Jesper's Blog

Obligatory file photo: I am a Senior Security Strategist in the Security Technology Unit at Microsoft. My job is to explain to our customers how to run Microsoft products securely, and to the extent that it is needed, help the product groups figu

Last Post

Today was my last "normal" day at Microsoft. (That's with a grain of salt - an exceptional company...

Author: TechNet Archive Date: 08/31/2006

Yet another change of plan - TechEd Japan

Today the plans for what I am doing before I leave changed, again, but not as drastically as last...

Author: TechNet Archive Date: 08/16/2006

I Got A New Blog!

Some of Microsoft's amazing Most Valuable Professionals (MVP) made me a blog on a new site they call...

Author: TechNet Archive Date: 08/13/2006

Yes, it is unfortunately true

I have unfortunately been prevented from speaking at TechEd in New Zealand, Australia, and Japan;...

Author: TechNet Archive Date: 08/12/2006

Intel Centrino Driver Vulnerability

Last week a new security problem was announced in the Intel Centrino wireless drivers. It appears to...

Author: TechNet Archive Date: 08/04/2006

Free Windows Software

Blake Handler sent me a link to his blog post about free Windows software a couple of days ago. It...

Author: TechNet Archive Date: 08/04/2006

All good things must come to an end

This is an excerpt from a mail I sent out internally today: The sands of time seem finally to have...

Author: TechNet Archive Date: 07/28/2006

How LMCompatibilityLevel really works

A while ago I once again got frustrated by LMCompatibilityLevel and the amount of confusion that is...

Author: TechNet Archive Date: 07/26/2006

Required Attributes of Security Solutions

I've been trying to come up with a list of attributes that a security solution needs to have to be...

Author: TechNet Archive Date: 07/19/2006

Microsoft Purchases Winternals

In a very interesting twist Microsoft today announced the acquisition of Winternals and...

Author: TechNet Archive Date: 07/18/2006

How many vulnerabilities are there really?

Just in case your are of the vulnerability counting type, you may be interested in an analysis...

Author: TechNet Archive Date: 07/14/2006

Resources from U.S. Security Summits

Many of the attendees from the recently concluded Security Summit series in the U.S. have been...

Author: TechNet Archive Date: 06/29/2006

Please don't disable security features, at least while we are testing them

I couldn't tell you how many times I have either had the question "how do I turn off User Account...

Author: TechNet Archive Date: 06/22/2006

Are You A People Person?

As my family keeps reminding me, I'm not much of a people person. It could just be that I am...

Author: TechNet Archive Date: 06/05/2006

Structuring Infosec Organizationally

Last week I visited a customer and was greeted by two people who introduced themselves,...

Author: TechNet Archive Date: 06/04/2006

Free Security Support Number For Your Region

At an event in Germany today the issue came up how to access the free security support in your...

Author: TechNet Archive Date: 05/30/2006

What is a "zero-day"?

Once again, it seems misguided reporters have appropriated a technical term and are misusing it in...

Author: TechNet Archive Date: 05/27/2006

I Really Do Not Hate Hardening Guides

Unfortunately, it seems that people are getting the impression that I hate hardening guides. A few...

Author: TechNet Archive Date: 05/17/2006

Going Wild With Administrative Accounts

Today I got a question that reminded me that I have not written a whole lot about how to manage the...

Author: TechNet Archive Date: 05/12/2006

Are we too simplistic in how we think about risk?

Yesterday I had a fascinating meeting where we discussed a number of theoretical concepts, including...

Author: TechNet Archive Date: 05/09/2006

Why your comments no longer automatically show

Just a quick note to let you know why your comments to my blog no longer show up automatically. It...

Author: TechNet Archive Date: 05/04/2006

More Security Myths

About a year ago Steve Riley and I built a presentation based on a set of security myths we put into...

Author: TechNet Archive Date: 05/02/2006

Upcoming engagements

The schedule for Spring 2006 is in full swing. Just in case anyone is interested in meeting up with...

Author: TechNet Archive Date: 05/02/2006

Windows Firewall: the best new security feature in Vista?

It is interesting how some of the best security features in Windows receive either no attention, or...

Author: TechNet Archive Date: 05/01/2006

Why Phishing Will Remain Lucrative For The Foreseeable Future

Today I received a message that purports to be from Discover regarding a 5% cashback program on gas...

Author: TechNet Archive Date: 04/24/2006

Some Password Policy Settings Are Not Enforced When Disconnected

This is a post I was asked to do a while ago and have been procrastinating on. I apologize for that....

Author: TechNet Archive Date: 04/21/2006

"Temporary" Administrators

Several times in the past year someone has brought up an issue where they needed to "temporarily"...

Author: TechNet Archive Date: 04/19/2006

A Fathers Pride

Every parent knows that the main reason you have kids is for the comic relief they provide. However,...

Author: TechNet Archive Date: 04/17/2006

A Book on Just Passwords

Recently I was standing in a Geek bookstore in Sydney, trying to burn half an hour between meetings,...

Author: TechNet Archive Date: 04/17/2006

RFID tags on Credit Cards? Is this a good idea?

Bruce Schneier has been a very vocal opponent of the move to put RFID tags, or at least ones without...

Author: TechNet Archive Date: 04/06/2006

TechEd Presentations

It appears I will be at TechEd in Boston this year after all. There are precious few sessions going...

Author: TechNet Archive Date: 04/05/2006

Server and Domain Isolation Tech Center

Maybe you are not quite as behind the times as I am, but I just found out that there is a new Server...

Author: TechNet Archive Date: 03/22/2006

Some organizations put too much emphasis on hardening guidance

I have been working on hardening guidance for almost 10 years. The first few I worked on were...

Author: TechNet Archive Date: 03/21/2006

New Taped Presentations Available

The Europeans have put up a couple more presentations from IT Forum 2005. There is a tape of my Is...

Author: TechNet Archive Date: 03/21/2006

Power Users are Admins who have not made themselves admins yet

It seems kind of odd that in 2006 I would still get these questions, but twice in the past week have...

Author: TechNet Archive Date: 03/13/2006

Security is a confidence building exercise

Yesterday I was at a community event in Canberra, well, actually, it was in the middle of nowhere in...

Author: TechNet Archive Date: 03/09/2006

Reading List

Reading List Many people have asked me to put together a list of links to things to read that may...

Author: TechNet Archive Date: 02/13/2006

Becoming a better presenter

This week I went to Dr. Edward A. Tufte's course on presenting quantitative information. Being a...

Author: TechNet Archive Date: 02/09/2006

Clearing the pagefile to wipe sensitive data

The other day an old issue came up again: how do we mitigate the threat of sensitive data in page...

Author: TechNet Archive Date: 02/02/2006

More security theater, in the air

Recently I was on yet another flight, trying to get some e-mail done. This time, however, I was...

Author: TechNet Archive Date: 01/20/2006

More on Using ISA to Block WMF Attacks

Jim Harrison has created a very cool script to do much better blocking of the WMF exploit in ISA...

Author: TechNet Archive Date: 01/10/2006

Ready! Set! Go...patch your stuff!!!

OK, you have probably seen it, but the official update for the WMF vulnerability was just posted!...

Author: TechNet Archive Date: 01/05/2006

Conscientious Risk Management and WMF

This past week there have been a lot of questions about the WMF vulnerability, what Microsoft is...

Author: TechNet Archive Date: 01/02/2006

Blocking certain extensions in ISA server

For some reason I decided that today was a good day to figure out how to block certain file...

Author: TechNet Archive Date: 12/28/2005

Weird ISA error, and apparent solution

This morning when I tried to use FrontPage (don't even start) to edit one of my web sites, I was...

Author: TechNet Archive Date: 12/22/2005

Getting OMA to work with SBS Premium and WM 5.0

Being that I am on vacation, I just had to take a break from all the relaxing and get my new...

Author: TechNet Archive Date: 12/20/2005

Biometrics

Apart from the obvious issues with biometric authentication (like the fact that revoking them is...

Author: TechNet Archive Date: 12/14/2005

Good Enough Security

At some point about six weeks ago I once again was hit with arguments that pointed to people...

Author: TechNet Archive Date: 12/14/2005

Tools and other new stuff from the book now available

When we wrote Protect Your Windows Network we put some tools on the CD. The tools are now posted on...

Author: TechNet Archive Date: 12/06/2005

Malware and administrative rights

For about a year I have been telling a story to highlight how users running as administrators are...

Author: TechNet Archive Date: 11/30/2005

Next>