You asked, we answered: #AskPtH Questions and Answers

Untitled

Pass-the-Hash (PtH) refers to a technique that allows an attacker to capture account logon credentials on one compromised computer, and then use those captured credentials to authenticate to other computers across the network. Many of our customers, including administrators who want to protect their networks are particularly interested in this technique. So, we wanted to open the conversation to our @msftsecurity Twitter followers, and hear what questions you had about … Read more »

Windows 10: Continuing to Raise the Security Bar for Cybercriminals

Today, Jim Alkove made some important announcements about how we are raising the security bar for cybercriminals in Windows 10 through a blog post entitled “Windows 10: Security and identify protection for the modern world.” His post details important changes to Windows that can be summarized in three key areas: identity protection and access control, information protection and threat resistance. Here are some of the highlights. Identity protection and access … Read more »

Cybersecurity in the age of cities

Untitled-1

Posted by Paul Nicholas & Cristin Goodwin Senior Director, Global Security & Diplomacy and Senior Attorney, Legal & Corporate Affairs Over the past decade, citizens around the world have been witness to an urban renaissance. For the first time in history, more than 50% of the world’s population lives in urban settings and it is expected that by 2050 nearly 70% of us – more than 6 billion people – … Read more »

Trust me, I’m a cloud vendor

Untitled

I visited my sister and her family a while ago and somehow ended up playing a game with my seven year-old niece. I forget what it was called now, but the objective was to describe colors without being able to relate them to an object. In other words, describe the color blue without referring to the sea, or the sky. Try it. It’s tough. Though apparently not for seven year-olds. … Read more »

Trust: what’s it all about?

Print

Today I delivered a keynote about trust in the cloud at the Cybersecurity Expo 2014 event in London. I’ve been thinking about how to tackle a topic like ‘trust’ and how it applies to cloud computing. I don’t know about you, but when someone you don’t know very well says ‘you can trust me,’ I kind of feel the opposite. I believe that actions speak louder than words. With that … Read more »

Vuln Hunt: Find the Security Vulnerability Challenge #2

vuln hunt image

Ex-Netscape engineer Jamie Zawinski has a great quote about regular expressions. He said: “Some people, when confronted with a problem, think ‘I know, I’ll use regular expressions.’ Now they have two problems.” That’s certainly true for this week’s Security Vuln Hunt. Two points are possible, plus an extra bonus point.  The question: The programmer here has written an input validation regex to test whether a given string matches the format … Read more »

Vuln Hunt: Find the Security Vulnerability Challenge #1

vuln hunt image

Whether it’s a riddle, puzzle, or detective mystery novel, most of us like to solve a good brain teaser. As security and program experts, these types of conundrums keep us on our toes. During the next few weeks, I’ll share some of my favorites, and see if you can find the security vulnerability. For this first one, let’s take a look at authenticated encryption. Two points are possible for solving … Read more »

Trustworthy Cloud Series: Managing Secure Cloud Operations

2014-10-01_9-21-05

It is not uncommon to hear organizations of all sizes – small startups to large enterprises cite benefits such as scalability and cost savings as reasons to move to the cloud. The cloud can also free up resources enabling organizations to focus more on their core business. However, when it comes to choosing a cloud provider, how do you decide who to trust with your most sensitive information? For many … Read more »

Microsoft Global Readiness: Diverse cultures. Multiple languages. One world.

1

At Microsoft, we respect the cultural sensibilities of our customers, employees, and the organizations and communities we partner with worldwide. For more than three decades, we have been providing globalized and localized software for computer users around the world. And much has changed in that time. The realities of shipping software has shifted from an in-the-box experience by market and language, to a mobile-first, cloud-first world, where localization is as … Read more »

Vuln Hunt: Find the Security Vulnerability Challenge

vuln hunt image

There’s a saying that many people have heard, “If it was snake, it would have bitten you.” More often than not, that’s the case with software vulnerabilities. A security class bug can often be so subtle in a program that human reviews, static code analysis and other sophisticated tools might not find it. Yet at the same time, finding that vulnerability can be critical, especially if it is exploitable. During … Read more »