Microsoft’s Perspective on the Cybersecurity Framework: Next Steps for Incentives and International Harmonization

Over the past several weeks, I’ve visited several national capitals to address cybersecurity concerns with policymakers and industry leaders. One shared challenge facing governments and critical sectors worldwide is the need for a common baseline of cybersecurity risk management guidance that can be utilized by organizations at different levels of sophistication. Often, these discussions turn to the Cybersecurity Framework issued earlier this year by the U.S. National Institute for Standards … Read more »

Why businesses should care about cybersecurity this October

Around the world, governments have designated this October as “cybersecurity awareness” month, seeking to increase national resilience by raising national consciousness. This effort comes on the heels of a number of government initiatives that aim to strengthen cyber resilience of critical infrastructures, such as the U.S. Presidential Executive Order or the European Commission’s Network and Information Security Directive. But should businesses care about this nebulous and seemingly all-encompassing issue beyond … Read more »

Microsoft Global Readiness: Diverse cultures. Many languages. One world. Part 2


I recently heard about a study looking at how newborns may already be familiar with the sounds of their native language at birth, and may even cry in melodic patterns consistent with those sounds. An affiliation to language and culture would thus be present from the beginning, and become core to who we are. Similarly, research suggests that language profoundly influences how people see their world: not just how we … Read more »

Vuln Hunt: Find the Security Vulnerability Challenge # 3

vuln hunt image

Posted by Brandon Caldwell, Security Manager, Trustworthy Computing & Ali Pezeshk, Security Engineer, Trustworthy Computing This particular type of vulnerability is used to attack data-driven applications found across the web.  It has been around for over a decade and is one of the top threats today.  Do you know what it is?  Here’s another hint: it executes malicious queries in situations where user supplied inputs are not properly sanitized and validated … Read more »

You asked, we answered: #AskPtH Questions and Answers


Pass-the-Hash (PtH) refers to a technique that allows an attacker to capture account logon credentials on one compromised computer, and then use those captured credentials to authenticate to other computers across the network. Many of our customers, including administrators who want to protect their networks are particularly interested in this technique. So, we wanted to open the conversation to our @msftsecurity Twitter followers, and hear what questions you had about … Read more »

Windows 10: Continuing to Raise the Security Bar for Cybercriminals

Today, Jim Alkove made some important announcements about how we are raising the security bar for cybercriminals in Windows 10 through a blog post entitled “Windows 10: Security and identify protection for the modern world.” His post details important changes to Windows that can be summarized in three key areas: identity protection and access control, information protection and threat resistance. Here are some of the highlights. Identity protection and access … Read more »

Cybersecurity in the age of cities


Posted by Paul Nicholas & Cristin Goodwin Senior Director, Global Security & Diplomacy and Senior Attorney, Legal & Corporate Affairs Over the past decade, citizens around the world have been witness to an urban renaissance. For the first time in history, more than 50% of the world’s population lives in urban settings and it is expected that by 2050 nearly 70% of us – more than 6 billion people – … Read more »

Trust me, I’m a cloud vendor


I visited my sister and her family a while ago and somehow ended up playing a game with my seven year-old niece. I forget what it was called now, but the objective was to describe colors without being able to relate them to an object. In other words, describe the color blue without referring to the sea, or the sky. Try it. It’s tough. Though apparently not for seven year-olds. … Read more »

Trust: what’s it all about?


Today I delivered a keynote about trust in the cloud at the Cybersecurity Expo 2014 event in London. I’ve been thinking about how to tackle a topic like ‘trust’ and how it applies to cloud computing. I don’t know about you, but when someone you don’t know very well says ‘you can trust me,’ I kind of feel the opposite. I believe that actions speak louder than words. With that … Read more »

Vuln Hunt: Find the Security Vulnerability Challenge #2

vuln hunt image

Ex-Netscape engineer Jamie Zawinski has a great quote about regular expressions. He said: “Some people, when confronted with a problem, think ‘I know, I’ll use regular expressions.’ Now they have two problems.” That’s certainly true for this week’s Security Vuln Hunt. Two points are possible, plus an extra bonus point.  The question: The programmer here has written an input validation regex to test whether a given string matches the format … Read more »