume Encryption and Secure Startup. There's some interesting discussion Read More
posted Thursday, April 27, 2006 7:06 PM by Steve Lamb | 2 Comments
Filed Under: , , ,

It was great to see so many of you @ InfoSec in London this week.

InfoSec (uber security show in London >10,000 attendees) this week has been great fun. Hard work by the entire Microsoft and MVP team together with all the associated agencies, crew and behind the scenes folk. Our aim of giving purely technical information Read More
posted Thursday, April 27, 2006 6:56 PM by Steve Lamb | 1 Comments
Filed Under: , , ,

Looking for increased security via Trusted Platform Module (TPM) support such as Windows Vista's Bitlocker

Andy made an interesting comment regarding his interest in Trusted Platform Module (TPM) hardware based security to compliment the software controls in his environment. I'm not familiar with the 3rd party he refers to (Wave) though can highly recommend Read More
posted Thursday, April 27, 2006 6:08 PM by Steve Lamb | 1 Comments
Filed Under: , , , ,

What's your view of multi-factor authentication?

Steve Riley's looking for your feedback on what works for you - please browse to here and give him your comments. I like smart cards and wouldn’t dream of accessing sensitive information on a machine that isn't managed by someone I trust. I don’t Read More
posted Wednesday, April 26, 2006 9:39 AM by Steve Lamb | 4 Comments
Filed Under: , ,

Internet Explorer 7 Beta 2 is now available - download IE7 here

Click here to download Internet Explorer 7 Beta 2.  IE 7 is nearing release bringing with it a wealth of security improvements including significant re-engineering and new features including the anti-phishing filter. Much will no doubt be Read More
posted Tuesday, April 25, 2006 6:12 AM by Steve Lamb | 4 Comments
Filed Under: , , , ,

Join Rafal for a free event covering Identity Management

Browse here to register for Rafal's free event - it's running in the UK (Reading) on the 17th May. Rafal's frequently the top rated security speaker at TechEd and IT Forum. The event is described as follows: "“A typical corporate user spends an average Read More
posted Monday, April 24, 2006 4:15 PM by Steve Lamb | 1 Comments
Filed Under: , , ,

Will end users turn off Windows Vista's User Account Control feature?

This is the final part of a three part response to a comment made by Matt in his comment regarding the least privilege model in Windows Vista. Part 1 was: Let's review how privilege is used in Windows NT, XP, 2000 and 2003: Part 2 was: Read More
posted Friday, April 21, 2006 10:21 AM by Steve Lamb | 3 Comments
Filed Under: , , , , ,

How will Windows Vista's User Account Control (UAC) work?

This is the second part of a three part response to a comment made by Matt in his comment regarding the least privilege model in Windows Vista. Part 1 was: Let's review how privilege is used in Windows NT, XP, 2000 and 2003: The access control Read More
posted Thursday, April 20, 2006 9:19 AM by Steve Lamb | 1 Comments
Filed Under: , , , ,

How to keep your system(s) safe from Malware including Spyware, Worms, Viruses and Rootkits

Many of us are concerned about the ever increasing threat to information security and business continuity posed by malicious software. Before delving into ways to deal with malicious software it’s important to ensure that we are all familiar with the Read More
posted Wednesday, April 19, 2006 1:55 PM by Steve Lamb | 7 Comments
Filed Under: , , ,

How is privilege used in Windows XP, NT, 2000 and 2003. What are DACLs and SACLs

This is the first part of a three part response to a comment made by Matt in his comment regarding the least privilege model in Windows Vista. Let's review how privilege is used in Windows NT, XP, 2000 and 2003: Objects including files, services Read More
posted Tuesday, April 18, 2006 8:02 AM by Steve Lamb | 3 Comments
Filed Under: , ,

InfoSec 2006 is just around the corner - if you're in the UK and interested in security it's well worth a visit

Browse here to find out more about the event. InfoSecurity (InfoSec) Europe 2006 is an exhibition and symposium held in London from the 25th to 27th April. As I've mentioned before it's a huge event - typically over 10,000 IT and security professionals Read More
posted Monday, April 17, 2006 2:07 PM by Steve Lamb | 0 Comments
Filed Under: , ,

A "Plain English" description of what we mean by RPC over HTTP(S)

Eileen's posted a nice concise description explaining "what is RPC over HTTP(S)". As we move away from requiring Virtual Private Networks (VPNs) to using Secure Socket Layer (SSL) as a transport we gain flexibility, a better user experience and a reduced Read More
posted Friday, April 14, 2006 10:45 AM by Steve Lamb | 1 Comments
Filed Under: , , ,

Who do all those acronyms mean? Where's an accurate technical dictionary of Microsoft terminology?

The Microsoft Developer Network (MSDN) provides an excellent technical reference for terminology used in Microsoft products. You don't need an MSDN subscription to access the dictionary - just browse here Read More
posted Friday, April 14, 2006 10:40 AM by Steve Lamb | 0 Comments
Filed Under:

How to mitigate the threat posed by malware and how Windows Vista will help in the long run

Many of us are concerned about the ever increasing threat to information security and business continuity posed by malicious software. The more I study malicious software the more I believe that as an industry we need to focus our efforts upon preventing Read More
posted Thursday, April 13, 2006 5:14 PM by Steve Lamb | 3 Comments
Filed Under: , , , ,

Why doesn't SMS check to see whether I've actually installed security updates before inflicting them upon me?

The SMS client is present on my computer (Windows XP SP2) to ensure that it's up to date with security updates. I think that's a good thing. I happen to also use Windows Update and therefore tend to have security updates on my machine before I arrive Read More
posted Wednesday, April 12, 2006 11:39 AM by Steve Lamb | 3 Comments
Filed Under: , ,

What is a firewall, ISA Server and caching in laymans terms - here's a simple analogy

Earlier today I was asked "what is ISA Server?" - the person who asked me was completely non-technical and therefore I held off from answering "Internet Security and Acceleration Server - it's an Application Layer Firewall with integrated Cache" Read More
posted Tuesday, April 11, 2006 4:33 PM by Steve Lamb | 2 Comments
Filed Under: , ,

How to recover from Malware infestation? How to avoid getting malware in the first place

I encourage customers to architect machines such that data is stored in a separate partition of the hard disk – this makes it far less painful should the worst case scenario of machine rebuild be required. It’s certainly true that insidious malicious Read More
posted Monday, April 10, 2006 5:24 PM by Steve Lamb | 0 Comments
Filed Under: , , , ,

Traffic information MashUp

Click here to play with the Traffic Information MashUP - and here to find out what a MashUP is! In layman's terms a MashUp is where you (as an application developer) build upon an existing application - the term comes from DJ's mixing music samples. Read More
posted Friday, April 07, 2006 3:52 PM by Steve Lamb | 0 Comments
Filed Under: , , ,

Why can't regular users shutdown Windows Server 2003?

Perhaps this is obvious for a production system - you'd hardly want end-users to be able to shutdown the server. If you're using a Windows Server 2003 system on a laptop as perhaps a demo, dev or test system then you may want regular users to be able Read More
posted Friday, April 07, 2006 3:40 PM by Steve Lamb | 0 Comments
Filed Under: , , ,

I'm NOT a Girl!

...but I have been to a Girl Geek Dinner and plan to go to more. As the name suggests they focus on the female perspective of technology. Of course I have no idea how many of you are Girl Geeks - if you are one then you can add your name to the WIKI and Read More
posted Friday, April 07, 2006 2:40 PM by Steve Lamb | 4 Comments
Filed Under: , , , ,

Security Quick Reference - here's a list of security resources for IT Pro, Dev and Consumers alike

Security Quick Reference Guidance The Security Guidance Centers provide the most prescriptive security guidance Microsoft has to offer as well as security tools, security response information, such as security bulletins and virus alerts, to assist in Read More
posted Thursday, April 06, 2006 6:47 PM by Steve Lamb | 1 Comments
Filed Under: , , , , , ,

Here are some Online Technical Security resources that will help you keep up with Microsoft Security Innovations

The Microsoft Security Newsletter is a monthly electronic newsletter that's tailored for IT Professionals and Developers to provide the latest Microsoft Security news together with tips for getting the most from our products.  The Security Webcast Read More
posted Thursday, April 06, 2006 6:02 PM by Steve Lamb | 0 Comments
Filed Under: , , , , , ,

Is Effective Information Security an ART or a Science?

Let's start with a definition to set the tone - this is one I've made up: "Effective Security is enables business to be MORE effective whilst minimising risk to an acceptable level as defined in a meaningful security policy that has teeth". Read More
posted Wednesday, April 05, 2006 5:12 PM by Steve Lamb | 3 Comments
Filed Under: , ,

Get answers to difficult questions and debate security solutions with experts at InfoSec 2006 in London

Browse to our InfoSec2006 page to read about the free education sessions and debates we'll be hosting. The main InfoSec event site is the place to go to secure (no punn intended) a free place at the event - if you turn up on the day (three Read More
posted Wednesday, April 05, 2006 4:56 PM by Steve Lamb | 0 Comments
Filed Under: , , ,

Where can I find out how to write secure code?

The Microsoft Application Security Website is a UK based resource that aims to help you write more secure code. The site includes links to the Developer Highway Code which is named after something that's only likely to make sense to those Read More
posted Tuesday, April 04, 2006 3:34 PM by Steve Lamb | 1 Comments
Filed Under: , , ,

MSDN invite you to join SPI Dynamics for a "Web Application Hacking Workshop"

Let's get this straight to start with MICROSOFT WILL NOT BE TEACHING YOU HOW TO HACK! Our partner SPI Dynamics are experts in the field of writing secure code and helping customers to measure and improve the quality of software. The event itself Read More
posted Tuesday, April 04, 2006 3:26 PM by Steve Lamb | 1 Comments
Filed Under: , , ,

It's true - Virtual Server 2005 R2 IS now available as a free download!

Click here to read devcenter.com's post announcing that Microsoft's Virtual Server 2005 R2 is now available as a free download. There's more information available on the Microsoft Virtual Server website. For more information about Virtual Server 2005 Read More
posted Tuesday, April 04, 2006 1:11 PM by Steve Lamb | 2 Comments
Filed Under: , ,

Register for the Technical Roadshow - see Windows Vista, Office & Exchange 12, Server 2003 R2 and ISA 2006

We hope you can join us for this year's Technical Roadshow - we're visiting five destinations in the UK for a series of technical sessions. Last year's event was successful due to the involvement and interaction of each of the participants. THIS Read More
posted Monday, April 03, 2006 1:12 PM by Steve Lamb | 1 Comments
Filed Under: , , ,

ISA 2006 Pulic Beta together with Technical Product details and User Interface Walkthroughs

Internet Security and Acceleration Server is an established security product that's been in production environments since the year 2000. The second major release of the product was denoted "ISA 2004". ISA 2004 majors on protecting Microsoft Server applications Read More
posted Monday, April 03, 2006 9:02 AM by Steve Lamb | 0 Comments
Filed Under: , , ,

Big Sunday: The best wind I've ever experienced in the South East of England

OK so this isn't security related... It's Monday morning and I can't help but share the most amazing day's Windsurfing I've ever enjoyed. I live near London in the South East of England - this is generally the best time of year for wind though rarely Read More
posted Monday, April 03, 2006 8:00 AM by Steve Lamb | 1 Comments
Filed Under: ,

How to securely publish multiple HTTPS websites on a single port via ISA

At last week's PKI TechNet event in Reading several people asked how to get around the challenge of allowing multiple certificates to be used (corresponding to individual HTTPS web sites) in conjunction with ISA's web server publishing feature. For those Read More
posted Saturday, April 01, 2006 9:01 AM by Steve Lamb | 5 Comments
Filed Under: , , , ,