Jesper's Blog
Obligatory file photo: I am a Senior Security Strategist in the Security Technology Unit at Microsoft. My job is to explain to our customers how to run Microsoft products securely, and to the extent that it is needed, help the product groups figu
Last Post
Today was my last "normal" day at Microsoft. (That's with a grain of salt - an exceptional company...
Date: 08/31/2006
Yet another change of plan - TechEd Japan
Today the plans for what I am doing before I leave changed, again, but not as drastically as last...
Date: 08/16/2006
I Got A New Blog!
Some of Microsoft's amazing Most Valuable Professionals (MVP) made me a blog on a new site they call...
Date: 08/13/2006
Yes, it is unfortunately true
I have unfortunately been prevented from speaking at TechEd in New Zealand, Australia, and Japan;...
Date: 08/12/2006
Intel Centrino Driver Vulnerability
Last week a new security problem was announced in the Intel Centrino wireless drivers. It appears to...
Date: 08/04/2006
Free Windows Software
Blake Handler sent me a link to his blog post about free Windows software a couple of days ago. It...
Date: 08/04/2006
All good things must come to an end
This is an excerpt from a mail I sent out internally today: The sands of time seem finally to have...
Date: 07/28/2006
How LMCompatibilityLevel really works
A while ago I once again got frustrated by LMCompatibilityLevel and the amount of confusion that is...
Date: 07/26/2006
Required Attributes of Security Solutions
I've been trying to come up with a list of attributes that a security solution needs to have to be...
Date: 07/19/2006
Microsoft Purchases Winternals
In a very interesting twist Microsoft today announced the acquisition of Winternals and...
Date: 07/18/2006
How many vulnerabilities are there really?
Just in case your are of the vulnerability counting type, you may be interested in an analysis...
Date: 07/14/2006
Resources from U.S. Security Summits
Many of the attendees from the recently concluded Security Summit series in the U.S. have been...
Date: 06/29/2006
Are You A People Person?
As my family keeps reminding me, I'm not much of a people person. It could just be that I am...
Date: 06/05/2006
Structuring Infosec Organizationally
Last week I visited a customer and was greeted by two people who introduced themselves,...
Date: 06/04/2006
Free Security Support Number For Your Region
At an event in Germany today the issue came up how to access the free security support in your...
Date: 05/30/2006
What is a "zero-day"?
Once again, it seems misguided reporters have appropriated a technical term and are misusing it in...
Date: 05/27/2006
I Really Do Not Hate Hardening Guides
Unfortunately, it seems that people are getting the impression that I hate hardening guides. A few...
Date: 05/17/2006
Going Wild With Administrative Accounts
Today I got a question that reminded me that I have not written a whole lot about how to manage the...
Date: 05/12/2006
Are we too simplistic in how we think about risk?
Yesterday I had a fascinating meeting where we discussed a number of theoretical concepts, including...
Date: 05/09/2006
Why your comments no longer automatically show
Just a quick note to let you know why your comments to my blog no longer show up automatically. It...
Date: 05/04/2006
More Security Myths
About a year ago Steve Riley and I built a presentation based on a set of security myths we put into...
Date: 05/02/2006
Upcoming engagements
The schedule for Spring 2006 is in full swing. Just in case anyone is interested in meeting up with...
Date: 05/02/2006
Windows Firewall: the best new security feature in Vista?
It is interesting how some of the best security features in Windows receive either no attention, or...
Date: 05/01/2006
Why Phishing Will Remain Lucrative For The Foreseeable Future
Today I received a message that purports to be from Discover regarding a 5% cashback program on gas...
Date: 04/24/2006
Some Password Policy Settings Are Not Enforced When Disconnected
This is a post I was asked to do a while ago and have been procrastinating on. I apologize for that....
Date: 04/21/2006
"Temporary" Administrators
Several times in the past year someone has brought up an issue where they needed to "temporarily"...
Date: 04/19/2006
A Fathers Pride
Every parent knows that the main reason you have kids is for the comic relief they provide. However,...
Date: 04/17/2006
A Book on Just Passwords
Recently I was standing in a Geek bookstore in Sydney, trying to burn half an hour between meetings,...
Date: 04/17/2006
Server and Domain Isolation Tech Center
Maybe you are not quite as behind the times as I am, but I just found out that there is a new Server...
Date: 03/22/2006
Some organizations put too much emphasis on hardening guidance
I have been working on hardening guidance for almost 10 years. The first few I worked on were...
Date: 03/21/2006
New Taped Presentations Available
The Europeans have put up a couple more presentations from IT Forum 2005. There is a tape of my Is...
Date: 03/21/2006
Security is a confidence building exercise
Yesterday I was at a community event in Canberra, well, actually, it was in the middle of nowhere in...
Date: 03/09/2006
Clearing the pagefile to wipe sensitive data
The other day an old issue came up again: how do we mitigate the threat of sensitive data in page...
Date: 02/02/2006
More security theater, in the air
Recently I was on yet another flight, trying to get some e-mail done. This time, however, I was...
Date: 01/20/2006
More on Using ISA to Block WMF Attacks
Jim Harrison has created a very cool script to do much better blocking of the WMF exploit in ISA...
Date: 01/10/2006
Ready! Set! Go...patch your stuff!!!
OK, you have probably seen it, but the official update for the WMF vulnerability was just posted!...
Date: 01/05/2006
Conscientious Risk Management and WMF
This past week there have been a lot of questions about the WMF vulnerability, what Microsoft is...
Date: 01/02/2006
Blocking certain extensions in ISA server
For some reason I decided that today was a good day to figure out how to block certain file...
Date: 12/28/2005
Weird ISA error, and apparent solution
This morning when I tried to use FrontPage (don't even start) to edit one of my web sites, I was...
Date: 12/22/2005
Getting OMA to work with SBS Premium and WM 5.0
Being that I am on vacation, I just had to take a break from all the relaxing and get my new...
Date: 12/20/2005
Biometrics
Apart from the obvious issues with biometric authentication (like the fact that revoking them is...
Date: 12/14/2005
Good Enough Security
At some point about six weeks ago I once again was hit with arguments that pointed to people...
Date: 12/14/2005
Tools and other new stuff from the book now available
When we wrote Protect Your Windows Network we put some tools on the CD. The tools are now posted on...
Date: 12/06/2005
Malware and administrative rights
For about a year I have been telling a story to highlight how users running as administrators are...
Date: 11/30/2005